Forgot your password?
typodupeerror
Microsoft Security IT

Microsoft Admits To Being Hacked Too 92

Posted by samzenpus
from the join-the-crowd dept.
colinneagle writes "Once upon a time, Microsoft claimed that falling prey to social engineering tactics and then being hacked was a 'rookie mistake.' But now is the time for companies to jump on the bandwagon, to admit they were targeted by cyberattacks and successfully infiltrated. The stage is so crowded with 'giants' at this point, that there are fewer 'bad press' repercussions than if only one major company had admitted to being breached. Microsoft now admitted, hey we were hacked too. 'As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,' wrote Matt Thomlinson, General Manager of Microsoft's Trustworthy Computing Security. Unlike the New York Times and the Wall Street Journal there was no mention of Chinese hackers."
This discussion has been archived. No new comments can be posted.

Microsoft Admits To Being Hacked Too

Comments Filter:
  • by Chris Mattern (191822) on Monday February 25, 2013 @04:14PM (#43007137)

    ...an hour later and you're losing data again!

  • Let's be honest (Score:1, Flamebait)

    by ryanw (131814)

    Microsoft wants to join in because OSX is in the spotlight. Other companies have already admitted infiltration with the hack, so this gives them an opportunity to shine a bright light on OSX' security issues away from their own for a brief minute.

    • Re:Let's be honest (Score:5, Informative)

      by catmistake (814204) on Monday February 25, 2013 @04:30PM (#43007373) Journal

      Except that it has NOTHING to do with OS X security. This is all Oracle software that has the issue, software that Apple no longer distributes nor supports. If you don't run Oracle software, you won't be affected. Interestingly, even if you do have the software installed, and it isn't used after 31 days, OS X automatically disables it.

      Again, this has zero to do with OS X security. This is all about end user installed software, provided and supported by Oracle.

      • Re: (Score:3, Insightful)

        by x_t0ken_407 (2716535)
        While your statement is completely true, perception is reality for a large segment of the population, unfortunately.
      • Except that it has NOTHING to do with OS X security.

        No; bullshit. There is a whole load of security stuff that could have protected against that. The SELinux stuff that came from the NSA, that RedHat has been working on for years; that is present in Fedora; is exactly what could protect against this kind of user level stuff. There was a choice made by a number of computer manufacturers to put in ease of use without thinking through how to do that securely. Apple and Microsoft both, together, chose to push out alternative more secure solutions by trying

        • Your essay is both good and original; however, the part that is good is not original, and the part that is original is not good.
      • by X0563511 (793323)

        The core truth doesn't matter, it's all about appearances.

        Put yourself in the shoes of a PHB (I know, i know... it's only temporary) - what would your take be?

      • Re:Let's be honest (Score:5, Insightful)

        by mystikkman (1487801) on Monday February 25, 2013 @05:17PM (#43007959)

        By the same token, a huge section of "Windows Malware" also has nothing to do with Windows Security. Yet we see hundreds of modded up posts on Slashdot bashing Microsoft over it regularly, yet Apple seems to be getting a free pass just like Android.

      • Re:Let's be honest (Score:4, Insightful)

        by amicusNYCL (1538833) on Monday February 25, 2013 @05:18PM (#43007969)

        Again, this has zero to do with OS X security. This is all about end user installed software, provided and supported by Oracle.

        Just so we're all on the same page, when computers get infected with malware it is not the fault of the OS, it is the fault of the third-party software, right? It seems like I heard a different tune when people were talking about Windows machines getting infected through third-party software.

      • Re:Let's be honest (Score:4, Insightful)

        by ILongForDarkness (1134931) on Monday February 25, 2013 @05:23PM (#43008045)

        Well something like 80% of BSOD issues were driver based (talk from a while back in XP days) but that didn't stop MS from getting the blame. A company can encourage other vendors to make good stuff but they can't force customers to apply the blame correctly when 3rd parties fail. It is fair game for MS to say "we've been hacked and yeah our Macs got hacked too" if it is true. It is also in their best interest to make sure that their competitors get included in the sound bits about the problem (and the source of the problem too of course) so that they don't get stuck with all the blame.

    • They want to look relevant. If they weren't hacked, it's because the hackers didn't think they were important.
  • Kind of ironic that at a time when the federal government is wanting a bigger part of Fortune 500 technology departments, that some of the top companies in the world who've recently met at the White House, are now claiming they were hacked. With all these companies being hacked, our only hope is federal goverment stepping in and securing everything.
    • Would not surprise me in the slightest. Unfortunately my curse is that I'm not a huge believer in coincidences on such a scale...
  • As expected (Score:4, Interesting)

    by Cyrano de Maniac (60961) on Monday February 25, 2013 @04:36PM (#43007433)

    The U.S. government has recently been saber-rattling about the NSA/DOD/whoever taking on the role of protecting vital national computer interests, particularly against the hacking efforts of China. And now, very atypically and with very little rationale for publicly admitting as much, a number of major technology/web companies have started admitting they've been hacked, allegedly from China.

    So, was the U.S. government recognizing a real trend ahead of time, or maybe they had non-public information regarding these activities? Or are the companies being pressured to help create a story that will justify a government takeover of the network security infrastructure?

    I distrust coincidences and the timing of these initiatives and disclosures smells a bit odd to me. Expect congressional inquiries into the "growing cybersecurity threat" to be covered on C-SPAN within the next few weeks.

    • by andydread (758754)
      the government had non-public information based on many companies reporting these intrusions to the feds way back from the time that Google was hacked and they closed up shop in China.
    • Both

      There is something real going on; there are always hackers from all Nations and there are probably more from China right now and also there is a conspiracy to take advantage of that.

    • by rtb61 (674572)

      The real problem here is all those technology trying to sell the lie of being able to secure the internet completely. The reality is, if you want it secure then don't bloody connect it to the internet. It only takes one mistake, in set up, in maintenance, in updating and of course in end user use and you security will fail.

      So these companies in seeking billions of taxpayer dollars to fill their coffers and trying to sell something they know will fail and of course they will be able to sell upgrades for.

  • went on a bug hunt.
  • by PlusFiveTroll (754249) on Monday February 25, 2013 @04:47PM (#43007573) Homepage

    I think the point of this story is.

    You are already hacked. Doubly so if you use Java in the browser or anything else that's had any number of security flaws in the past year.

    Make sure your IDS is up and running and stick it between your developers and your servers.

    Oh, and make your developers run their updates. They have to be the worst at ignoring the java, adobe, and microsoft warnings from the task bar.

    • Even worse are bosses who don't want to push updates because "it can break our systems." Surely being cracked is orders of magnitudes worse than having to do some extra work to fix bugs, no?
      • This. A thousand time this! I was doing something for my boss's boss and there were update notifications everywhere, I asked him why they we not being applied and he said they cause problems and slow the machine down! I see it all the time. The other good one is one of our managers who moved GB of photos onto an external HDD to "speed up" her machine, then dropped the HDD onto concrete........
    • by robmv (855035)

      and stop allowing access to production databases from developer workstations. If you have a bug that requires a developer to read the production database, it must be done from an isolated machine with access to it, developers should not have direct network connectivity to it

      • Depends how big the company is. If there are not enough code checks, hacking the developer box is eventually hacking the production database no matter how isolated the two are.

  • by goffster (1104287) on Monday February 25, 2013 @04:59PM (#43007727)

    Than to admit to certificate management incompetence.

  • by Anonymous Coward

    It's like a self help group for non-recovering corporate assholes.

    "Hi, I'm Microsoft, and I was hacked"

    everyone: "Hello, Microsoft"

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...