While the outage caused lots of grumbling on Microsoft’s online forums, contributor Brian Reischl accepted the mishap with a wry sense of humor.
“Might want to fix that, ASAP,” he wrote after a “certificate expired” message appeared on his computer screen. “It also wouldn’t hurt to put a sticky note on someone’s monitor so they remember to update that before it expires next time.
Outages aren’t new to Azure users. A year ago, the system went down. A certificate was the root cause of that outage, too. In addition, Western European users lost service due to a configuration issues in July 2012.
Similar infections have been detected at Twitter, Facebook and Apple. A common denominator of the infections is they all seem to have originated at a single developer’s website, iPhoneDevSDK.com.
According to Ian Sefferman, owner of a popular iPhone developers’site, the site’s systems were unaffected by the malware, which infects a visitor’s computer through a “drive-by” attack.
The attack exploits a vulnerability found when running Oracle’s Java programming language in a browser.
Following the news of the Facebook and Apple exploits, both Oracle and Apple quickly moved to address the situation with security updates. Either Microsoft didn’t install those updates or the infections were discovered before the updates could be installed.
Java’s hot water
Java is no stranger to security holes. A critical vulnerability in Java 6 that had already begun to be exploited in the wild was plugged in 2010. Nine more critical fixes for that version of the program were released in 2011. Apple’s Java fixes this week included one for Java 6, which is the last version of the program shipped from the factory with Apple computers.
When Oracle released a new version of the software, version 7, things didn’t improve. Security holes began popping up in that version, too, and continue to pop up to this day.
Although the recent attacks on high tech companies follow revelations of data pilfering forays into major U.S. media outlets allegedly by Chinese byte bandits, it has been reported by Bloomberg that the attacks on the technology companies may have been perpetrated by a gang of East European hackers.
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix. Disclosure: He also writes for Hewlett-Packad's marketing website TechBeacon.