The Death of Irony


Um, if you were trying to hit my site today, it was down for most of the day as part of the collateral damage from the giant worm attack that shutdown large parts of the Internet today.

For the non-gearheads among us, what happened (the short version) was that a small program (the "worm") that was programmed to spread between copies of a Microsoft database program called "SQL Server" quickly got out of hand and crashed large parts of the internet. The worm spread by exploiting a security hole in SQL Server, a hole that Microsoft had patched several months ago. However, it would appear that many (about twenty-two thousand) database administrators hadn't kept their servers up-to-date with all the latest security patches, thus allowing the worm to spread unchecked.

technology.gifIn other, entirely unrelated news, Bill Gates is pledging to improve security in future versions of Microsoft's software. CNN, bless their hearts, ran both stories together on the front page of their site (as you can see).

Which does sound (at least to an inveterate Microsoftphobe) a bit like an admission that their current security blows chunks is a stinking, rotting pile of dubious architecture and crappy code less than optimal.

Update: For the true gearheads among us, here's a in-depth look at the worm (thanks, Nick).


Heh. Heh. Heh.

Microsoft's security is about as sound as my sex life. And that's really all that needs to be said.

Oh golly! I am sorry.

The Los Angeles Times reported that the Internet wasn't the only system affected by the worm: evidently, many Bank of America ATMs were shut down as well - and the "experts" don't know why!

For years I've said to friends that I think we're in for a future of catasrophic, system-wide crashes because our "systems" are made up of too many nested pieces of software; billions of lines of code that no one can possibly know how to examine or fix when a really big problem comes along. It seems we're headed that way, no thanks to Microsoft.

Actually, while it makes a nice melodramatic theory, the 'experts' have a pretty good idea why the BofA ATMs went down.

Thing is that this worm not only took on Microsoft SQL servers, but it generated so much traffic that two things happened:

1) Affected networks were effectively subject to absolutely massive DDOS (distributed denial of service) attacks, making them unusable, and

2) the traffic 'exploited' two bugs in Cisco routing software that caused their routers to go up shit creek. Which doesn't sound so bad until you remember that 80% of the routers on the market are made by Cisco.

So what probably happened is that some critical BofA ATM traffic was carried by a network that got hit very hard by this worm. No real great mystery here (though I will admit that I'm simplifying things a bit).

Leave a comment