Re: [ISN] Microsoft British site hacked

From: InfoSec News (alerts@private)
Date: Tue Jul 03 2007 - 22:31:07 PDT


Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.techworld.com/security/news/index.cfm?newsID=9336
: 
: By Jeremy Kirk
: IDG news service
: 29 June 2007
: 
: A hacker has successfully attacked a web page within Microsoft UK 
: domain, resulting in the display of a photograph of a child waving the 
: flag of Saudi Arabia.
: 
: It was "unfortunate" that the site was vulnerable, said Roger Halbheer, 
: chief security advisor for Microsoft in Europe, the Middle East and 
: Africa.

And lest we forget history, this isn't the first time Microsoft has been 
hit. Worse, this isn't the first time for Microsoft UK. And poor 
Halbheer, I wonder how long he's been in that position..

./1999/10/24/msrconf.microsoft.com
./2000/01/04/www.microsoft.com.tw
./2000/06/03/www.microsoft.com.br
./2000/11/07/events.microsoft.com
./2000/12/14/www.microsoft.si
./2000/12/17/www.microsoft.si
./2001/01/23/www.microsoft.co.nz
./2001/04/19/www.microsoft.be
./2001/04/20/www.microsoft.com.gr
./2001/04/27/www.microsoft.com.gr
./2001/05/03/www.microsoft.co.uk
./2001/05/03/www.microsoft.com.mx
./2001/05/03/www.microsoft.com.sa
./2001/05/07/streamer.microsoft.com
./2001/05/12/pc.microsoft.is
./2001/05/17/www.microsoft.ro
./2001/07/19/windowsupdate.microsoft.com

Check Zone-H for Microsoft defacements after these.

: SQL injection attacks are on the rise, overall, since valuable data is 
: held within databases, said Paul Davie, founder and chief operating 
: officer of Secerno, a security vendor that develops technology to 
: protect databases from SQL attacks.
: 
: "I don't think Microsoft are unique in this respect and shouldn't be 
: held up as particularly slipshod," Davie said. "This could have happened 
: to practically anybody."

If Microsoft can't stop SQL injection, how are customers to trust more 
complex vulnerabilities like those overflow thingies or memory 
corruption?


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue Jul 03 2007 - 22:38:53 PDT