[ad]
A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.
This was less than a month after Technet got owned.
I don’t think they are ever going to lay off MS.
Saudi hackers manged to deface a page on Microsoft’s UK web site last week, recording the techniques they used in an online video.
The software giant’s sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
Click here to find out more!A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn’t come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.
I’d say the site is still pretty insecure and is likely to get owned again.
According to Zone-h, microsoft.co.uk’s externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.
Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®
You can see details of the defacement and the result at Zone-H here.
Source: The Register
Nobody_Holme says
haw-haw. amongst other things thats a slap in the face for the “our security is good, honest guv” crowd at MS… also plain amusing.
TheRealDonQuixote says
ROFLMAO @ Micro$oft. Totally agree with Nobody_Holme! This is just funny on so many levels. I wanna see the video of the attack!! LNK PLZ?
Sandeep Nain says
Well these guys boast of making THE MOST SECURE OPERATING SYSTEM (WINDOWS VISTA) but they can’t even secure their Website..
Micro$oft please learn something about security …
TheRealDonQuixote says
Honestly, what are the peeps over at MicroSUCK thinking? Is this hubris? They have every possible resource that money can buy, but they fail to execute the basics of modern security?!?! How does that happen? Seriously, does anyone have any clue as to why Microsoft would let this craptasticness continue from XP on up?
oops. I’m a tard. I just saw the link to the info on the attack. Srry. :(
ROke says
alert(1)
loooooooooooooooool
Nobody_Holme says
Cant find the vid anywhere. but meh? I am tempted to try exactly the same technique on exactly the same site in about a month… It’ll probably work, sadly.
oh yah, and TRDQ, YOU are a tard? do you really work in the microsuck security department? :p
TheRealDonQuixote says
@ Nobody_Holme
There are 7 levels of tard. MicroSUCK security developers are one level below George W. Bush, who is the most tard of all tards at a level numero one. A level 7 tard is like someone who forgets their coffee on top of their car. I’m like a level 5 or 6 tard, somewhere around people who don’t RTFM. Level 4 tards are people who don’t RTFM and then proceed to ask repetitive questions about said FM without searching Google. A level 3 tard is someone who has no idea what RTFM refers to, nor do they care to know exactly how to use their email client.
I think that pretty much covers all the levels… ;)
Nobody_Holme says
I know a depressingly large number of level 3 tards… :(
and are you sure there isnt another level in there somewhere for people who buy microsoft software because “its secure”?
Sandeep Nain says
@TRDQ : you forgor to mention level 1 and level 2 tards..
I believe Level 1 tards are the people who buy micr$oft products considering it a secure system. (answer for Nobody_Holme’s question).