[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Microsoft was hacked again
- To: jaketiay@xxxxxxxxx, Abhie Vaidya <abhie@xxxxxxxxx>, Abhijit kolhatkar <abhishilpa@xxxxxxxxx>, Alok Jaiswal <alokjaiswal@xxxxxxxxx>, Amindra Kumar <amindrak@xxxxxxxxx>, Amit Garg <goal11_in@xxxxxxxxx>, Amitabh Nagpal <anagpal@xxxxxxxxxx>, Andras Boross <andras@xxxxxxxxxxxxxx>, "Andrei S.Bobrov" <abobrov@xxxxxxxxxxxxxxx>, Anisha Mahajan <amahajan@xxxxxxxxxx>, Anoop Rohera <arohera@xxxxxxx>, Arlynne Abat <ivonhyl@xxxxxxxxx>, Art Bigornia <artb@xxxxxxxxxxxxxx>, Asif Syed <asif_syed@xxxxxxxxx>, Avishek Bose <avishekbose@xxxxxxxxx>, Bharat Sajwan <bharat_sajwan@xxxxxxxxx>, Chirag Gupta <chiraggupta@xxxxxxxxxxx>, Dolly <rajshree_m@xxxxxxxxx>, Geeta Sarcar <geetasarcar@xxxxxxxxxxx>, Hang Lin <hang_lin@xxxxxxxxx>, Hazel Delacruz <hdelacru@xxxxxxxxxxxxxx>, Hema Shukla <hshukla@xxxxxx>, Iconar Irina Magdalena <ii27907@xxxxxxxxxxxxxx>, Indrani <indrani_rc@xxxxxxxxx>, IrinaMagdalena Iconar <irina40679@xxxxxxxxx>, Jagjit Sethi <jagjitsethi@xxxxxxxxxxx>, Jayant Sagar <jayantsag@xxxxxxxxxxx>, Jennifer Teis <jteis@xxxxxxxxxxxxxx>, Jenny Yin <yyin@xxxxxxxxxxxxxx>, Kandadai Partha Sarathy <sara_nel@xxxxxxxxxxx>, Kousik Bose <kousikbose@xxxxxxx>, Linux <linux-delhi@xxxxxxxxxxxxxxxxxxxxx>, Lokesh Bajaj <lokeshbajaj@xxxxxxxxx>, Masood Ahmed Khan <masoodahmedkhan@xxxxxxxxxxx>, Melaine <mellyjc@xxxxxxxxx>, Narinder Anand <nmanand_99@xxxxxxxxx>, Natalya <natalyap@xxxxxxxxxxx>, Navneet Chawla <navneet22@xxxxxxx>, Nilanjana Sen <kuheli_78@xxxxxxxxx>, Pandu Ranganath <prangana@xxxxxxxxxxxxxx>, Payal Srivastava <payal_srivastava@xxxxxxxxxxx>, Pinki Majumder <pinkimajumder@xxxxxxxxx>, Poonam Singh <poonam_singh@xxxxxxxxxxxx>, Praveen Sharma <praveens@xxxxxxxxx>, Prithivish Shivdasani <prithivish75@xxxxxxxxx>, Puneet Mahato <puneet123@xxxxxxxxxxx>, Rachna Shah <shah_rachna@xxxxxxxxxxx>, Rajesh D <d_rajesh@xxxxxxxxxxx>, Robert Wang <rwang@xxxxxxxxxxxxxx>, Romit Mukherji <romit3@xxxxxxxxxxx>, Sandip Bhattacharya <sandipb@xxxxxxxxxxx>, Sant Singh <santsingh@xxxxxxxxxxx>, Sarah Cumings <sarah.cumings@xxxxxxxxxxxxxx>, Shammi Metha <shammi4469@xxxxxxxxxxx>, Shilpa Taneja <tanejashilpa@xxxxxxxxx>, Simran Bajaj <simran_bajaj@xxxxxxxxx>, Smita Ghosh <smitaghosh@xxxxxxxxxxx>, Sribha Jain <sribha_j@xxxxxxxxxxx>, Srinivas Vanapalli <vbsrini@xxxxxxxxxxx>, Stephanie <sweetdrippingjuice@xxxxxxxxx>, Subhra Roy <subhra_roy@xxxxxxxxx>, Sunil Singh <sunil_kumar_singh@xxxxxxxxx>, Sunita Nagpal <snagpal@xxxxxxxxxx>, Supratim Ray <supratimray@xxxxxxxxx>, Surjit Singh <ssingh@xxxxxxxxxx>, Tanuj Srivastava <srivastavatanuj@xxxxxxx>, Tracey <tracey_twace@xxxxxxxxxxx>, Tya Stevens <tya1616@xxxxxxxxx>, Uday Eluri <uday_eluri@xxxxxxxxxxx>, Uday Gupta <udayatv@xxxxxxxxx>, Ujjala Chattopadhyay <ujjala71@xxxxxxxxx>, Varinder Bhambra <varinder1@xxxxxxxxxxx>, Vasu Saxena <vasu_saxena@xxxxxxxxxx>
- Subject: Microsoft was hacked again
- From: dibyendu saha <dibyendusaha@xxxxxxxxx>
- Date: Sun, 29 Oct 2000 17:00:03 -0800 (PST)
Saturday October 28 07:00 PM EDT
Microsoft confirms hackers saw code for upcoming software
By Joe Wilcox, CNET News.com
Microsoft acknowledged Friday that hackers had accessed source code to programs
in development, but company representatives said the intruders did not see code
for existing products.
More Tech News
Download Free Software
Find Product Reviews
The admission quells fears hackers might have stolen the source code, or
blueprint, for some of Microsoft's most valuable programs, including Office,
Windows Me and Windows 2000.
As a criminal investigation under the direction of the FBI progressed, the
nature of the attack appeared to be more sophisticated than first suspected,
adding fuel to speculations of industrial espionage.
"There's no evidence that the unauthorized intruder gained access to source
code for our major products," said Microsoft spokesman Ricardo Adame. "It
appears the hacker was able to view some source code under development."
Adame emphasized that while the hackers were able to view the source code,
"there were no modifications or corruptions" and "no source code was
downloaded."
Investigators believe a Microsoft employee received email containing a common
hacker program known as a Trojan horse, which he or she unknowingly launched.
The program then attempted to spread to other computers on Microsoft's network
and pilfered passwords that were later sent to a Russian email address, said
sources familiar with the investigation.
While Microsoft and many other companies encrypt passwords so they cannot be
easily stolen, careless employees can make the process easy for hackers, said
Gartner security analyst John Pescatore.
"A lot of people have emails that say, 'Hey, I'm on vacation. If you need to
get to such and such, here's the password,'" he said.
The hacker could have launched a program that searched for and retrieved emails
containing the word password.
Sources familiar with the investigation said that once the hacker had obtained
one or more passwords, he or she connected to Microsoft's home campus in
Redmond, Wash., posing as an employee working off-site.
Once inside and behind Microsoft's security firewall, the hacker had limited
access to some other computers on Microsoft's network.
"Since you're running on someone else's computer, it's assumed you are a
trusted user," explained Richard Smith, chief technology officer for The
Privacy Foundation. "So the hacker could have been probing around the network
leisurely for a few weeks. Then they started to probe around where the source
code is kept."
In fact, the criminal investigation has determined the hack started around the
end of September, Adame said, and went undetected until early this week.
"There was some unusual behavior in the security protocols we use in terms of
the network," he said. "That's when the security team started the whole
(investigation) process."
How far the hacker got is still uncertain, but sources close to the company
said much of the intrusion was confined to a single computer.
Whether, given more time, the hacker could have pilfered the development code
he or she saw or gained access to more valuable code is uncertain, Pescatore
said.
"They key message here is, do you know where your crown jewels are stored?" he
said. "Do you have extra levels of security for your corporate crown jewels?"
Pescatore compared someone getting the source code of Windows 2000 to stealing
the formula to Pepsi.
Security experts were surprisingly supportive of Microsoft, despite the amount
of time the hacker may have had access to the company's network.
"If you look at what Microsoft said about the entire incident, it shows they
have got auditing and logging on, which, by the way, is something many big
corporations don't do very well," said Robert Graham, chief technology officer
with security software maker Network Ice.
"This would point to the efficiency of Microsoft's security stance," he said.
=====
Dibyendu Saha
__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf! It's FREE.
http://im.yahoo.com/