Feeds

back to article Saudi hackers scalp MS UK

Saudi hackers manged to deface a page on Microsoft's UK web site last week, recording the techniques they used in an online video. The software giant's sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack. A video illustrating SQL Injection …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

.com runs on 2008

microsoft.com runs off a Windows Server 2008 box - I'm guessing they haven't made the switch yet for the uk version

0
0

Surprise

And this comes as a surprise because ...

0
0

And they wonder why they can't keep it secure?

"Microsoft.co.uk is run using IIS6"

Let's see, build a server on an unsecure OS, then throw a pile of security holes on top, add an open invitation to "heck me," sit back and wait 15 seconds...

0
0

deny by default

it's not a bug, it is an option

0
0
Anonymous Coward

Never let facts get in the way of a good MS bashing.

Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is, and everything to do with retarded web developers not sanitizing their variables.

0
0
Anonymous Coward

RE: facts and MS getting in the way

And let's not forget that an SQL injection attack that results in more than just public data manipulation - such as a remote command shell - has absolutely everything to do with how good or bad the server software is, and its fundamental administration.

Of course, Microsoft wouldn't recommend leaving Enterprise server infrastructure exposed to the Internet without any sort of Defense in Depth would they? Or are they also suggesting that an ISA cluster let this through too ...

0
0
Anonymous Coward

Bill's Challenge?

I thought this was what Microsoft wanted? I recall BillG setting out the call to action some months ago .. yes, here it is;

"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare a

anybody to do that once a month on the Windows machine."

-- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/

Must be a new month ...

0
0
Anonymous Coward

Never let facts get in the way of a good MS bashing.... they don't!

" Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is "

No, you're right; let's never forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is. Let's remember that a near-warhol worm that brought down the entire internet in about fifteen minutes is to do with how good or bad the server software is, instead.

In other words, it's awful.

0
0

Re: Bills Challenge

-- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/

Searching security focus for Apple -> Mac OSX -> 10.4.10 returns 0 results...

Am I missing something here? People might be finding bugs, but they're not 0day, don't affect a large homogeneous population of machines, are generally fixed quite quickly (you can get more than one update a month!!) and 90% of the existing bugs for OSX still don't give you root access.

There are lies, damn lies, and whatever microsoft says about apple :)

WRT the microsoft website;

Retarded web developers who could only get a job at M$ + IIS6 = Erm, our server just got defaced over in the UK.

This kind of thing makes me chuckle every time :)

0
0

This is a hoax

All Microsoft UK URLs are www.microsoft.com/uk based not www.microsoft.co.uk. This is bogus wannabe blackhat propaganda.

0
0

re: This is a hoax

How do you explain this then?

- quote -

microsoft.co.uk = 207.46.197.32

http://samspade.org/whois/207.46.197.32

-------

Domain name:

microsoft.co.uk

Registrant:

Microsoft Ltd

Registrant type:

UK Limited Company, (Company number: 1624297)

Registrant's address:

Microsoft Campus

Thames Valley Park

Reading

Berkshire

RG40 4UD

GB

http://tinyurl.com/24tl6c

http://webwhois.nic.uk/cgi-bin/whois.cgi?query=microsoft.co.uk&WHOIS+Submit.x=38&WHOIS+Submit.y=6

- unquote -

0
0

They've joined the code community!

Glad to see the Saudi's have joined the Code Community! They also know well the vulnerabilities of Microsoft!

Every cloud has it's silver lining! Anyone who wants, can grab some of the hundreds of GNU/Linux distros at distrowatch.com or livecdlist.com or linux.org

Linux? Isn't that what Microsoft runs all it's websites behind? All it's Aruba Routers on?

BSD? Yes, that is what Hotmail, Yahoo, run on their servers.

Enjoy!

0
0
This topic is closed for new posts.