Microsoft compromised

Story: Don't discount software distribution sites as attack vectorsTotal Replies: 2
Author Content
purplewizard

Oct 12, 2005
4:50 AM EDT
Of course Microsoft had its site compromised and source code stolen in the last few years too. Who knows what else happened or if other such compromises have ever taken place.

Whose word do we take, theirs. Would they lie to protect a $30+ billion company, when it's something as serious as 10s (100s?) of millions of customers of course not....
TxtEdMacs

Oct 12, 2005
6:40 AM EDT
Despite searching I have been unable to find the incident where MS distributed some of its software on infected discs. My memory was that it was one of their Windows versions. Anyone have a link?
phsolide

Oct 12, 2005
6:51 AM EDT
I found these pretty quickly:

http://www.vnunet.com/vnunet/news/2113923/hackers-saw-micros...

http://www.microsoft.com/presspass/press/2004/Feb04/02-12win...

http://sun.soci.niu.edu/~crypt/other/onestop.htm

These appear to describe a number of cases of MSFT shipping infected software, and a case of a trojan allowing someone to steal Windows NT and 2000 source code, later posting it to the world wide web.

MSFT has been compromised to the point of people copying Windows source, and MSFT has distributed "pre-infected" CDs more than once.

It doesn't look to me like back-doored distributions have ever made it out, unless you count the "NSAKEY": http://en.wikipedia.org/wiki/NSAKEY

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!