Feeds

Microsoft crippled by S'Kiddies

Company's own techies didn't do enough damage

  • alert
  • submit to reddit

SANS - Survey on application security programs

DoS'ing Script Kiddies easily disabled most of Microsoft's major Web sites Thursday, just as the company was recovering from the humiliation of being accidentally taken off line by its own (MCSE?) technicians Tuesday and Wednesday.

"During the morning of 25 January, Microsoft was the target of a denial-of-service attack against the routers that direct traffic to the company's Web sites," the company said in a statement late Thursday.

The little darlings attacked a router (or "routers" as the flacks insist) which MS had been using to manage DNS (domain name service) traffic, and in so doing rendered the company virtually invisible on the Web from early Thursday morning until the afternoon hours.

If the company had in fact been using "routers" (as opposed to "a router") as it claims, and ones properly distributed as is ought, it's unlikely that the attack could have been as effective as it was. According to the Associated Press, only two per cent of traffic was getting through during the attack.

The kiddies were no doubt inspired by the amusing DNS cock up earlier this week which also left the company's sites unavailable. In that case, MS had failed to distribute its DNS servers adequately, so that when its (MCSE?) retard(s) misconfigured the relevant "routers", it all flew to bits in a hurry, and stayed that way for quite a while.

The router(s) appear to be located on a single subnet, so even if there were more than one in use, the net effect would be to present a unified target to the world.

Idiotic behaviour which we might expect from some Mom and Pop on-line outfit, and regard with some sympathy in that case. But the company that would rule the Web needs a lesson in basic network architecture before transcending the low comedy in which it's just now cast itself. ®

Related Stories

MS blames lowly techie for Web blackout
Microsoft brings web sites back into play
Microsoft confirms Web site blackout
DNS trouble made Microsoft, Yahoo! unavailable
How you hack into Microsoft: a step by step guide

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.