Microsoft blames recent Sony and RSA hacks on 'rookie mistakes'

By Stuart Sumner
04 Jul 2011 View Comments
Security threats - password theft

Microsoft has blamed Sony and security firm RSA for making 'rookie mistakes' that led to both firms' recent and widely-publicised hacking incidents.

John Howie, senior director, online services security and compliance governance at Microsoft said that the security breaches at Sony could have beeen avoided if it had kept its servers patched.

Further reading

"Sony was brought down because it didn't patch its servers, it ran out of date software and it coded badly. These are rookie mistakes," said Howie.

He added that the breach at secure token specialists RSA could also have been avoided.

"RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."

He claimed that processes in place at Microsoft meant that such mistakes were extremely unlikely to happen within his organisation.

"At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering."

In a statement that could be construed as goading to hackers, he also made the claim that Microsoft's internet capacity renders it almost impervious to denial-of-service (DoS) attacks. 

This form of attack has been used in recent months by hacktivist group Anonymous and now-disbanded hacking group Lulzsec to temporarily take down the internet sites of Mastercard, Paypal, the CIA and the Serious and Organised Crime Agency (SOCA).

"We have massively overbuilt our internet capacity, this protects us against DoS attacks," said Howie.

DoS attacks bombard a web-facing server with requests for information until the volume of data that it attempts to pass exceeds its output limit, often causing the server to fail.

"We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious," he said.

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

56 %
17 %
7 %
17 %
3 %