Microsoft is saying some harsh words in reference to recent hacks. John Howie, Microsoft’s Senior Director in the Online Services Security and Compliance team (OSSC), was quoted saying that Microsoft cannot be hacked or DDoSed. In fact, Howie claims that recent hacks against companies like Sony were due to “rookie mistakes.”
Sony’s PlayStation Network and its Store services were compromised not that long ago which resulted in more than 1 million user accounts including email addresses and passwords being stolen. The hackers who broke into the network had also stolen personal user information such as credit card numbers.
According to Howie, Sony was “coded badly” and “failed to patch its servers.” In fact, “these are rookie mistakes,” Howie said. In reference to the recent attack to RSA: “RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake.”
Howie also stated that Microsoft has robust mechanisms in place that protects them from DoS attacks. “At Microsoft we have robust mechanisms to ensure we don’t have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won’t notice until the data column gets to 2GB/s, and even then we won’t sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious,” Howie said.
These are some strong statements from Howie. It reminds me of when Sony declared war against hackers only to have its PlayStation Network shut down due to a security breach. Microsoft, on the other hand, hired a 14 year old hacker from Ireland when he was caught trying to hack Microsoft’s Xbox Live service. Microsoft claimed they were going to use the boy for “more legitimate purposes.”
Howie’s statements seem like a direct challenge to hackers out there. With AntiSec’s recent activity, lets hope we don’t see any Microsoft security breaches.Further reading: Microsoft, Security