Original URL: http://www.channelregister.co.uk/2007/07/02/ms_uk_defacement/
Saudi hackers manged to deface a page on Microsoft's UK web site last week, recording the techniques they used in an online video.
The software giant's sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn't come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.
The defaced page (www.microsoft.co.uk/events/net/eventdetail.aspx?eventid=8399) is also currently unavailable but defacement archive Zone-h has recorded the attack for posterity here (http://www.zone-h.org/content/view/14780/31/).
According to Zone-h, microsoft.co.uk's externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.
Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according (http://toolbar.netcraft.com/site_report?url=http://www.microsoft.co.uk) to Netcraft. ®
Comcast hack leaves users without email (29 May 2008)
http://www.channelregister.co.uk/2008/05/29/comcast_hack/
Defacement archive Zone-h mulls closure (17 March 2008)
http://www.channelregister.co.uk/2008/03/17/zone_h_vote/
Scotland Yard careers website defaced (25 February 2008)
http://www.channelregister.co.uk/2008/02/25/met_police_defacement/
Turkish s'kiddies deface security forum (17 December 2007)
http://www.channelregister.co.uk/2007/12/17/f_secure_defacement/
Hacker defaces temples to OS X (27 November 2007)
http://www.theregister.co.uk/2007/11/27/mac_site_defacer/
Website for computer security experts hacked (8 November 2007)
http://www.channelregister.co.uk/2007/11/08/forensic_forum_hack/
UK2.net hack cuts off email (12 July 2007)
http://www.channelregister.co.uk/2007/07/12/uk2_hack/
Defacement archive Zone-h gets defaced (23 January 2007)
http://www.channelregister.co.uk/2007/01/23/zone-h_defaced/
Hackers hijack UK.gov wiki (5 September 2006)
http://www.channelregister.co.uk/2006/09/05/defra_wiki_abuse/
Holy Moly hacked (17 August 2006)
http://www.channelregister.co.uk/2006/08/17/holy_moly_hacked/
Islamist hackers attack Danish sites (9 February 2006)
http://www.channelregister.co.uk/2006/02/09/islamic_defacement_protests/
Web defacer sentenced, facing deportation (27 October 2005)
http://www.channelregister.co.uk/2005/10/27/secfocus_hacker_deport/
MS UK defaced in hacking attack (6 July 2005)
http://www.channelregister.co.uk/2005/07/06/msuk_hacked/
MS UK 0wn3d by hackers. Again (25 May 2004)
http://www.theregister.co.uk/2004/05/25/ms_uk_defaced/
Intel hacker talks to The Reg (16 February 2001)
http://www.theregister.co.uk/2001/02/16/intel_hacker_talks/
© Copyright 2008