WEEKLY WEB WATCH: As Microsoft is knocked off its high horse, Web techies rejoice

It is hard to exaggerate the glee with which the hacking of Microsoft's corporate network has been greeted in news reports and on message boards frequented by Internet techies. And as with any story that is deeply embarrassing to powerful people, it is hard to tell fact from spin.

It is hard to exaggerate the glee with which the hacking of Microsoft's corporate network has been greeted in news reports and on message boards frequented by Internet techies. And as with any story that is deeply embarrassing to powerful people, it is hard to tell fact from spin.

It is hard to exaggerate the glee with which the hacking of Microsoft's corporate network has been greeted in news reports and on message boards frequented by Internet techies. And as with any story that is deeply embarrassing to powerful people, it is hard to tell fact from spin.

Redmond's internal network was briefly penetrated by a hacker. The method used to do this, reported by The Wall Street Journal, was a program known as a Trojan (as in Trojan horse). This enters a network as an innocent looking e-mail attachment, which when run, installs itself and emails the IP address of the destination computer to the hacker.

This in turn gives the hacker direct access to the network. In Microsoft's case, the snooping either took place over a period of months or a week, depending on who you believe.

The story has all the elements of urban legend, except that even Microsoft has confirmed at least some of it is true. The fact that the Trojan e-mailed the security information to an Internet account in St Petersburg, Russia, was enough to have press reports over the weekend oozing with xenophobic cliches ranging from the Cold War to Hollywood.

'Russia is known as a haven for criminal hackers who, among other exploits, have been fingered for stealing millions of dollars from banking networks,' said a report on MSNBC.com, no less. Excuse me? If millions of dollars have indeed been stolen from banks over the Internet, then how come this was not reported before?

There are delicious ironies, too, which make the story irresistible.

Remember how a single computer user opening a malicious email attachment could result in entire networks being infected by the Melissa and I Love You viruses? Redmond has always thrown that back at its customers, saying these were simply the result of network administrators not taking proper precautions, and not of any flaws in its products.

Now, the Trojan used to penetrate Microsoft is, according to most reports, called QAZWSX.HSQ. Most virus screening software has been able to detect and disable it for several months. So seeing Microsoft fall victim to it is poetic justice to a lot of people. If even Redmond can't use its own software to keep its network secure, then how can the rest of us be expected to?

Redmond's PR folks are consummate masters at telling the rest of us what to think about Microsoft and its products. But they may have their work cut out with this one. How can any future Microsoft claim or statement about security be credible?

According to Microsoft, the hacker may have had access to the source code for a product under development, but not to the source code of any Windows or Office products, the company's main cash earners and the ones that all of us use. But hang on, say the doubters. If the hacker had access to Microsoft's Internet network for at least a week and possibly several months, then it is far too early to tell whether any damage has been caused.

The Melissa and I Love You viruses worked by exploiting known, documented 'features' of Microsoft programs. Imagine the havoc that could be caused if an enterprising virus writer gained access to enough of the source code of any Windows products to start exploiting vulnerabilities that may not even be known to the original authors of the programs.

If that possibility exists, what IT manager in his right mind would recommend such a product? Of course, the world is not a very logical place. We're all going to carry on using Microsoft products as if nothing happened.

But a few of us may come to regret it.



- Stovin Hayter is editor-in-chief of Revolution. He can be reached at stovin.hayter@revolutionmagazine.com.



Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in

Would you like to post a comment?

Please Sign in or register.