[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Microsoft blames human error for WGA glitch
From: InfoSec News <alerts () infosecnews ! org>
Date: 2007-08-30 6:19:40
Message-ID: Pine.LNX.4.61.0708300119310.13835 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.infoworld.com/article/07/08/29/Microsoft-blames-human-error-for-WGA-glitch_1.html
By Nancy Gohring
IDG News Service
August 29, 2007
Microsoft blamed human error for a Windows Genuine Advantage problem
that identified legitimate Windows users as pirates last week.
"Nothing more than human error started it all," Alex Kochis, senior
product manager for Windows Genuine Advantage at Microsoft wrote on the
company blog Tuesday night. New software was accidentally loaded onto
the live servers running the system, he said. That ultimately caused the
servers to decline activation and validation requests that were good, he
wrote.
While Microsoft quickly noticed the problem and rolled back the changes
within a half hour, the problem continued to affect the validation
service, he said. The activation process was fixed in that time frame,
he said.
The company is implementing some changes to make sure a similar incident
doesn't happen again. It is improving monitoring in order to find out
sooner if there is a problem, he said. Microsoft is also adding
checkpoints that should prevent accidental changes to the servers.
Kochis' explanation is fine but the incident is still troubling, said
Michael Cherry, an analyst at Directions on Microsoft. "I think it's
unsettling for people when it doesn't validate," he said.
While it's great that Microsoft has put some new procedures in place,
Cherry was surprised that it was even "feasible" for someone to
accidentally load the wrong code into the live environment. "It just
raises the question of what other things have they not done," he said.
In his blog post, Kochis clarified that an existing policy will
automatically validate all users if the WGA servers are down but that in
this case, the servers weren't down, so that policy didn't kick in. With
that policy in place, Cherry wonders why Microsoft didn't just take the
servers down while they were diagnosing and fixing the problem so that
legitimate users wouldn't continue to have issues.
The problem began on Friday evening and lasted through Saturday
afternoon. During that time, some users incorrectly failed the
validation process, leaving them unable to use certain features
including Windows Aero, Windows ReadyBoost, and some features of Windows
Defender and Windows Update. Affected users also saw a message in the
corner of their screen that said "This copy of Windows is not genuine."
WGA has been criticized since its unveiling in 2005. The system, which
works for Windows XP and Vista users, is meant to help Microsoft disable
software pirates, but some users say it's cumbersome. In addition,
Microsoft faces two class action suits that characterize WGA as spyware
and cite concerns over how Microsoft uses data it collects about users
through the program.
____________________________________
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!
http://conference.hitb.org/hitbsecconf2007kl/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic