View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft’s security stronger than Sony, RSA, says John Howie

Sony breach could have been avoided, RSA made 'rookie mistakes', says Howie

By CBR Staff Writer

Microsoft security director John Howie has said that the company’s robust mechanisms would not allow security breaches like in Sony or EMC’s security wing RSA, according to a report by Computing.

In April this year, the PlayStation Network of Sony experienced one of the biggest hack attacks in online history. The attack, which is believed to have compromised details of over one million users across the world, disrupted Sony’s services for around two months.

Howie, who is the senior director, online services security and compliance governance at Microsoft, blamed Sony and RSA for committing ‘rookie mistakes’ that allowed hackers to breach into their security walls recently.

Howie added that failure to patch its servers and use of outdated coding software led to the breaches at Sony.

"Sony was brought down because it didn’t patch its servers, it ran out of date software and it coded badly. These are rookie mistakes," said Howie.

The Sony hack attack is being investigated and the hackers have not been traced yet. Hacktivist group Anonymous has denied any role in the breach, but in May, another hacker group, Lulz Security claimed responsibility for the security breach in sonypictures.com website. The group had said in a statement that they had exploited the "primitive" security hole in the website because Sony deserved it.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Howie also said that lack of awareness at RSA made someone make a rookie mistake which led to the data theft.

In March this year, EMC’s security division RSA revealed that an "extremely sophisticated" hack had breached into its security systems, compromising a widely used ‘secure token’ technology for preventing computer breaches.

RSA chairman Art Coviello said in an open letter to customers that the cyber attack resulted in stealing of some information, including data related to RSA’s SecurID authentication products.

Howie said, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."

Howie told Computing that Microsoft is protected against such mistakes.

He said, "At Microsoft we have robust mechanisms to ensure we don’t have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering."

Howie added that Microsoft’s servers are also capable to ward off denial-of-service (DoS) attacks. DoS attacks are widely used by hackers to bring down a website with overwhelming requests.

"We have massively overbuilt our internet capacity, this protects us against DoS attacks," said Howie.

"We won’t notice until the data column gets to 2GB/s, and even then we won’t sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious," he said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU