Second security breach at Microsoft
Published: 06 Nov 2000 11:54 GMT
For the second time is as many weeks, Microsoft is being forced to explain how an intruder got into its systems. According to the embarrassed software giant, the breach is not serious as the cracker was unable to do any serious damage.
Just a week after admitting that an intruder gained unauthorised access to the company's corporate network, Microsoft confirmed that a Dutch cracker with the alias Dimitri exploited a known vulnerability in Microsoft's Internet Information Server (ISS), the application used to power the site.
Adding insult to injury, Dimitri then posted news of the attack to the events.microsoft.com bulletin board. He boasted that he could access a number of Microsoft Web servers and alter files on the company's download site. A Microsoft spokeswoman insists this is untrue saying the intrusion was limited to the one Web server and was patched almost immediately.
"It was an isolated incident and had nothing to do with the intrusion into the corporate network last week," she said. "It was a single server that had been retired. It was not hosting anything, just redirecting."
This spokeswoman also says that, despite last week's high-profile break-in, this second incident will not have a major effect on the company's reputation. "It was a very small issue," she says. "It hasn't really affected Microsoft at all."
Take me to Hackers
Take me to ZDNet Enterprise
To have your say online click on the TalkBack button and go to the ZDNet News forum.
Let the editors know what you think in the Mailroom. And read what others have said.
Did you find this article useful?
32 out of 84 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
