A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.
This was less than a month after Technet got owned.
I don’t think they are ever going to lay off MS.
Saudi hackers manged to deface a page on Microsoft’s UK web site last week, recording the techniques they used in an online video.
The software giant’s sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
Click here to find out more!
A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn’t come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.
I’d say the site is still pretty insecure and is likely to get owned again.
According to Zone-h, microsoft.co.uk’s externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.
Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®
You can see details of the defacement and the result at Zone-H here.
Source: The Register