From: mike 


http://www.computerworld.com/action/article.do?command=viewArticleBasic&article
Id=9019560

===
The computer database infrastructure of Sarasota County, Fla., was attacked
by a notorious Internet worm on the first day of early voting during the
2006 election, which featured the now-contested U.S. House race between
Democrat Christine Jennings and Republican Vern Buchanan in Florida's 13th
Congressional district.

In the early afternoon hours on Monday, Oct. 23, 2006, an Internet worm
slammed into the county's database system, breaching its firewall and
overwriting the system's administrative password. The havoc brought the
county's network -- and the electronic voting system which relies on it
-- to its knees as Internet access was all but lost at voting locations
for two hours that afternoon. Voters in one of the nation's most hotly
contested Congressional elections were unable to cast ballots during the
outage, since officials were unable to verify registration data.

Remember Slammer?

An incident report filed by the county explains the intrusion and temporary
havoc wrought by the virus.

According to a two-page report examining an October 2006 outage, a server
on Sarasota County's database system was attacked by "a variant of the
SQL Slammer worm." Once infected, as the report details, the server
"sent traffic to other database servers on the Internet, and the
traffic generated by the infected server rendered the firewall
unavailable."

In a separate document, titled "Conduct of Election Report, Sarasota
County General Election, November 7, 2006" there are two different
Internet service outages mentioned, though the viral attack described in
the Sarasota County database security team's report -- the attack that was
presumably the source of one of those outages -- is not described or even
mentioned specifically in that report. It's still unclear what the second
incident referred to in that report may be.

The SQL Slammer Worm, commonly known as Slammer, was discovered in 2002. In
January of 2003, when it was first triggered, the virus brought Internet
systems down across the world in a matter of minutes. Though most systems
vulnerable to the attack have since been patched by a fix provided by
Microsoft prior to the initial 2003 attack, the Sarasota County machine
that was attacked and subsequently spread an infection that overtook the
network infrastructure "was completely unpatched. Essentially it was
missing five years’ worth of security updates," according to the
October 24, 2006, incident report.
===

While the above concerns me, the level of concern pales in relation to the
concern I have when I hear about Windows being used on naval ships that
HAVE GUNS.


 /m

--- BBBS/NT v4.01 Flag-5