Yesterday morning it was
which fell to hackers, last night
it was Epson.co.nz that
was left looking like this.
At around the same time the Epson site was being compromised, Many of Microsoft's
own sites totally disappeared from the face of the Web due to
problems with its nameservers.
A few years ago this kind of vulnerability and unreliability would have
been considered a bit of a laugh. Commentators like myself would have
poked a bit of fun at those (ir)responsible and we'd have all got on with
But things have changed!
Not only are there a growing number of "Internet companies" that are totally
reliant on the Net for their day-to-day operation but the Net has already
become an essential service for a growing percentage of other businesses.
Email has already replaced fax as the preferred non-verbal communications medium
for most people and a growing number of businesses now use the Net for critical
roles such as B2B transactions.
When a server is compromised or a network fails it's no longer just an inconvenience,
it's a very significant cost.
It would be easy to bash Microsoft over this latest round of Net problems --
after all, it is flaws in their software which has allowed so many websites
(including their own) to be compromised and it was their own DNS servers
that scuttled access to a raft of MS sites last night. Would it be fair
to do this however? (You tell me!).
Microsoft would be justified in saying that all software has bugs and that
in this regard they are little different to any other vendor. Perhaps the
fact that they sell so much software makes it only natural that their products
will be hacked or fail more often -- it's just the law of averages.
Perhaps it's a company's own fault when they fail to apply all the available
security patches as they become available? Or maybe Microsoft ought to be
a little more pro-active in ensuring that it contacts users of its software
and supplies those patches?
I would think, given the new licensing system that makes it mandatory
to register your software (or it stops working), Microsoft has little
excuse not to take a more agressive stance in ensuring that sites running their
software are "up to scratch."
Here's one for you Microsoft -- why not invite all those running your IIS
software to register for a free security-scan. You can then set side a rack
of machines to regularly interrogate those sites (given that you'll have the
owner's permission) and make sure they're carrying the latest patches. If
a site is found without the required patches then the registered owner (or
their agent) can be notified immediately -- (maybe even by having the
closest Microsoft branch give them a ring) and explain the importance of
patching the code.
Will this make Microsoft money? No -- not directly. Its a funny old thing
called "customer service" and "commitment to excellence."
Microsoft -- your reputation is in your own hands.
Perhaps this "problem" is an opportunity for some keen entrepreneur to set
up the same kind of service. For an extra fee they could even call to the
client's premises and apply those patches.
The Weekly Trickles Out
This week's edition of the Weekly has started trickling out. It will probably
take a day or so before they're all sent but they're on their way.
As always, your feedback is welcomed and...
Did you tell someone else about Aardvark today? If not then do it