Feeds

MS blocks staff dial-in access after ‘minor’ hack

If you're safe now, why cut off 39,000 employees for the weekend?

  • alert
  • submit to reddit

Business security measures using SSL

According to Microsoft it knew about the hacker's intrusion almost immediately, it tracked the hacker's movements through its network, and it shut down all of the accounts used by the hacker last week. So how come it blocked access to its corporate network for all of its employees, globally, over the weekend?

Since Friday the company has been mounting a determined effort to convince the world that its systems, its software and its source code are secure, and if you take the story according to Microsoft at face value, the threat from the hacker was minor, was finite, and has now passed. A "Microsoft official" quoted in today's Wall Street Journal even went as far as suggesting that the company has detailed information that will help pinch the perpetrator.

So if it's all over bar the arresting, the only reasons for shutting down access must surely be that Microsoft has belatedly concluded that there are - as we suggested yesterday - serious problems with the way it runs its network security. In this context Microsoft's explanation of why it originally said the hacker could have been loose for six weeks, rather than the 12 days it now claims, is significant.

The six week period takes us back to when the corporate email system was taken down because of a virus outbreak, and Microsoft's security team initially feared - so it said - that the two might have been connected. But the real connection is their awareness of the fact that the methods of propagation for both were the same. If Microsoft staff and Microsoft systems are vulnerable to viral email attachments, then they must also be vulnerable to QAZ Trojans intended to break into the network. And besides, under current circumstances there's a high probability of copycat attacks.

Microsoft is clearly beginning a long, hard look at its network security, and Register sources suggest this is not before time. Said one: "MS source control is not very locked down. Pretty much every MS employee can commit to the tree. Which means if you're hacked in and you know this, you can commit your own backdoor code into Windows that might stand a chance of going gold."

This doesn't sound entirely plausible, although the large teams Microsoft has working on code would tend to make it more difficult to police security, and possible easier for rogue code to get through. A tale from Microsoft Germany, however, sounds all too convincing:

"Where I work, I have a colleague who has worked at MS Germany. He once mentioned that he had set up himself a dial-up server with callback in one of the labs there. This server remained active more than a year after he left. To quote: 'Need a new Office - no problem just keep leeching a weekend or so - it's callback, so it's for free.' Of course it was against security-policy (' ...and of course I had turned-off all logging').

"The server was only removed presumably during a full restructuring of the lab, where it was probably found to be superfluous and shut down..."

All companies are of course like this, but as Microsoft is probably the biggest, fattest, most tempting target for hackers, it really can't afford to be like this for much longer. ®

Related Stories:
MS hacked! Russian mafia swipes WinME source?
Redmond strives to cram Great MS Hack back in box

Choosing a cloud hosting partner with confidence

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.