[ Thanks to David for this
link. ]
“The WSJ said that hackers could have been in the network for as
long as three months. During the day Microsoft sources traded this
down to six weeks, and then finally to one week.”
“The WSJ said that the break-in had been discovered on
Wednesday, and after initial Microsoft attempts to investigate it
itself, the FBI was called in on Thursday. But later the company
said that it had first detected the intrusion on Tuesday 17th, six
days earlier.”
“If you think about what actually happened, even according
to Microsoft, your confidence in the Microsoft version of events
does tend to ebb. At minimum it was possible to successfully
plant a Trojan in a Microsoft employee’s home computer. Through
this it was possible to gain access to source code under
development, even as Microsoft’s security people were allegedly
monitoring that access. Microsoft incidentally says that the
code couldn’t have been downloaded because that would have been
recorded, rather than that it couldn’t be downloaded because it was
secure. For the company crown jewels, this is not good.”