General discussion

Locked

MS hack due to user error??

By Veronica ·
Microsoft admitted today that hackers have had access to their network for several weeks. The company seems to be blaming their users in two ways: Someone wasn't running the anti-virus software and someone else opened the Trojan Horse virus.
What about their security? How did they let this happen? Is it really that easy to get into their network?

This conversation is currently closed to new comments.

36 total posts (Page 3 of 4)   Prev   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Source Code

by Al Macintyre In reply to Catching the hackers...

If some stories are correct, that the hackers got access to source code that is not delivered with the products to end users, then there is the potential to dream up new hacks & viruses & security violations not yet found by beta testers.

Collapse -

classified(proprietary)info

by wcrossin In reply to not just a microsoft prob ...

Why is classified(Proprietary) information even available from outside of the company? This is just plain poor management. The quote that gets me is: ``We start seeing these new accounts being created, but that could be an anomaly of the system,''Miller said. ``After a day or two, we realized it was someone hacking into the system.'' Isn't one of the first clues to hacking, unrecognized accounts. I wonder who the fall guy will be.

Collapse -

User error?

by .carini.net In reply to look at the tree

Microsoft made any possible effort to leave their user unaware about what his software actually do when user activate an object.

You can't blame the user 'cause even a simple thing like "hide file extension" made user unaware about the nature of a file.

Security by obscurity deos not pay. The real weakness is in the I.T. staff that chooses to rely on one single vendor for an entire network.

Collapse -

Complex topic

by Al Macintyre In reply to look at the tree

Security can be a good tool making life easier for the user ... see only what you supposed to be working with, simplify what you are faced with.

Application design needs to be able to catch errors on many levels. User keys in something that is wrong ... software catches if it is invalid, but what if user is keying in a date & keys in 01/02/03 & the system is looking for MM/DD/Yy format but the user is thinking DD/MM/Yy format ... what they just entered was a valid date, but it was a wrong input. I think all date input fields need a prompt so we know when to do YY/MM/DD or whatever is called for.

Software needs to be checking for ranges ... what you entered was valid but outside the normal pattern ... are you sure.

Sometimes usernot know made error & later data processing needs to catch possibly wrong & software design needs ways to be able to correct errors after the fact.

We makd lots of corrections ... we ought to have some kind of audit trail in case of mistakes correcting mistakes.

Collapse -

Not just their products

by durocshark In reply to The user or network opera ...

This is kinda off topic, but there's an urban legend that Microsoft has been, and still, uses competing products.

They've been trying to show how powerful and scalable their server software is, yet they allegedly use an AS/400 for shipping duties.

Whether it's true or not, I'd like to see an inventory of their servers. Out of curiousity, of course.

BTW: This is a great chance for Open Source movement to use FUD (Fear, Uncertainty, Doubt) against Microsoft, instead of the other way around... heehee

Collapse -

Urban Legend (or not)???

by freddo frog In reply to Not just their products

I have been reliably informed by an ex-EDS employee that when EDS were having problems getting Exchange Server to run on NT, that after having spoken to MS Tech-Support several times, to no avail, they finally got MS to admit that MS were running Exchange on a Unix platform.

Says a lot about their products doesn't it...

Collapse -

User error or industrial espionage ?

by EdMuch In reply to MS hack due to user error ...

Yes someone might have disabled their anti-virus software, but was this done in error or intentionally to allow the Trojan horse entry ? The possibility of this hacking being done by a group of well organised professionals is very strong. Their motive was different from your common garden variety hacker seeking notoriety, thousands of programmers and software houses would love to get hold of MS source. These guys are not going to boast about their feat, aint no money in that...

Collapse -

MS responsible for employee actions

by VoodooV In reply to MS hack due to user error ...

That is pretty weak if MS is pointing the finger at their own employees. Even if the hacker themselves were MS employees. Isn't MS still responsible? Don't they run security checks?

I'm sorry, but since MS has pissed off so many people with their aggressive tactics. I don't feel any sympathy for them getting hacked. Im not for vigilantism but maybe this hacker will succeed where the courts fail.

Collapse -

Unwise to trust users w/ antivirus maint

by dlw6 In reply to MS responsible for employ ...

Concur w/ VoodooV's first paragraph.

Any quality AV product (I won't name names) can be set up such that it will automatically scan, atuo-protect, and update the system. Why would MS expect their users to be better trained and supervised than other companies?

Users will do what they are trained and led to do, and most companies don't do enough user training. Therefore it's much easier to have the IT department set up auto-everything with a good AV package and check on it once in a while. The only time I have ever had problems with this approach was when the user, in violation of published policy, tried to mess with the AV settings and left the machine unprotected.

I'm not going down to get into whether MS deserves to be hacked. Sympathy is, or should be, irrelevant under the law. I'll just cast my vote on election day.

Good fortune,
Don

Collapse -

How to deal with user problems.

by rellips In reply to MS hack due to user error ...

One of the ways to deal with lax security from users is to compartmentalize the network. It appears from the news reports that anyone with a password gould gain read/write access to the MS Source library. If that is the case, then you have to ask the question, why was the master copy of code in an internet accessable area? Why not keep a copy and use change mgmt sofware (pvcs..etc) to manage changes and sync with the master code after the changes are validated? The os may not be to blame here,a trojan could be easily be written to infect and pass info back about Linux, SunOS, etc. The problem appears to be that that not enough effort was made to protect and isolate valuable inforamtion.

Back to Security Forum
36 total posts (Page 3 of 4)   Prev   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums