back to article Saudi hackers scalp MS UK

Saudi hackers manged to deface a page on Microsoft's UK web site last week, recording the techniques they used in an online video. The software giant's sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack. A video illustrating SQL …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    .com runs on 2008

    microsoft.com runs off a Windows Server 2008 box - I'm guessing they haven't made the switch yet for the uk version

  2. Dillon Pyron

    Surprise

    And this comes as a surprise because ...

  3. Morely Dotes

    And they wonder why they can't keep it secure?

    "Microsoft.co.uk is run using IIS6"

    Let's see, build a server on an unsecure OS, then throw a pile of security holes on top, add an open invitation to "heck me," sit back and wait 15 seconds...

  4. Dunhill

    deny by default

    it's not a bug, it is an option

  5. Anonymous Coward
    Anonymous Coward

    Never let facts get in the way of a good MS bashing.

    Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is, and everything to do with retarded web developers not sanitizing their variables.

  6. Anonymous Coward
    Anonymous Coward

    RE: facts and MS getting in the way

    And let's not forget that an SQL injection attack that results in more than just public data manipulation - such as a remote command shell - has absolutely everything to do with how good or bad the server software is, and its fundamental administration.

    Of course, Microsoft wouldn't recommend leaving Enterprise server infrastructure exposed to the Internet without any sort of Defense in Depth would they? Or are they also suggesting that an ISA cluster let this through too ...

  7. Anonymous Coward
    Anonymous Coward

    Bill's Challenge?

    I thought this was what Microsoft wanted? I recall BillG setting out the call to action some months ago .. yes, here it is;

    "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare a

    anybody to do that once a month on the Windows machine."

    -- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/

    Must be a new month ...

  8. Anonymous Coward
    Anonymous Coward

    Never let facts get in the way of a good MS bashing.... they don't!

    " Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is "

    No, you're right; let's never forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is. Let's remember that a near-warhol worm that brought down the entire internet in about fifteen minutes is to do with how good or bad the server software is, instead.

    In other words, it's awful.

  9. Karl Lattimer

    Re: Bills Challenge

    -- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/

    Searching security focus for Apple -> Mac OSX -> 10.4.10 returns 0 results...

    Am I missing something here? People might be finding bugs, but they're not 0day, don't affect a large homogeneous population of machines, are generally fixed quite quickly (you can get more than one update a month!!) and 90% of the existing bugs for OSX still don't give you root access.

    There are lies, damn lies, and whatever microsoft says about apple :)

    WRT the microsoft website;

    Retarded web developers who could only get a job at M$ + IIS6 = Erm, our server just got defaced over in the UK.

    This kind of thing makes me chuckle every time :)

  10. James Foster

    This is a hoax

    All Microsoft UK URLs are www.microsoft.com/uk based not www.microsoft.co.uk. This is bogus wannabe blackhat propaganda.

  11. Doug

    re: This is a hoax

    How do you explain this then?

    - quote -

    microsoft.co.uk = 207.46.197.32

    http://samspade.org/whois/207.46.197.32

    -------

    Domain name:

    microsoft.co.uk

    Registrant:

    Microsoft Ltd

    Registrant type:

    UK Limited Company, (Company number: 1624297)

    Registrant's address:

    Microsoft Campus

    Thames Valley Park

    Reading

    Berkshire

    RG40 4UD

    GB

    http://tinyurl.com/24tl6c

    http://webwhois.nic.uk/cgi-bin/whois.cgi?query=microsoft.co.uk&WHOIS+Submit.x=38&WHOIS+Submit.y=6

    - unquote -

  12. Maligned Truth

    They've joined the code community!

    Glad to see the Saudi's have joined the Code Community! They also know well the vulnerabilities of Microsoft!

    Every cloud has it's silver lining! Anyone who wants, can grab some of the hundreds of GNU/Linux distros at distrowatch.com or livecdlist.com or linux.org

    Linux? Isn't that what Microsoft runs all it's websites behind? All it's Aruba Routers on?

    BSD? Yes, that is what Hotmail, Yahoo, run on their servers.

    Enjoy!

This topic is closed for new posts.