On Sat, Jan 25, 2003 at 01:53:10PM -1000, Jason Coombs wrote: > Colm MacCarthaigh wrote: > > If the worm had a malicious (in your terms) payload, it would have > > caused networks just as many problems (so no gain there), and more harm > > to MS-SQL users. Using your logic, surely this much more damaging > > experience would have cause MS-SQL admins to be more responsible in > > keeping up to date ? Or rather, more fearful of future exploits. > > Precisely my point. Sapphire was not designed to inspire fear. If this had > been a terrorist act it would have done so, and it could have done so. Consider that in order to exploit a target, it is counter-productive to inspire fear within this target. I do agree that this exploit was likely neither a Terrorist act nor primarily designed to inpire fear. Far more likely it was designed to make headlines, and a name for someone. > anything actually *damaged* by Sapphire (in a physical/non-trivial sense of > the word) was too vulnerable for use in the first place. Unfortunatley the "anything" is the Internet, and "vulnerability" is the CPU-bound nature of routers and the finite capacity of network links. -- colmmacc at redbrick.dcu.ie
