Re: [ISN] Microsoft British site hacked

From: InfoSec News (alerts@private)
Date: Tue Jul 03 2007 - 22:31:07 PDT

Forwarded from: security curmudgeon <jericho (at)>

: By Jeremy Kirk
: IDG news service
: 29 June 2007
: A hacker has successfully attacked a web page within Microsoft UK 
: domain, resulting in the display of a photograph of a child waving the 
: flag of Saudi Arabia.
: It was "unfortunate" that the site was vulnerable, said Roger Halbheer, 
: chief security advisor for Microsoft in Europe, the Middle East and 
: Africa.

And lest we forget history, this isn't the first time Microsoft has been 
hit. Worse, this isn't the first time for Microsoft UK. And poor 
Halbheer, I wonder how long he's been in that position..


Check Zone-H for Microsoft defacements after these.

: SQL injection attacks are on the rise, overall, since valuable data is 
: held within databases, said Paul Davie, founder and chief operating 
: officer of Secerno, a security vendor that develops technology to 
: protect databases from SQL attacks.
: "I don't think Microsoft are unique in this respect and shouldn't be 
: held up as particularly slipshod," Davie said. "This could have happened 
: to practically anybody."

If Microsoft can't stop SQL injection, how are customers to trust more 
complex vulnerabilities like those overflow thingies or memory 

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today.

This archive was generated by hypermail 2.1.3 : Tue Jul 03 2007 - 22:38:53 PDT