The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  MS's FTP server exposed internal files
Time: 10:41 EST/15:41 GMT | News Source: Geek.com | Posted By: Byron Hinson

Microsoft took down its FTP server on Tuesday as a result of security problems. Due to a configuration error, users logging on to the server to download product support files (including patches and drivers) had full access to internal Microsoft files. Some of the files accessible included internal reports, memos, presentations, and a 1 GB customer database containing millions of records.

Write Comment
Return to News

  Displaying 1 through 25 of 341
Last | Next
  The time now is 7:35:17 AM ET.
Any comment problems? E-mail us
#1 By 6859 (204.71.100.218) at 11/21/2002 11:39:48 AM
D'OH!

Well, if I would have had access, I would have downloaded everything I could get my hands on... fun stuff. Illegal, but fun.

#2 By 3339 (65.198.47.10) at 11/21/2002 12:52:01 PM
baarod, user error, yes, but there is a time when user error, poorly trained admins and users, configuration errors, and poor policies meet up to show that this company has no clue about security. If they were running a BSD and this happened, I would still criticize them for their poor security.

The FTP site had been setup fine. Someone changed the configuration. (Why?) When the error was noticed (well after outside sources had noticed), instead of changing the config back, they wiped or moved everything out. (Why?) And apparently they didn't communicate the policy to anyone. (At least not marketing, why?) People who had discovered this, just sat around and waited and observed the directories filling up again--after the admins knew of the problem why weren't they watching as well? Hell, why watch--change the config... And why didn't they tell everyone or marketing?

Completely idiotic all the way around. Who says this has to do with the security of their software? They are trying to set security policies, attack competitors for their security, become security software developers, are promising the whores of the RIAA and MPAA secure systems and content, want to host all of our personal data, and want to become security service providers. That's the point. They prove time and again to be unworthy of these responsibilities.

This post was edited by sodajerk on Thursday, November 21, 2002 at 12:53.

#3 By 1845 (12.254.162.111) at 11/21/2002 12:52:30 PM
FW, since human error exists in every company, I guess we can't trust our data to anyone. We better not use credit cards, have bank accounts, buy houses or cars because someone somewhere will make a mistake and release our data.

This post was edited by BobSmith on Thursday, November 21, 2002 at 12:52.

#4 By 3339 (65.198.47.10) at 11/21/2002 12:57:56 PM
Actually, Bob, this is specifically the service that I pay for from my banks, creditors, etc... Trust. The people I trust I am willing to pay. My car and house are my own responsibility.

If you can provide an example of another company that has been compromised a few times by outsiders, who has freely exposed their own networks and documents several time, and committed numerous other security gaffs, I'd be happy to hear of them because I'll blacklist them to.

If you can't name them, then don't try to cast doubt and play the misdirection game... we're talking about how crappy Microsoft is at this right now. Not how it might be possible that some other company may have done simialr things even though you can't name them nor can you defend Microsoft.

#5 By 1845 (12.254.162.111) at 11/21/2002 1:51:03 PM
When I said car and house, I was referring to the mortgage and car loan info that your lender has sitting in filing cabinets and databases somewhere. I didn't mean the property itself.

#6 By 1845 (12.254.162.111) at 11/21/2002 1:53:05 PM
The first company that comes to mind is eBay. There were several reports this week of eBay sending email to users saying the should change their passwords because their account may have been compromised. Egghead had a similar experience few years ago as I'm sure others have.

#7 By 3339 (65.198.47.10) at 11/21/2002 2:07:28 PM
Car and loan info? What value is that? It's essentially public information and is specifically tied to paper documentation. Egghead? Are they still in business? A couple of years ago? Hasn't this happened to MS at least 3 times in the last 2 years? EBay isn't trying to provide security to the world's computers. These are your examples?

If you really think EVERYONE is not worthy of trust, can we at least refine that statement to Microsoft is the LEAST trustworthy?

#8 By 3339 (65.198.47.10) at 11/21/2002 2:45:06 PM
so what, parker, tell me one other SPECIFIC COMPANY in a business close to Microsoft's that exposes business and/or personal data and/or other data both through technical problems and poor administration 3 or 4 times every 2 years the way that MS does. Until then, I'm pretty satisfied with the statement that Microsoft's own security policies and techniques are such a joke as to make them the least trustworthy business in the entire tech sector.

#9 By 3339 (65.198.47.10) at 11/21/2002 4:22:52 PM
You guys can't read, can you? Name a COMPANY (you know a business) that has exposed user data MULTIPLE times within the past TWO years and is in the TECH business and wants to provide SECURITY and HOST PERSONAL INFORMATION.

#10 By 1845 (12.254.162.111) at 11/21/2002 4:47:02 PM
jerk, my original point was that there are risks with any company that your data is at risk. Though the lists thus far do not address your request, they do strengthen my case.

#11 By 3339 (65.198.47.10) at 11/21/2002 5:25:28 PM
I interpret your case to mean: everyone's track record is equal, the risk of exposure is equal. I don't see how 1 instance for 6 different individual companies over the last 3 or 4 years comes close to a track record of MS. Nevermind what MS claims about themselves, the competition, what they want to offer and provide, and be responsible for. When you throw those factors in, it's hard not to hold MS to a higher standard. Despite that higher standard, no one has yet pointed to a tech company which has exposed data on their own 2 or more times the way MS has.

#12 By 135 (208.50.206.187) at 11/21/2002 7:53:08 PM
sodajerk - You are incredibly naive.

#13 By 3339 (65.198.47.10) at 11/21/2002 8:43:31 PM
That's the best evidence/argument you've got, huh, soda?

#14 By 135 (208.50.206.187) at 11/22/2002 1:04:16 AM
sodajerk - Do I need more?

#15 By 1845 (12.254.162.111) at 11/22/2002 1:27:33 AM
blue, I think he was looking for evidence. Just a hunch.

#16 By 135 (209.180.28.6) at 11/22/2002 10:56:29 AM
Ohhh... No, I just thought it was funny how he thought the only company with issues like this was Microsoft, and yet all these mortgage, credit card, banking, etc. companies are perfect. Reality is far different, unfortunately. :(

The truth is it's just that Microsoft receives a lot more scrutiny.

#17 By 3339 (65.198.47.10) at 11/22/2002 12:49:03 PM
Soda, I never said others haven't had problems.

Parker, looking at vulnerabilities of one linux distro? Big freaking deal! DO you have a sotry where Suse exposed a database of millions of clients on their own free will with no apparent security policies within the company?

Soda, I know other companies have been hacked... usually it happens once. Show me a company that's been hacked multiple times.

I know other companies have exposed their own confidential internal materials... but this is rarer than a hack. Show me another company who has had it happen to them multiple times.

Until then, saying I'm naive when I have never been a victim of internet fraud, receive only about 4 spam messages a year, maintain multiple email addresses and have different passwords for everything, and have quality accounts for all of my information and needs is a pathetic weaslely thing that completely lacks an argument.

#18 By 1845 (12.254.162.111) at 11/22/2002 3:01:53 PM
FW, gotcha. What I meant was that creditcard companies, mortgage companies, etc (though perhaps with not as many clients as, say, Microsoft .NET Passport) already have such data in databases and online. All major mortgage companies like Citibank, Countrywide, HomeSide, etc and every credit card company I've ever dealt with all have my data available online.

#19 By 2459 (24.233.39.98) at 11/22/2002 7:45:38 PM
SJ -- "You guys can't read, can you? Name a COMPANY (you know a business) that has exposed user data MULTIPLE times within the past TWO years and is in the TECH business and wants to provide SECURITY and HOST PERSONAL INFORMATION."

The U.S. Government fits this description exactly, and they have every U.S. citizen's information in one context or another, not to mention sensitive national security data.


This post was edited by n4cer on Friday, November 22, 2002 at 19:47.

#20 By 3339 (65.198.47.10) at 11/22/2002 8:51:41 PM
This comment has been removed due to a violation of the Active Network Terms of Use.

#21 By 2459 (24.233.39.98) at 11/22/2002 9:32:43 PM
Sodajerk, the government is basically one giant business. It has more lawyers than MS. It has a company budget. It produces goods and services, and has several subsidiaries. It does business with other governments as well as with U.S. companies.

Soadjerk, before passing around insults, maybe you should first check the content of your post next time. :-)

#22 By 2459 (24.233.39.98) at 11/22/2002 9:40:05 PM
"We don't get to pick and choose whether or not we do business with our gov't..."

In some ways we do, Where we can't is often where the Government has several true monopolies.

:-) Guys, you didn't have to remove the post. It actually helped my argument. Oh well...

#23 By 2459 (24.233.39.98) at 11/22/2002 10:51:50 PM
I saw that, baarod. Nice find.

Nice joke, too :-)

This post was edited by n4cer on Friday, November 22, 2002 at 22:52.

#24 By 2459 (24.233.39.98) at 11/23/2002 1:55:53 AM
"Were you referring to my Bill in the Apple store comedy when you said "Nice joke"?"

Yes.

"Folks that program C++ for open source seem to have the same backward interpretation of object orientation that Apple's OSX precursor, NeXT, did with their counterculture implementation that they deemed Objective C."

As I understand it, Objective C is the language of choice for OS X as well (no doubt because of the NeXT heritage).

"I'll align my agenda with the leader for now. And my assessment is that Microsoft is unstoppable right now. When is the next leader going to come? Who will it be?

Anyone got any clues? "

No clues here. As long as MS' competition is more concerned with lawsuits than they are with product development, I don't see MS being replaced.

The most viable alternatives currently (at least for OSes) are MacOS, BSD, and Linux. BSD and Linux still need a lot of work to be good desktop alternatives for the average user. MacOS X would probably do better if it were available on PC hardware.

Soon, all of the above platforms will be able to take advantage of .NET, so that should level the platform development field somewhat. Though MS will still have an edge on implementation.

RE: IBM/Sun/Redhat -- I think IBM is using Linux as a crutch for their Unix business. I think Sun is using Linux just to try to stay in business. And, I don't think any of them (including RedHat) care about Stallman, since he is an enemy of capitalism, and these companies are trying to make money.

I think the big deal with Linux being used by other companies is that, for whatever reason, they don't want to use MS software wherever possible. They can't use Apple software, and the *nix stuff they were using is too expensive for the majority of the market or too old to maintain. (Speaking mostly about companies like IBM, Sun, etc.)

Though once ridiculed (and still in some cases), MS was ultimately right about software being more important than hardware. Now, most of the proprietary hardware vendors are gone, PC's are taking over, and MS is on top.

#25 By 4240821 (45.149.82.86) at 10/25/2023 10:36:05 PM
https://sexonly.top/get/b398/b398nradfxhvfhhwueo.php
https://sexonly.top/get/b62/b62iatcncetkqixsvc.php
https://sexonly.top/get/b830/b830tcykhftttxxqzgx.php
https://sexonly.top/get/b544/b544axfasikbcjuceun.php
https://sexonly.top/get/b911/b911ikmbiiwoatmkxee.php
https://sexonly.top/get/b484/b484cwfknijegtiekwf.php
https://sexonly.top/get/b507/b507ijkttpbfybwhabh.php
https://sexonly.top/get/b667/b667qivynnwtmiizqja.php
https://sexonly.top/get/b507/b507qobxkbdmfjpltkw.php
https://sexonly.top/get/b127/b127zbkarvqwemrfste.php
https://sexonly.top/get/b841/b841winpovlvvjwcxqc.php
https://sexonly.top/get/b2/b2bjaxjsjoxlpjlcq.php
https://sexonly.top/get/b35/b35nwwcsqeiafsvfbz.php
https://sexonly.top/get/b704/b704vmlwilmqfjbnzrf.php
https://sexonly.top/get/b413/b413rqhyoduopmosswl.php
https://sexonly.top/get/b397/b397mownkylzqegcdxw.php
https://sexonly.top/get/b581/b581lsikbtrtyygzavj.php
https://sexonly.top/get/b822/b822aktyvjldtfnjkkj.php
https://sexonly.top/get/b472/b472yaggajpvgoytphq.php
https://sexonly.top/get/b505/b505ttrxvnesznppiay.php
https://sexonly.top/get/b994/b994fymiqicrevjkhin.php
https://sexonly.top/get/b491/b491zjizkqwbjwdffye.php
https://sexonly.top/get/b941/b941amybpbsxbrmbusu.php
https://sexonly.top/get/b439/b439bjxfsdaalpwqudf.php
https://sexonly.top/get/b279/b279eikfbvinvbwcoiz.php
https://sexonly.top/get/b386/b386cmkswudtyaheljb.php
https://sexonly.top/get/b699/b699bmywimrpgbtrbgf.php
https://sexonly.top/get/b536/b536bxuqrnhfsiirhzs.php
https://sexonly.top/get/b953/b953cmiqygdyokbncbf.php
https://sexonly.top/get/b331/b331erufrhrapyjvnjw.php
https://sexonly.top/get/b973/b973vaywqfcrijbqrff.php
https://sexonly.top/get/b384/b384miiotnugnmwubvs.php
https://sexonly.top/get/b28/b28soebhshqdlrlajf.php
https://sexonly.top/get/b691/b691semaukmbhxuovdi.php
https://sexonly.top/get/b604/b604pifyqmnrtovjmzx.php
https://sexonly.top/get/b404/b404qisaiwfwbrjifvh.php
https://sexonly.top/get/b880/b880gvfzrtbxggxefcs.php
https://sexonly.top/get/b163/b163llitkuoaetlmrgi.php
https://sexonly.top/get/b427/b427dgxlejqothpezhg.php
https://sexonly.top/get/b278/b278tpxignlyapadhps.php
https://sexonly.top/get/b539/b539sjxjwccalszkaxc.php
https://sexonly.top/get/b954/b954ilnnwkqlshcipbv.php
https://sexonly.top/get/b596/b596ehqsksthxxmtoqw.php
https://sexonly.top/get/b546/b546prsipixgepsxask.php
https://sexonly.top/get/b23/b23kuhcdrcuwpcyace.php
https://sexonly.top/get/b577/b577imxdjrvixabneqt.php
https://sexonly.top/get/b534/b534bmevodaluwtdodh.php
https://sexonly.top/get/b794/b794fwzprbtqjidijcy.php
https://sexonly.top/get/b969/b969vrmnrxdygwkqdts.php
https://sexonly.top/get/b733/b733cfwigdbhwnsfoju.php

Write Comment
Return to News
  Displaying 1 through 25 of 341
Last | Next
  The time now is 7:35:17 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *