Microsoft never disclosed 2013 hack of secret vulnerability database

By Dan Goodin

Enlarge / Microsoft in Dublin, Ireland. (credit: Red Agenda / Flickr)

Hackers broke into Microsoft’s secret, internal bug-tracking database and stole information related to vulnerabilities that were exploited in later attacks. But the software developer never disclosed the breach, Reuters reported, citing former company employees.

Advertisement


In an article published Tuesday, Reuters said Microsoft’s decision not to disclose details came after an internal review concluded the exploits used in later attacks could have been discovered elsewhere. That investigation relied, in part, on automated reports Microsoft receives when its software crashes. The problem with that approach, Reuters pointed out, is that advanced computer attacks are written so carefully they rarely cause crashes.

Reuters said Microsoft discovered the database breach in early 2013, after a still-unknown hacking group broke into computers belonging to a raft of companies. Besides Microsoft, the affected companies included Apple, Facebook, and Twitter. As reported at the time, the hackers infected a website frequented by software developers with attack code that exploited a zero-day vulnerability in Oracle’s Java software framework. When employees of the targeted companies visited the site, they became infected, too.

Read 5 remaining paragraphs | Comments

Source:: Ars Tecnica

Advertisement



Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!