Feeds

Korean Net users blame MS for Slammer carnage

Is Redmond culpable?

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Korean Net users are threatening Microsoft with legal action over the damage inflicted on the country's broadband infrastructure by the Slammer worm.

Korea Times reports that the splendidly named People's Solidarity for Participatory Democracy (PSPD) group is considering filing a class action suit against the software giant. The civic rights group contends that Microsoft failed to do enough to help its customers fix a flaw in SQL Server, which was exploited by the prolific worm.

Microsoft issued a patch for the SQL Server vulnerability last July but it wasn't widely applied, even by the software giant itself whose network fell over because of the Slammer worm over the weekend of January 25 and 26.

Meanwhile in Korea, "almost all KT [Korea Telecom] customers lost their connections during the attack", according to wire reports. Other ISPs, most notably Hanaro Telecom Inc., were also hit hard by the worm.

Slammer effectively paralysed the country's Net infrastructure, and the PSPD has signed up 3,000 users to take part in its putative legal action against Microsoft.

It is far from clear that Microsoft can be held liable under "product liability law" for the flaws in its products when it has already released a patch. And is it fair to lay the blame for Slammer solely at Microsoft's door?

Microsoft's patch was hard to apply (and judging from Redmond's own experiences) not necessarily a complete fix for the problem for people running large networks. That doesn't get away from the responsibility of service providers, in Korean and elsewhere, to protect their customers against the risk of attack.

Disgruntled users would do well to quiz their ISPs on why they didn't have traffic management and filtering technology in place to deal with the attack.

The blame for the Net-paralysing effects of Slammer falls on the head of whoever created Slammer in the first place, of course.

But since these vandals remain unidentified, users are looking for someone identifiable to sue.

Microsoft (like other software vendors) has a responsibility to make its software secure, but let's not forget the criminal blame for the Slammer epidemic lies elsewhere. ®

Related Stories

ATMs, ISPs hit by Slammer worm spread
MS struggles to contain the Slammer worm
SQL worm slams the Net
'Secure by design', claims MS op-ed ad
Out of the Slammer

External Links

SQL Slammer worm advisory by security tools firm ISS

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.