Fandelem
10-31-2000, 07:40 PM
I'm going to grab some quotes.. if someone could explain them better..
(article I'm looking at: http://www.cnn.com/2000/TECH/computing/10/30/microsoft.hackers.ap/index.html )
okay.. the article starts out with this:
"A hacker had high-level access to Microsoft Corp.'s computer system for 12 days -- not up to five weeks, as the company had first reported -- and was monitored the entire time."
If they monitored it the entire time, then why wouldn't they stop it immediately?
The company was alerted to the break-in by the creation of new accounts giving users access to parts of Microsoft's computer network, Miller said. "We start seeing these new accounts being created, but that could be an anomaly of the system," Miller said. "After a day or two, we realized it was someone hacking into the system."
does this normally take this long to realize that someone might be hacking your system? if you were the admin (esp. managing a huge network like that), and noticed accounts were being created, wouldn't you want to make that a pretty high priority to check it out?
okay.. here is the kicker for this article:
If any attempts to download or transfer the source code were made, such activity was not recorded in Microsoft's logs, Miller said, adding that it is extremely unlikely any source code files were copied because of their immense size.
okay.. first off.. I have always been told that you can cover your tracks.. if their system was compromised, couldn't the hacker just delete their entries in the logfiles? I would think if someone could actually hack microsoft, they would at least have the intelligence to cover their tracks, no? and then that the fact that just because they were large files, assuming people wouldn't copy them, is preposterous.. at the very least, couldn't they view it, select all, then copy it to a file on their computer? microsoft has always bragged about how they can withstand DoS's because of their huge bandwidth.. if that's the case, I would think that downloading the file wouldn't be a problem..
Miller acknowledged the hacker could have been in the system for longer than 12 days, but he said the company is confident that high-level access occurred only between October 14 and October 25.
Isn't 12 days of "high-level access" enough to get virtually anything you want? I read Lance's security pages and I saw that a hacker got root in under 90 seconds! 12 days?!?
heh, any explanations on any of the italicized comments would be appreciated :}
(article I'm looking at: http://www.cnn.com/2000/TECH/computing/10/30/microsoft.hackers.ap/index.html )
okay.. the article starts out with this:
"A hacker had high-level access to Microsoft Corp.'s computer system for 12 days -- not up to five weeks, as the company had first reported -- and was monitored the entire time."
If they monitored it the entire time, then why wouldn't they stop it immediately?
The company was alerted to the break-in by the creation of new accounts giving users access to parts of Microsoft's computer network, Miller said. "We start seeing these new accounts being created, but that could be an anomaly of the system," Miller said. "After a day or two, we realized it was someone hacking into the system."
does this normally take this long to realize that someone might be hacking your system? if you were the admin (esp. managing a huge network like that), and noticed accounts were being created, wouldn't you want to make that a pretty high priority to check it out?
okay.. here is the kicker for this article:
If any attempts to download or transfer the source code were made, such activity was not recorded in Microsoft's logs, Miller said, adding that it is extremely unlikely any source code files were copied because of their immense size.
okay.. first off.. I have always been told that you can cover your tracks.. if their system was compromised, couldn't the hacker just delete their entries in the logfiles? I would think if someone could actually hack microsoft, they would at least have the intelligence to cover their tracks, no? and then that the fact that just because they were large files, assuming people wouldn't copy them, is preposterous.. at the very least, couldn't they view it, select all, then copy it to a file on their computer? microsoft has always bragged about how they can withstand DoS's because of their huge bandwidth.. if that's the case, I would think that downloading the file wouldn't be a problem..
Miller acknowledged the hacker could have been in the system for longer than 12 days, but he said the company is confident that high-level access occurred only between October 14 and October 25.
Isn't 12 days of "high-level access" enough to get virtually anything you want? I read Lance's security pages and I saw that a hacker got root in under 90 seconds! 12 days?!?
heh, any explanations on any of the italicized comments would be appreciated :}