Are hackers hounding Microsoft?

By Cameron Crouch, PC World |  Security

"The only way you can screw up a site is to tamper with the cache so that a given domain name is associated with a different IP address," Fong says. "Here we have alternate domain names, which don't matter; what matters is Microsoft.com goes to the right IP address."

George Kurtz, president and chief executive of Foundstone and an Internet security expert, agrees.

"The Whois listing pulls up any record that has Microsoft in it no matter who it is," Kurtz says. "I honestly don't think in this case the problem is a security issue. It's probably some DNS issue, but I don't think it's related to a security breach of the DNS system."

But whether the Whois list of false domain names points to any larger IP address tampering remains unclear.

Microsoft Downplays Problem

Microsoft acknowledges it has a DNS problem, but denies the likelihood of a security problem or hacker situation. Still, it's certain that a high-traffic group of Microsoft Web sites was unreachable Tuesday night and remains unreliable Wednesday. If the domain name registrars were attacked, other sites could be vulnerable to this kind of blackout.

"As a general rule, mistakes are more likely the cause than maliciousness," says Bruce Schneier, chief technology officer at CounterPane Internet Security. We simply don't have enough information to know what or who caused the domain name server problems, he says. "The answer is possibly, but we don't know," Schneier adds.

Still, Schneier contends it's too early to speculate on any single cause.

Microsoft isn't saying anything, he notes. But then, Microsoft denied any problems after the much-publicized break-in of its servers last fall, he adds.

In October, hackers broke into Microsoft's corporate network, and gained access to information on its upcoming update to Windows, code-named Whistler. Although Microsoft tried to minimize the incidents, the attacks did expose possible security holes within the company's networks.

Untangling the Domain Game

Representatives of Network Solutions say it's still investigating the situation and, like Microsoft, won't definitively declare the cause. But Foundstone's Kurtz suggests one possibility that ties the problem to Network Solutions.

"Network Solutions runs the DNS server for many Internet companies," Kurtz says. "If someone convinces Network Solutions to change the domain name -- something referred to as domain name hijacking -- the domain points to something other than, say, Microsoft."

Kurtz does not suggest Microsoft has experienced such a domain name hijack. But he notes that it happened to America Online in 1998.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question