Saudi hackers scalp MS UK
PrintDefacement video tutorial pulled after attack
Posted in Software & Security, 2nd July 2007 15:53 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Saudi hackers manged to deface a page on Microsoft's UK web site last week, recording the techniques they used in an online video.
The software giant's sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn't come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.
The defaced page (www.microsoft.co.uk/events/net/eventdetail.aspx?eventid=8399) is also currently unavailable but defacement archive Zone-h has recorded the attack for posterity here.
According to Zone-h, microsoft.co.uk's externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.
Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®
Free whitepaper – Managing desktop software for fun and profit
Enabling the Agile Data Center
Straight Talk with Dell: Sending out an SaaS
The business value of SIP VoIP and trunking
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs