Slammer Attack Fallout  Internet Service Providers in South Korea and South Asia suffered significant network slowdown.  Thousands of Bank of America ATMs denied access to customers.  American Express web site was unable to handle customer requests regarding their accounts.  Several Continental Airlines flights were canceled or delayed.  Microsoft's internal networks inundated with useless traffic making Windows XP activation services unavailable.  Communications within a 911 emergency center outside Seattle, WA were disrupted for hours.  Major European telecommunications operators reported intermittent unavailability of some services. Svetlozar Online: SQL Slammer outbreak leaves dramatic aftermath Finding & Fixing Slammer Vulnerabilities Update on the "Slammer" Virus Attack Microsoft Security Bulletin MS02-039

The Internet -- the most powerful and farthest-reaching medium that has ever existed; undergone incessant development for decades; millions of people and billions of dollars invested in technologies and infrastructure; the largest source of information on any conceivable topic; terabytes of stored and gigabits of transmitted data.

But consider this -- January 25, 2003; 376 bytes of code. The most powerful and farthest-reaching medium is humiliatingly crawling, owing to a growing anarchy, lawlessness, and self-induced languor towards security.

The weekend of the now famous Slammer attack served as an astonishingly perfect lesson for everyone seriously involved, or at least concerned with computer and network security. While the Internet once again proved its relevance, the assertion that when you are in cyberspace, you can rely on your own resources and no one else's, was boosted with an invaluable argument.

The Slammer worm put emphasis on two key points.

First of all, it demonstrated Internet's mighty potential. Noted analysts and network security companies now claim it took 10 minutes for the outbreak to reach 90 percent of all vulnerable servers on the Internet. The intensive scanning for open doors returned targets from across the globe, resulting in an enormous traffic congestion that clogged key Internet backbones. Meanwhile, corporations were frantically attempting to resume normal operations amid inundated web servers and internal networks.

The 376 bytes of Slammer evinced that the wide-reaching cyberspace provided the means to deal a blow to Internet-dependent businesses. But of course, due to the lack appropriate Internet governance and the virtually infinite possibilities to reach a perfect level of anonymity, in most cases where relatively smart individuals are involved, it is impossible to punish the culprits. The attack also reiterated one of Internet's fundamental principles -- the network's decentralized, yet open-access architecture leaves the task of security to the final point. Internet's streets are chaotic, unpoliced, and everybody is expected to have an arsenal lined up to protect their home.

Naturally, this brings us to the second critical issue. An estimated 200,000 servers, running vulnerable versions of Microsoft's software were infected by the worm. The six-month-old vulnerability dubbed "critical" was glaringly overlooked by hundreds of major companies worldwide. Ironically, we are not talking about "Johnnie's coffee house fan club web site," but about conglomerates like Bank of America and the biggest software maker, Microsoft, which in fact, ignored its own advice.

The timing of Slammer's attack was perfect. In 2001, corporations were on the heels after several major viruses cost businesses billions of dollars. But in today's increasingly uncertain world, IT departments began neglecting security alerts over more predominant issues. The SQL worm finally manifested the large-scale languor of network administrators towards software vulnerabilities. Most software makers provide free, small, and easy-to-implement patches, which in most cases require limited effort and knowledge on the part of the system administrator. Using up-to-date software demonstrates a concern for customer security and service availability. Therefore, it is in the responsibilities of companies to maintain the highest possible level of protection.

Yet, news coverage of the Slammer attack was full with ridiculous ideas that went anywhere, but to administrator negligence. In an article, Dan Farber from ZDNet even proposed that Microsoft pay customers for the effort to install the free security updates issued by the company. Mr. Farber attempted to draw a comparison with cars having manufacture defects. It is more than conspicuous that serious software makers are providing all necessary tools to make patching as smoothly as driving your car to the repair shop. And I guess car makers won't pay you the fuel burned to get from your home to their local service.

So, leave off the rhetoric, and point the finger to yourselves, big businesses. Indolence is your problem, your responsibility, and next time your credibility may be put at stake.