Microsoft was hacked: the QAZ trojan story
Microsoft has confirmed that its internal network was compromised, with attackers having access for several weeks. The vector was a trojan called QAZ. The implications go well beyond the specific incident.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged incident — 5 results.
Operating-system monoculture, viewed from a friend's incident
A small consultancy I help with had a network-wide compromise this month. The proximate cause was a single Windows vulnerability; the structural cause was platform monoculture. A walk through the trade-off.
A small DDoS, my own
Last week my home connection went offline for six hours. The cause turned out to be a small DDoS aimed at my own honeypot's IP range. A walk through what happened and what I learned about response.
Yahoo and eBay are down — what we know on the morning of
Yesterday afternoon Yahoo went offline for about three hours under what is being described as a distributed denial of service attack. This morning eBay is reporting similar trouble. The category change I have been writing about is now the front page.
The University of Minnesota DDoS: a category-defining incident
Last week, a single computer at the University of Minnesota was knocked off the network for two days by a coordinated attack from over 200 compromised hosts. This is the first widely-publicised distributed denial of service attack. The defensive implications are profound and mostly unanswered.