Slashdot Mirror
Microsoft Security Whitepaper
An anonymous reader writes "Microsoft last week published a document on its Web site that describes how the company manages security on its own 300,000 node corporate network. The document is basically a dry discussion of IT risk management strategy, with lots of references to 'asset classes' and 'stakeholders,' and about five, nearly identical 'cycle of life' type diagrams showing how one risk management strategy leads to the next and so on, in a never-ending process. However, the document does open a window on how the biggest, richest software company in the world does security: from the deployment of 65,000 smart cards (let's see, at $50 a piece, that comes to....?), to MS's admission that 'there is a medium to high probability that within the next year, a successful attack will occur that could compromise the High Value and/or Highest Value data class.' According to the document, that includes things such as source code or human resources data."
A quick Google search ("russian hackers microsoft") comes up with:
0 52.txt
http://www.newsmax.com/articles/?a=2000/10/27/180
There's tons of others. It made a big splash on the tech news circles- and then was apparently promptly forgotten for some unknown reason. Strictly speaking, MS has already had one of their critical breaches they talk about and they couldn't have instituted a scheme like they're talking about in the timeframe from when this was discovered to now (i.e. It pretty much had to be in place or largely so because of the scope and scale of the effort in question...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
No, its not really excessive. When I worked there, I usually had 4 machines for myself, in my office, and I did development work. Oh, and I had a laptop as well. Testers often used, many, many more machines.
Then add the build machines, servers, a laptop for many people, machines for temp/consultants, people VPN'ing in from home, and it easily makes 300k.
-- Ryan Watkins vamp@vamp.org http://www.vamp.org/
During the original Code Red incident, for a short time, the Windows Update webpage was showing "Hacked by Chinese Worm".
(There was concrete evidence of this but unfortunately I don't have it.)
Here it is.
For some reason you wrote:
"Realisticly, what is the point of trying to exploit linux? Why exploit the little guy when you can go after the big fish?"
Apache is the single most prevalent web server on the internet. Why then is it that hackers "target" IIS? Maybe because it's easier?
and decided to continue:
" they do employ some of the best and brightest in the world. I imagine some of you may not believe that, but I do."
Have you seen Balmer lately? The problem with working for MS is that, even though you may be smart your just wasting your time. Who cares that you can give a lecture on some brilliant way to link corporate data to business users if your entire architecture needs to fit into a proprietary MS 5 year plan for the enterprise?
MS has had 20 years and billions in funding and the best they can come up with is Windows XP. XP solves problems that Unix, Apple, X, NeXT, Amiga, et als. solved a decade ago. MS produces over architected under engineered gaming consoles that are'nt even compatable with themselves.
If your looking for "fair and balanced" where are you going to go? Read a frigin Windows rag if you want to "balance" Slashdot. I'm sure there are plenty of fine articles on .NET just waiting to provide you with hour of fun filled and objective learning experiences.
Kind Regards
"A few great minds are enough to endow humanity with monstrous power, but a few great hearts are not enough to make us w
Answer here.
Basically, it's an official report from a company/government meant to be released to the customers/public.