My apologies for the initial misinterpretation. The random password() function is only invoked when assigning a temporary password to the Guest account, as well as for setting one on the previously null sa. There is no attempt to hammer out passwords for entry. The incidents.org diary entries have been amended, and a more in-depth analysis submitted. Again, My apologies for the premature announcement, although good passwords are always a fine idea. On Tue, 21 May 2002 11:46:49 -0500 "Blake Frantz" <blakeat_private> wrote: > >-----Original Message----- > >From: David LaPorte [mailto:david_laporteat_private] > >Sent: Tuesday, May 21, 2002 10:23 AM > >To: Pavel Lozhkin; incidentsat_private > >Subject: RE: Strange scan on 1433 > > > >They're looking for MS-SQL servers with blank/default sa passwords that > are missing the MS02-020 > > > > > > It's not limited to *blank* sa passwords: > > From: http://www.incidents.org/diary/diary.php?id=156 > > <snip> > IMPORTANT ADDITION (thanks to George Bakos, ISTS for pointing this out): > The worm includes code to brute force the SA password. Using a password > larger than 8 characters, or a password containing non alphanumeric > characters (punktuation) will defend against this brute forcing. > </snip> > > Additionally, roelofat_private / haroonat_private from sensepost > wrote a .pl for finding blank sa passwords. Some may find it useful. > http://www.sensepost.com/misc/SQLinsertion.htm > > -Blake > > > ----------------------------------------------------------------------- > ----- This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- George Bakos Institute for Security Technology Studies Dartmouth College gbakosat_private voice 603-646-0665 fax 603-646-0666 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 21 2002 - 13:59:27 PDT