back to article With dead-time dump, Microsoft revealed DDoS as cause of recent cloud outages

In the murky world of political and corporate spin, announcing bad news on Friday afternoon – a time when few media outlets are watching, and audiences are at a low ebb – is called "taking out the trash." And that’s what Microsoft appears to have done last Friday. A post that went live while almost no-one was looking reveals …

  1. Anonymous Coward
    Anonymous Coward

    Ah, what a nice bit of camouflage

    I wonder how long their marketing people worked on that one.

    Let's pierce through that bit of "camouflage by techno babble", shall we? The bit that ensures Microsoft can claim it was transparent while hiding the truth from most end users and managers:

    "This recent DDoS activity targeted layer 7 rather than layer 3 or 4"

    In the ISO model, layer 7 is the application layer.

    So, translated this means that this DDoS attack targeted Microsoft software. This DDoS was apparently able to use vulnerabilities in Microsoft's own software to, er, vaporise their Cloud. So, in addition to Microsoft software being a known local security risk to your average enterprise it's now also a proven exposure in the Cloud.

    I can understand why they're cagey about it - it's bad timing as they're raising prices..

    1. Hans 1
      Childcatcher

      Re: Ah, what a nice bit of camouflage

      I was astonished our vulture did not pick this up in the article ...

      1. Anonymous Coward
        Anonymous Coward

        Re: Ah, what a nice bit of camouflage

        Probably still too much blood in their caffeine. I have that too in the morning - I just got up a lot earlier :).

    2. Anonymous Coward Silver badge
      Windows

      Re: Ah, what a nice bit of camouflage

      Whilst mostly I agree with your comment, I feel I need to pick up on a couple of things:

      Targeted isn't the same as exploited - it was aimed at the application layer.

      >This DDoS was apparently able to use vulnerabilities in Microsoft's own software

      Define vulnerability. Being able to swamp a fleet of servers is somewhat different to gaining access to them.

      My interpretation (and I may well be being overly generous) is that the miscreants found an endpoint that took a while to process (probably still <10ms) and didn't have effective rate limiting, so issued millions of calls to it. Whilst it denies service, it doesn't necessarily leak information or grant elevated permissions etc which "vulnerability" implies.

      1. Someone Else Silver badge

        Re: Ah, what a nice bit of camouflage

        Your check from Micros~1 Marketing is in the mail.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ah, what a nice bit of camouflage

        Does it matter what the miscreants found to make a mess of things?

        The key fact is that it took a service offline that by its very nature should be hardened against things like that, and they tried to use techno speak to avoid words that would clue in the people that sign the bills that it's their code that got swamped. The former, OK, it's Microsoft and if you don't know by now that code belongs on the clean side of a firewall you haven't been paying attention for a couple of decades. But the fact they tried to cover it up in a manner that literally shouts BS at anyone half technically competent is IMHO extremely objectionable.

      3. Dan 55 Silver badge

        Re: Ah, what a nice bit of camouflage

        Targeted isn't the same as exploited - it was aimed at the application layer.

        With a bit of handwaving you can consider the login prompt to be level 7 as well. A successful level 7 DDoS sounds way better than a successful level 5 DDoS because one is just some application which we don't know the specifics about because oddly they don't go into details while with the other it's blindingly obvious that your cloud service is really flaky.

    3. Anonymous Coward
      Anonymous Coward

      Re: Ah, what a nice bit of camouflage

      Well, you expose your APIs - as is the fashion - and you then have to make sure that people don't hammer them.

  2. mikus

    Having worked at a major cloud company circa 2003, I became well acquainted with ddos, and quite interesting how they deal with this 20 years later.

    This ought to be an instructional piece of history how long they torment Microsoft. or anyone really.

    1. Anonymous Coward
      Anonymous Coward

      Well, that's exactly it. A DDoS is not exactly a new concept and if you're as big as MS you should have strategies in place and will have had a few people pen test from the Net, just to be safe.

      A BS press release doesn't cut it IMHO.

      1. Guido Esperanto

        Not exacrly junping to a defence, but isn't ddos not defined by what caused it, more by what it actually caused.

        Meaning while traditionally its flooding gateways et al with lots of guff, the specific target and source of guff may have evolved since the old Loic attacks, and may continue evolving.

  3. Anonymous Coward
    Anonymous Coward

    Some sympathy

    The fact that they are referred to as 'Storm-1359' should remind us just how many groups go after Microsoft as a trophy - whilst they might over-promise their up-time, that should not detract from what a herculean job maintaining decent uptime must be for them.

    Also, I'm not sure that actually naming a group that used DDOS for publicity is the best policy for El Reg to pursue, either.

  4. Version 1.0 Silver badge

    The Int.....er.....er ....net, is it working?

    We see problems everywhere, it's just part of the design methods these days. Originally the Internet was designed to be highly reliable and it's still not bad at all, but too often these days we have an excellent connection to something with issues.

    Here's an AI quote update ... "If it was raining soup, the Internet users would go out with forks." - Brendan Behan in today's world.

  5. Martin Summers

    I was configuring intune for iOS at the time. I was glad to be able to leave on time for once!

    1. Anonymous Coward
      Anonymous Coward

      Foisting Micros~1 shite on to other OSs - you should be ashamed of yourself.

  6. NightFox

    When your target gives you a cooler name than you gave yourself.

  7. Anonymous Coward
    Anonymous Coward

    Telling

    I find it more telling that Microsoft's first reach on failure of their cloud is looking at what changes they made last, even they assume the cause will lay in the quality of their software or lack of testing before roll-out when the stuff hits the fan!

  8. StuartMcL

    > Microsoft users can at least take heart that the Windows giant has found "no evidence that customer data has been accessed or compromised."

    Always bearing in mind that absence of evidence is not evidence of absence. :)

  9. david 12 Silver badge

    AP and The Register co-operate with criminal enterprise

    the group "appears to be focused on disruption and publicity."

    In the 1970's, young men used to listen to weekend radio for reports of their Friday Night Ultra-Violence. Now, according to police reports, the kids are looking at social media for reports of their exploits. At it's worst, this is what drives mass shootings in the USA, which, because of reverence for the press, is unable to address the problem.

    MS correctly did feed the problem until asked a direct question. If only Associated Press could be equally responsible.

  10. Nick Ryan

    stellar security prowess

    I wonder which vendor is behind the Operating System that is powering these DDoS attacks? Maybe one that includes insecurity by design and adds routes for exploitation with every generation of new shiny and unstable releases?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like