E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: InternetNews.com

Posted on January 24, 2001

      Wednesday morning's domain name server problems at Microsoft Corp. could be the result of a break in, despite the company's claim it was an internal data center problem.

      If so, that would make it the second time in less than a year Microsoft's network has been compromised.

      In what could very well be a Denial of Service attack, Microsoft technicians are trying to correct problems with its four domain name servers, which respond only sporadically to DNS queries. Hardware problems could be the reason, but indicators are pointing at a possible break in.

      Magnus Bodin, a network developer at Internet consultancy company Framfab in Sweden, noted that all four Microsoft DNS servers were located under one network segment and one IP subnet (207.46.138.xx), making it easy for infiltrators to compromise.

      "It makes it easier because you just have to attack one single subnet, that's the reason I first suspected the server was attacked," Bodin said. "If you're hosting a lot of domains, and you have delegated those domains to separate servers, they should always be on separate subnets. No one real professional DNS host would do (what Microsoft did), and that's a fact."

      Microsoft, however maintains that the problems were due to internal problems at its data center.

      "Right now we're having a problem with our DNS server," Microsoft spokesperson Adam Sohn said Wednesday morning. "Our sites are up and running, but they can't connect because of the name server. We expect to have it back to normal soon."

      Microsoft-owned properties, including MSNBC.com, Encarta.com, Zone.com and Hotmail.com, were put out of commission Tuesday night and only recently have started to come back online, in fits and starts.

      As of press time, Encarta.com, Hotmail.com and MSNBC.com are up and running, but other Microsoft sites continue to have problems.

      Earlier this morning, www.microsoft.co.uk had a message on its Web page apologizing for the disruption in service to its Web site, saying all Microsoft sites would be back in business as soon as possible.

      This is the software giant's second DNS issue in less than a week. Saturday, users were unable to access a number of the company's sites for more than 12 hours due to an error-filled DNS table published by the domain registrar, MyDomain.com.

      Richard Lau, MyDomain.com president, said the problem was human error.

      "Our situation revealed a massive flaw in some DNS resolution server software being used by some ISPs," Lau said. "At first we thought it was a Denial of Service attack but then learned that some DNS resolution software used by other ISPs has bugs that cause it to ask our non-authoritative name servers what are the IP addresses for these domains, which we are not listed as authoritative for."

      Microsoft's problems this week are sure to be the subject of its next meeting at the Information Technology Information Sharing and Analysis Center, a joint effort between Microsoft and 18 other industry heavyweights.

      Companies like AT&T, Hewlett-Packard Co., Symantec Corp. and Oracle Corp. banded together to share information on the security threats that threaten its networks.

      Microsoft is building a reputation as a leaky network. In late October 2000, crackers were able to access top-secret source code files using the QAZ trojan. The virus, when opened by an unsuspecting user, replaces the Windows Notepad with a copy of its own and opens a "back door" to computer. And earlier this week, Microsoft's New Zealand site was cracked and defaced by a group calling itself Prime Suspectz.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.