General discussion

Locked

MS hack due to user error??

By Veronica ·
Microsoft admitted today that hackers have had access to their network for several weeks. The company seems to be blaming their users in two ways: Someone wasn't running the anti-virus software and someone else opened the Trojan Horse virus.
What about their security? How did they let this happen? Is it really that easy to get into their network?

This conversation is currently closed to new comments.

36 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Is microsoft unreliable?

by Sony Valdez In reply to MS hack due to user error ...

It is true that no system is hack-proof. There is always someone smarter who will try to outsmart another by beating his program. So it can be said that the war against hackers is also a war against programmers becuase programmers are the people whocreate the programs.

But what does it mean when Microsoft itself, the giant software company, is hacked? Does this show a new breed of hackers who will down microsoft's server with this new information?

No matter how I look at it, Microsoft must update their server and implement a better security.

Collapse -

Security woes

by Matthew Joyes In reply to Is microsoft unreliable?

Its all very well to blame Microsoft, and insist that good secuirty policies and procedures would stop this, but speaking from exprienace, it is impossible to have anwhere near a 100% secure network.

In a large corporations with thousands of users and systems, viruses and securty wholes will always appear.

Why? Because the user will find ways around the policies which will in turn jeopardise network integraty. Usually through laziness i.e. a user will open an attachment without being scanned; A user will download item without scanning.

Network administrators and IT staff are indeed at loss when users don't use commen sense and follow the secuirty procedures.

Collapse -

Consider this

by andy_davis In reply to Security woes

Is it unreasonable to consider using less popular applications other than say, Outlook, which rouge programmers tend to target through some of the more publicized exploits? This of course in addition to user security training or security awareness programs.

Collapse -

User Education and Managment is the Key

by jwbarr In reply to Security woes

No matter what extensive measures that you go to in the effort to protect your network, users can always be the weak link. It usually boils down to user education. There is never enough time and effort spent on education the user on good common sense procedures. There are methods you can deploy to protect your network from attacks such as this but it usually requires restricting the user in some fashion. This is not always culturally acceptable to the users in the environment you work in. Businesses have made e-mail the method of choice for the exchange of data including small executible programs. This can be restricted but in many cases some "trusted" users are exempted from these policies which can result in this type of security breach. User education and better managment is the solution.

Collapse -

Trusted User

by eseppala In reply to User Education and Managm ...

The "trusted user" will also teach the "new user" to some degree.
Often the blame is placed on a "user" when the blame is due to the Mentor.
There is a fine line between "SuperUser" and "Trusted User".

The "Trusted User" is addept at operating current sw/hw but is limited in overall knowledge.
The "SuperUser" is in a position to understand all facets of operations and
decide how much to tell who when.

Collapse -

authorization and authentication

by willcall In reply to Trusted User

Security does not have to be an endless cat and mouse game... network administrators should NOT plan on going in circles with hackers forever. We have to trap the destructive ones... and not surrender security and safety of networks.

Two areasare still achievable....
who is AUTHORIZED
and of those authorized ALL must be autheticated....

How can we better authenticate our authorized users?

Don't give up the ship.

Collapse -

E-Mail Is An Unauthenticated User

by Wayne M. In reply to authorization and authent ...

The problem, as noted below in the "Real Information Comes Out" message is yet another program run from e-mail.

The problem continues to be that e-mail and the IP protocol in general does not implicitly support security. Rather than chastisingusers and making ever more complicated anti-virus programs, the industry needs to wake up and provide a true end-to-end security mechanism. Once this mechanism is in place, the OS can protect users from malicious attacks from outside users. There is still the possibility of insider attacks, but even these can be compartmentalized.

Until an end-to-end security mechanism is put in place, e-mail based attacks will continue to occur and their affects will only become larger as networked computers become more and more firmly embedded in business.

Collapse -

by Al Macintyre In reply to Is microsoft unreliable?

Microsoft recently converted from a hack-proof system supplied by IBM to a Microsoft system because their marketing department was embarrassed by the fact that people asked "If NT is the equal of AS/400, how come Microsoft is running its business onAS/400." so MS converted from 23 AS/400 to 1200 NT servers (yes, it takes 50 NT servers to replicate the work of one IBM e-server) and they ran into all sorts of trouble, because NT is not REALLY the equal of the AS/400.

However, as you can see by another post I made here, the NT vs. AS/400 was not the real cause of the security breach.

Collapse -

I don't know about Hack Proof....

by Charley In reply to

Tha AS/400 is high-quality gear, but it certainly is *not* hack proof. NOTHING is hackproof. If a legitimate user can get into a system, so can a blackhat. In the end it is about technique and procedure.

The "Network Security War" that some media outlets like to propagandize so much is nothing new. It is, was and always will be and ongoing contest. It is not, necessarily, between good and evil (though the popular media would probably disagree). It is an ongoing struggle in which both sides may win individual battles, but neither can ever win the "war". If you lose a battle, you find out why, fix it and prepare for the next.

That's the way it is, was and always shall be.

Collapse -

by Al Macintyre In reply to I don't know about Hack P ...

Never been "reported" as being hacked, but in some of the AS/400 discussion lists the reasons why the hackers tend to choose one kind of high profile site and not another kind has more to do with some sites invite mischef while others invite industrial espionage, and some invite both.

Yes AS/400 compiled objects can be altered after compilation via System Tools & other Utilities which ordinarily are accessible only by persons with high security authorization who ordinarily cannot connect to any AS/400. However, many AS/400 software consultants use the IBM ECS line into their client networks, and some are less security conscious than others.

So while the weak link for Microsoft was an employee home PC, one weak link for AS/400 is theheavy use of the ECS line by software consultants for whom Security is not an important topic.

Back to Security Forum
36 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Related Discussions

Security Forums