If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#61
|
|||
|
|||
Microsoft Answers query (was - Does Windows 10 have a way to edita PDF yet?)
On 11-Jul-17 12:51 PM, Paul wrote:
David B. wrote: Thank you - I really mean that - for taking the time and trouble to respond to me, Paul. I'll read it again later too. I've just been reading he- https://www.akamai.com/uk/en/support/end-user-faq.jsp Are you CERTAIN that it is impossible for a 'bunch of bad apples' to have manipulated the server so that folk are directed to a 'spoof' site which is *pretending* to be Microsoft Answers? Sites on the Internet, get hacked all the time. They do indeed! However, I don't recollect *ever* hearing any stories about Microsoft equipment. Perhaps nobody is willing to report such things. (When source code was stolen, it's usually traced to a "trusted partner" who had a copy of the code.) You are aware that the Microsoft Answers server is a 'stand-alone' server - not part of the same 'log-in' arrangement as all the other Microsoft facilities for which a Microsoft Account functions? In this case, when using a "rent-a-server", you have two IT departments. And the Microsoft staff would have an account and login password, for accessing the rent-a-server and uploading content to it. Or, whatever. As it's a forum, of course the server adds content to itself, every time a user posts something. Microsoft staff don't 'run the Microsoft Answers forums. Other than that detail, the site will have just as many exposures as any other site. Does the site use a database ? Probably. Could someone do an injection attack on it ? Maybe. I have no way of knowing how well or how poorly the site is managed, whether it has automated heuristic protection (Tripwire) or anything else. I don't know the answers to your questions. How do you feel about asking a question about this *ON* the Microsoft Answers forums? A weakness on small company sites (like say pcper.com or anandtech forums), is nobody writes their own BBS software. They buy it. And sometimes bugs are found in BBS software that makes it attack-prone. I've heard about this before and understand what you say. What does Microsoft use ? Is the code written by their own staff, or did they purchase a product ? That would be a consideration too, as to how secure it was. Any time you run a forum, the attack surface is larger than simple web-sites intended to be "read-only under all circumstances". Again, I don't know the answers. I doubt very much that Microsoft would have purchased "a product" to run the forums. We're you just kidding about this?!!! -- David B. |
Ads |
#62
|
|||
|
|||
Microsoft Answers query (was - Does Windows 10 have a way to edita PDF yet?)
On 11-Jul-17 12:51 PM, Paul wrote:
David B. wrote: Thank you - I really mean that - for taking the time and trouble to respond to me, Paul. I'll read it again later too. I've just been reading he- https://www.akamai.com/uk/en/support/end-user-faq.jsp Are you CERTAIN that it is impossible for a 'bunch of bad apples' to have manipulated the server so that folk are directed to a 'spoof' site which is *pretending* to be Microsoft Answers? Sites on the Internet, get hacked all the time. However, I don't recollect *ever* hearing any stories about Microsoft equipment. Perhaps nobody is willing to report such things. (When source code was stolen, it's usually traced to a "trusted partner" who had a copy of the code.) In this case, when using a "rent-a-server", you have two IT departments. And the Microsoft staff would have an account and login password, for accessing the rent-a-server and uploading content to it. Or, whatever. As it's a forum, of course the server adds content to itself, every time a user posts something. Other than that detail, the site will have just as many exposures as any other site. Does the site use a database ? Probably. Could someone do an injection attack on it ? Maybe. I have no way of knowing how well or how poorly the site is managed, whether it has automated heuristic protection (Tripwire) or anything else. A weakness on small company sites (like say pcper.com or anandtech forums), is nobody writes their own BBS software. They buy it. And sometimes bugs are found in BBS software that makes it attack-prone. What does Microsoft use ? Is the code written by their own staff, or did they purchase a product ? That would be a consideration too, as to how secure it was. Any time you run a forum, the attack surface is larger than simple web-sites intended to be "read-only under all circumstances". Paul I've now written to Akamai and asked them to review my post on the Answers forum. https://answers.microsoft.com/en-us/...e-f76f6d5fa569 I'll let you know what they say - IF they respond! -- David B. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|