01.28.03

WEEKEND SLAMMER WORM COULD HAVE BEEN PREVENTED

Amarillo, Texas, January 28, 2003---The Slammer worm, also known as Sapphire, that brought down tens of thousands of servers this weekend could have been considerably slowed or even prevented, says Louis Jurgens at SAGE, Inc.

Jurgens, Executive Vice President of the Texas-based software security company said, "This attack was specifically directed at Microsoft's SQL Server database, but it was so virulent and spread so quickly that a denial of service attack resulted. It's really too bad these systems weren't all running SAGE software. We could have prevented this."

Similar to Code Red, but with a less destructive payload, Slammer went after vulnerabilities in Microsoft's SQL Server 2000 software and exploited a well-known problem. The attack grounded ATM machines at Bank of America, brought Internet usage in South Korea to its knees, and possibly affected some non-critical communications for airlines.

"System administrators should have been aware of this problem since last July," said Jurgens. On July 24, 2002 Microsoft posted an alert they dubbed as "critical" and offered patch downloads to fix the problem. But many administrators responsible for keeping their company's servers updated with patches haven't done so.

"The problem with conventional security approaches is that any privilege-based attack like buffer overflow results in hackers gaining control of your system," said Jurgens. "The only way to mitigate this is with constant vigilance and continual patching and updating, something that requires a lot of time and many companies can't afford the overhead to do this."

SAGE promotes web server systems with built-in security that do not require firewalls, patching or maintenance for security updating. Don Williams, Chief Operating Officer for SAGE said, "We met with members of the President's Critical Infrastructure Protection Board last summer, but so far we haven't been able to get their attention. Maybe this will help."