Microsoft security director John Howie has said that the company’s robust mechanisms would not allow security breaches like in Sony or EMC’s security wing RSA, according to a report by Computing.
In April this year, the PlayStation Network of Sony experienced one of the biggest hack attacks in online history. The attack, which is believed to have compromised details of over one million users across the world, disrupted Sony’s services for around two months.
Howie, who is the senior director, online services security and compliance governance at Microsoft, blamed Sony and RSA for committing ‘rookie mistakes’ that allowed hackers to breach into their security walls recently.
Howie added that failure to patch its servers and use of outdated coding software led to the breaches at Sony.
"Sony was brought down because it didn’t patch its servers, it ran out of date software and it coded badly. These are rookie mistakes," said Howie.
The Sony hack attack is being investigated and the hackers have not been traced yet. Hacktivist group Anonymous has denied any role in the breach, but in May, another hacker group, Lulz Security claimed responsibility for the security breach in sonypictures.com website. The group had said in a statement that they had exploited the "primitive" security hole in the website because Sony deserved it.
Howie also said that lack of awareness at RSA made someone make a rookie mistake which led to the data theft.
In March this year, EMC’s security division RSA revealed that an "extremely sophisticated" hack had breached into its security systems, compromising a widely used ‘secure token’ technology for preventing computer breaches.
RSA chairman Art Coviello said in an open letter to customers that the cyber attack resulted in stealing of some information, including data related to RSA’s SecurID authentication products.
Howie said, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."
Howie told Computing that Microsoft is protected against such mistakes.
He said, "At Microsoft we have robust mechanisms to ensure we don’t have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering."
Howie added that Microsoft’s servers are also capable to ward off denial-of-service (DoS) attacks. DoS attacks are widely used by hackers to bring down a website with overwhelming requests.
"We have massively overbuilt our internet capacity, this protects us against DoS attacks," said Howie.
"We won’t notice until the data column gets to 2GB/s, and even then we won’t sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious," he said.
