[ISN] Beta hack rattles Microsoft

From: InfoSec News (isnat_private)
Date: Wed Oct 16 2002 - 23:49:55 PDT

Next message: InfoSec News: "[ISN] World Cybercrime Experts See Need for Laws, Ties"

Previous message: InfoSec News: "[ISN] Security hole discovered in Symantec firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.com.com/2100-1001-962333.html?tag=fd_top_1

By Robert Lemos 
Staff Writer, CNET News.com
October 16, 2002, 2:45 PM PT

Microsoft is investigating a security breach on a server that hosts
its Windows beta community, which allows more than 20,000 Windows
users a chance to test software that is still in development.

As a result of the break-in, Microsoft advised beta testers to change
their passwords late last week. However, company spokesman Rick Miller
downplayed the significance of the incident, saying the online
trespasser didn't get access to the company's crown jewels: its source
code.

"They are not grabbing code; they are grabbing product, and it's going
to be buggy and it's going to have problems," he said. "This is
obviously not good, but it's not terrible either."

However, the system does contain yet-unreleased versions of Microsoft
Windows products. In addition, the hacker would have had access to
comments posted by beta testers, as well as the key used by beta
testers to activate their software, said Miller.

This is not the first time Microsoft's network has been breached.  
Microsoft's source code may have been accessed two years ago, when a
hacker broke into some of the company's systems several times over
three weeks. In January 2001, online vandals prevented many people
from accessing Microsoft's network by flooding routers and servers
with data.

At least one beta tester questioned the security of Microsoft's
products.

"We were right in the middle of beta testing its .Net server and
that's going to be a centerpiece of Microsoft's future," one tester
told TechTV, which first reported the incident.

Microsoft has been laboring to improve the security of its products
for several years now, but the efforts were given a higher priority in
a January e-mail from co-founder Bill Gates to the company's
employees. The products being tested on the server include some of
that work.

The software giant is treating the breach as a criminal investigation
but Miller refused to comment on whether any law enforcement agency
had been called in on the case.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] World Cybercrime Experts See Need for Laws, Ties"
Previous message: InfoSec News: "[ISN] Security hole discovered in Symantec firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 02:33:42 PDT