Assessing the MS cyber-attack

Summary:The MS cyber-attack: More questions than answers.

Maybe it speaks volumes about the fragility of maintaining complex systems in this networked age of ours. Frustrated by two days of intermittent success attempting to access various Microsoft Web sites, millions of customers will doubtless suggest less charitable explanations.

However you sum it up, the Redmondians have had an awfully rough couple of days. Not quite up there with the post-Judge Jackson verdict fallout -- at least not just yet -- but it's getting close.

Doing what any big corporation does in these sorts of situations, Microsoft has been spinning for all it's worth. Of course, it took more than seven hours before the PR department emerged from hibernation to shed light on what the heck was going on. Rest assured, this was not one of those Kodak moments likely to get featured in Microsoft's $200 million advertising campaign.

The company then issued a statement blaming the problem on a botched configuration job by a technician making changes to certain routers.

Microsoft made sure to underscore how this was an operational error not linked to the technology marketed by the company or the security of its networks.

That was an ironic choice of wording, coming as it did shortly before Microsoft fell victim to the subsequent denial-of-service attack. But more about that in a second.

In its advertising campaign promoting .Net, Microsoft is driving home the central message that its servers, if not the company's technology, are reliable. To be sure, the DNS problem was triggered by human error. Yet the resulting mess has everything to do with poor network design -- and the company has yet to explain that away.

Unlike a lot of other Internet players who also operate big Web sites, Microsoft had apparently failed to distribute its DNS servers on different networks in case something went bump in the night.

Unsolved mysteries
Two immediate questions come to mind:

1.) Why did it take a full 24 hours before Microsoft was able to diagnose the source of the problem? The Web site may have been down, but that doesn't explain the foul-up in internal communications.

2.) No redundancy, no backup -- in other words, a time bomb waiting to ignite, according to any network-security consultant. How come Microsoft failed to get the message?

Now the mother of all gaffes. By early Thursday, word had spread via the Internet about Microsoft's predicament. Here's where the company really let its guard down.

With its DNS servers clustered together, Microsoft had become a "target-rich environment" (to borrow a phrase much in vogue during the Gulf War) for any mischief-maker with the know-how to launch a denial-of-service attack.

To be sure, mistakes happen and attackers lurk in the darker regions of cyberspace. Nothing you can do about that. And most DNS servers around the Net don't run on Windows. They run Unix. So this is more a problem with the security design of the Domain Name Service than with Microsoft technology.

But not every company aspires to play the central role in defining and supplying the digital guts of industrial-strength enterprise cyberneeds. The show-me crowd is already voicing the obvious concern: If Microsoft can't keep its own servers up and running, why should anybody trust Redmond to make good on the rest of its ambitious Internet agenda?

Good question.

Topics: Microsoft, Security, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.