|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Microsoft left with egg on face over data breach By Patrick Gray, 0 November 25, 2002 URL: http://www.zdnet.com.au/news/security/soa/Microsoft-left-with-egg-on-face-over-data-breach/0,130061744,120270172,00.htm
Microsoft had egg on their face last week when reports emerged claiming that they had made sensitive information, including customer data and confidential strategy papers, accessible to Internet users from an insecure FTP server. According to Wired, Microsoft staff had been transferring data to the server so they could access it from out of the office. The data they uploaded was in fact it was accessible to anyone on the Internet. Online news portal "The Register" claims to have viewed documents that were downloaded from the server by a third party. The Register article also reports that the documents made available to "man and dog" included "Linux vs. Microsoft" comparisons, as well as an "estimated 11 million customer email addresses and seven million snail mail addresses." .NET strategy papers were also said to have been available from the insecure server. The downloaded files were password protected, but freely available cracking software was used to obtain the relevant passwords to open them, according to Wired. This is the second major information leak of concern to Microsoft within as many months. The anti-trust judgement, by US judge Colleen Kollar-Kotelly, was leaked from the US court's web-server to online news portal slashdot.org approximately one hour before its scheduled release. Thousands of people reportedly accessed it before the market sensitive information was due to be read even by Microsoft's lawyers. These, and other recent incidents, have highlighted the importance of effective information management policies across organizations, this breach having more to do with poor security practice than poor security technology. It is unclear at this stage whether an investigation is underway. It is also unknown whose hands this leaked information has fallen in to, or whether Australian customers of Microsoft had their details stored on the vulnerable server. Software company Intentia faced a similar humiliation recently when their third quarter profit results were downloaded and published by the Reuters news agency two hours before they were scheduled to be released to the media. Because there was no protection whatsoever on the downloaded file (Reuters simply guessed the URL to the document, which was not protected by a password.) there is little chance of Intentia successfully seeking legal action. Microsoft was unable to comment at the time of writing.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
