Slammer: The First Blitz Worm

On January 25, 2003, the Slammer worm (also known as Sapphire) exploded on the Internet. Within ten minutes, it had taken over 90% of all unpatched computers running SQL Server or MSDE on the Internet. This article looks at several aspects of the Slammer infestation, including how it spread, the damage it caused, the crisis in vulnerability patching that it underscored, and the implications of the fact that Slammer probably was the first of a new class of worms predicted by Staniford, Paxson, and Weaver [2002]. These worms, which we will call blitz worms, can spread faster than human intervention can prevent, and radically new approaches will be needed to stop them

Are Two Heads Better than One (At Reducing Spreadsheet Errors)?

This paper describes an experiment in which subjects developed a spreadsheet model working alone, in teams of two (dyads) or in teams of four (tetrads). The goal was to determine whether synchronous development could reduce errors overall and could reduce different types of errors. Synchronous group development reduced errors compared to individual development, but only moderately. Group development was best for omission errors and Eureka logic errors. It was not good for reducing Cassandra logic errors. Mechanical errors tended to happen too quickly for team members to recognize

Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks

The Sarbanes-Oxley Act of 2002 (SOX) forced corporations to examine their spreadsheet use in financial reporting. Corporations do not like what they are seeing. Surveys conducted in response to SOX show that spreadsheets are used widely in corporate financial reporting. Spreadsheet error research, in turn, shows that nearly all large spreadsheets contain multiple errors and that errors of material size are quite common. The first round of Sarbanes-Oxley assessments confirmed concerns about spreadsheet accuracy. Another concern is spreadsheet fraud, which also exists in practice and is easy to perpetrate. Unfortunately, few organizations maintain effective controls to deal with either errors or fraud. This paper examines spreadsheet risks for Sarbanes-Oxley (and other regulations) and discusses how general and IT-specific control frameworks can be used to address the control risks created by spreadsheets