[ISN] Microsoft: We're not vulnerable to DDoS attacks

From: InfoSec News <alerts_at_private>
Date: Thu, 7 Jul 2011 00:21:29 -0700 (MST)

By Ms. Smith
Privacy and Security Fanatic
Network World

Uh-oh. There's nothing quite like throwing down the gauntlet and 
virtually taunting hackers to prove a proud boast is false. In what some 
attackers might consider a dare, John Howie, Microsoft's senior director 
in the Online Services Security & Compliance (OSSC) team, basically 
claimed that Microsoft sites are unhackable and can't be DDoSed.

According to Microsoft, "rookie mistakes" by Sony and security firm RSA 
caused the corporations to be brought down by hackers. Howie told 
Computing News that Sony was coded badly and failed to patch its 
servers. "These are rookie mistakes," Howie said.  In regards to the 
breach at RSA, Howie stated, "RSA got hacked because someone got 
socially engineered and opened a dodgy email attachment. A rookie 

Howie added, "At Microsoft we have robust mechanisms to ensure we don't 
have unpatched servers. We have training for staff so they know how to 
be secure and be wise to social engineering. We have massively overbuilt 
our internet capacity, this protects us against DoS attacks. We won't 
notice until the data column gets to 2GB/s, and even then we won't sweat 
until it reaches 5GB/s. Even then we have edge protection to shun 
addresses that we suspect of being malicious."

In other Microsoft security news, after analyzing 600 million computers 
worldwide, Microsoft released Volume 10 of its Security Intelligence 
Report (SIR). It focuses on malware, software vulnerability disclosures, 
vulnerability exploits, and related trends. The majority of all 
vulnerabilities in 2010 were vulnerabilities in applications versus 
operating systems or web browsers. Exploiting Java vulnerabilities 
topped the list of exploitation categories over generic HTML/scripting 
exploits, operating system exploits, and document exploits. Adobe 
Acrobat and Reader accounted for the highest number of document format 
exploits. Windows 7 and Windows Server 2008 R2 had the lowest operating 
system infection rate for both client and server platforms. 64-bit 
versions of Windows 7 which "appeal to a more technically savvy audience 
than their 32-bit counterparts" have the lowest infection rates.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
Received on Thu Jul 07 2011 - 00:21:29 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 07 2011 - 00:24:15 PDT