Microsoft admits security hole

Michael Pollak mpollak at panix.com
Tue Jan 30 06:30:57 PST 2001


INTERNATIONAL ECONOMY: Hackers disrupt Microsoft sites

Financial Times, Jan 29, 2001

By ANDREW HEAVENS

Microsoft admitted hackers had disrupted its websites for the second day running, using a security hole its in own computer networks.

The announcement will come as a severe embarrassment to the software company which has just launched a Dollars 200m (Pounds 137m) advertising campaign, touting its e-commerce systems with the slogan "always reliable never needy".

It will also serve as a warning to other corporations which, security experts warned yesterday, may have also left vital parts of their networks vulnerable to sophisticated cyber-attacks.

Microsoft first acknowledged that hackers blocked access to most of its websites on Thursday. Sites such as Microsoft's portal MSN.com and homepage microsoft.com were downed by a "denial of service" attack: intruders overwhelm a computer network with millions of messages and requests for data.

On Friday, hackers launched two more attacks, freezing websites for two 15-minute periods. Microsoft engineers were monitoring the network over the weekend for further incidents.

This time last year, hackers launched denial attacks, against eBay, the online auctioneer and other leading sites, targeting their servers - machines that store websites and connnect them with the with the internet.

But the hackers that hit Microsoft targeted its routers - machines on the edge of an entire network funneling in internet traffic.

Ted Julian, of web security company Arbor Networks, said routers were much harder for hackers to track down. But the potential for using them to cause serious damage was much greater. "It's not just one web site you're taking down. It's everything in a network behind the router."

Pat Cain, of Genuity the internet service provider, said there were growing signs hackers were tiring of breaking into single sites. "We always see people poking at our infrastructure, testing it. Everyone is worrying people will get bored just defacing web pages."

Copyright The Financial Times Limited 2000.



More information about the lbo-talk mailing list