'Slammer' Worm Cools Down a Bit. A voracious worm that spread over the weekend appears to be under control. Meanwhile, conspiracy fans are having a field day trying to guess who released it and why. By Michelle Delio. [Wired News]

Slammer targets Microsoft's SQL Server 2000 as well as applications created with the Microsoft SQL Server 2000 Desktop Engine (MSDE 2000). Any application using this codebase is open to the exploit unless it is patched.

Microsoft gives MSDE 2002 away for free, so developers can build it into their applications, said network security consultant Mike Sweeney.

"Programmers rarely understand the ramifications of using something like the MSDE 2000 package in the network from a support/security perspective," said Sweeney. "They use it because it's free and it saves them the drudgery of coding it themselves."

"But if the IT department is not aware of MSDE 2000 code in applications, they won't know to patch the desktops which leaves them vulnerable to a possible attack," added Sweeney.

8:13:17 PM    

Microsoft fails Slammer's security test. Internal memos show that the software giant hadn't patched its own network against the Slammer worm, causing many of its services to fail. [CNET News.com]

"Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."

Tristemente cierto ...

8:09:54 PM    

Using NAnt to Build .NET Projects. With Visual Studio .NET, you can easily build and compile .NET projects that contain any number of sub-projects —- collections of interdependent web pages, executables, DLL assemblies, and so forth — with a single menu command. But relying on a single programmer hitting the "compile" button doesn't always work for large and complicated projects. This article by Jeffrey P. McManus shows you how to use NAnt to build complicated projects. [O'Reilly Network Articles]
8:06:50 PM