30 August 2007 | 7,821 views

Microsoft UK Defaced by Saudi Hackers

Prevent Network Security Leaks with Acunetix

A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.

This was less than a month after Technet got owned.

I don’t think they are ever going to lay off MS.

Saudi hackers manged to deface a page on Microsoft’s UK web site last week, recording the techniques they used in an online video.

The software giant’s sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
Click here to find out more!

A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn’t come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.

I’d say the site is still pretty insecure and is likely to get owned again.

According to Zone-h, microsoft.co.uk’s externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.

Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®

You can see details of the defacement and the result at Zone-H here.

Source: The Register



Recent in General Hacking:
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool

Related Posts:
- Microsoft got Defaced
- India Central Bureau of Investigation (CBI) Site Still Down
- Stuxnet 2 Under Development By Spy Agencies?

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,135,906 views
- Hack Tools/Exploits - 579,351 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 413,190 views

Low-cost VPS Hosting

9 Responses to “Microsoft UK Defaced by Saudi Hackers”

  1. Nobody_Holme 30 August 2007 at 7:52 am Permalink

    haw-haw. amongst other things thats a slap in the face for the “our security is good, honest guv” crowd at MS… also plain amusing.

  2. TheRealDonQuixote 30 August 2007 at 11:48 pm Permalink

    ROFLMAO @ Micro$oft. Totally agree with Nobody_Holme! This is just funny on so many levels. I wanna see the video of the attack!! LNK PLZ?

  3. Sandeep Nain 31 August 2007 at 1:36 am Permalink

    Well these guys boast of making THE MOST SECURE OPERATING SYSTEM (WINDOWS VISTA) but they can’t even secure their Website..

    Micro$oft please learn something about security …

  4. TheRealDonQuixote 31 August 2007 at 4:41 am Permalink

    Honestly, what are the peeps over at MicroSUCK thinking? Is this hubris? They have every possible resource that money can buy, but they fail to execute the basics of modern security?!?! How does that happen? Seriously, does anyone have any clue as to why Microsoft would let this craptasticness continue from XP on up?

    oops. I’m a tard. I just saw the link to the info on the attack. Srry. :(

  5. ROke 31 August 2007 at 1:24 pm Permalink

    alert(1)

    loooooooooooooooool

  6. Nobody_Holme 31 August 2007 at 2:35 pm Permalink

    Cant find the vid anywhere. but meh? I am tempted to try exactly the same technique on exactly the same site in about a month… It’ll probably work, sadly.
    oh yah, and TRDQ, YOU are a tard? do you really work in the microsuck security department? :p

  7. TheRealDonQuixote 1 September 2007 at 5:55 am Permalink

    @ Nobody_Holme
    There are 7 levels of tard. MicroSUCK security developers are one level below George W. Bush, who is the most tard of all tards at a level numero one. A level 7 tard is like someone who forgets their coffee on top of their car. I’m like a level 5 or 6 tard, somewhere around people who don’t RTFM. Level 4 tards are people who don’t RTFM and then proceed to ask repetitive questions about said FM without searching Google. A level 3 tard is someone who has no idea what RTFM refers to, nor do they care to know exactly how to use their email client.

    I think that pretty much covers all the levels… ;)

  8. Nobody_Holme 1 September 2007 at 12:43 pm Permalink

    I know a depressingly large number of level 3 tards… :(
    and are you sure there isnt another level in there somewhere for people who buy microsoft software because “its secure”?

  9. Sandeep Nain 5 September 2007 at 12:00 am Permalink

    @TRDQ : you forgor to mention level 1 and level 2 tards..
    I believe Level 1 tards are the people who buy micr$oft products considering it a secure system. (answer for Nobody_Holme’s question).