Did Microsoft actually put 'get repeatedly pwned by Syrian hackers' on its 2014 todo list? Another week, and yet another successful compromise of Microsoft's servers by the so-called Syrian Electronic Army. And this time it's Redmond's revamped Office blog that got vandalized. Hacked Microsoft Office blog All your blogs are belong to us "A targeted cyberattack temporarily affected the Microsoft Office blog and …
"Redmond was forced to admit . . ."
In a nutshell, this is what's wrong with online security; these companies deny and deny until the evidence is overwhelming.
The result is that when a company like MS (or Adobe, or Sony, etc . . .) says words to the effect of "no customer data was compromised", what it really means is "no one's been able to prove customer data was compromised".
In this instance it seems that it was internal only but the take away is still the same: don't be honest unless you have to. (Apparently.)
This post has been deleted by its author
Why does this still happen with monotonous regularity to the big boys?
MS have access to some seriously clever chaps who know how to secure stuff. In this case it's just a blog so how hard can it be? Oh and email accounts - how daft are MS front line staff?
Surely MS might learn the "something you know and something you have" mantra eventually. They could always pop in "something you are" as well but that would not really be necessary for this.
Why not buy a few 100,000 RSA tokens? - they're NSA approved.
Security is still optional in this company despite one of the earliest, widely publicised screwups I can instantly recall being Cisco branded internet facing routers that were left with default passwords - hilarious results. To be fair - my memory might be failing - the actual fault might have been a flaw in IOS that was exploited. I'm still pretty sure it was stupid passwords.
I also find their "best practice" mantra that they try to ram down your throat demeaning - there is no such thing as "best practice". There is "good practice" and "bad practice" in IT security - but no best.
Twats.
Cheers
Jon
The modern computing workstation is just too horribly complex to secure. Anybody with Windows, IE and Office is going to be vulnerable to a targeted exploit from time to time. The company and its staff can hardly be held liable for this inherent complexity in integrated enterprise IT solutions.
Er... Wait a minute...
Yeah, but man, it's their integration. It's all their software.
Why is it so hard for M$ to find talented staff (HACKERS!) to find these vulns, before the BlackHat dudes? Hmm??
It just astonishes me that after all these years, and the GaBillions of dollars they earned, M$ still just can't get it right.
Pfft!
> Linux has holes as well and that has millions of "workers" lookign at it.
For free. Microsoft can't find people to fix theirs for pay.
> Code is complex get over it.
'Complex' doesn't have to mean 'a mess'. This is code we're talking about here, not psychiatry.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
