- Related Stories
-
Hacking for dollars
July 6, 2005 -
Hackers mar three Microsoft sites
May 4, 2001 -
Microsoft Web site defaced
January 23, 2001 -
Hacker smears Web sites with pro-Napster messages
September 7, 2000
The intruders were able to access the server that was running http://experts.microsoft.fr/, Microsoft confirmed Monday. The attack was claimed by Turkish hackers using the handle "TiTHacK," said Zone-H, a security Web site that keeps an archive with screenshots of defaced Web sites.
The attackers were likely able to penetrate the server running the Web site due to faulty configuration, Microsoft said in a statement Monday. "Microsoft took the appropriate action to resolve the issue and stop any additional criminal activity," it said.
The intruders apparently took advantage of a yet-to-be-patched flaw in a DotNetNuke script, Zone-H reported on Tuesday, after speaking with the attacker. DotNetNuke is an open-source content management system written in Visual Basic .Net for Microsoft's ASP.Net framework.
After breaking in, the attackers defaced the Microsoft Web site, leaving the following note: "Hi Master (: Your System 0wned By Turkish Hackers! redLine ownz y0u! Special Thanx And Gretz RudeBoy |SacRedSeer| The_Bekir And All Turkish HacKers next target: microsoft.com date: 18/06/2006 @ 19:06 WE WERE HERE...."
While so-called Web site defacements still occur often, they have become less high-profile in recent years as other, financially-motivated threats take the spotlight.
Microsoft is working with law enforcement to investigate and take appropriate action against the attackers, the company said.
The compromised Web site was offline most of Monday. Microsoft said it is working to restore the site, which is hosted at an unidentified third-party Web hosting company. The Web site runs Microsoft's Windows Server 2003 with IIS 6.0 Web server software, according to Netcraft, a U.K.-based Internet-monitoring company.
"We apologize if customers are inconvenienced by the unavailability of the affected Web site," Microsoft said. "Microsoft is committed to helping protect our customers and we're working diligently with the third-party hosting company to restore the functionality of this Web site as soon as possible."
See more CNET content tagged:
attacker, hosting company, Web server, Microsoft Corp., server
For a smaller less equipped business such a defacement would be of greater impact http://www.essentialsecurity.com/Documents/article2.htm
There are nearly 70 million small businesses worldwide and over 20 million in the U.S. alone. Small business is a major part of the global economy - that means it's time to replace a general passivity towards the possible threats.
When large corporations like MS-France are hit, small business need to take notice too. A couple months ago I remember CNET also reporting a vandalism on the MS Korea site.
I wonder if Gartner has since changed its advisory "to stay the hell away from Windows Internet Information Server." if you're concerned about server security.
This certainly doesn't help build credibility for Windows Server as a secure platform.
- French Microsoft Web site hacked
- by vgraybeard July 14, 2006 9:58 PM PDT
- I'm having a bit of trouble working up a tear for a company that wants to hack into every computer running their (actually my) software
- Like this Reply to this comment
-
(6 Comments)(I paid dearly for it). Daily, weekly, or even monthly rechecks are an invasion. Once your copy of Windows has been authenticated, the excuses are over. Does anyone buy the implication that Microsoft believes that someone would trade Microsoft's crap (Windows) for a worse piece of crap (a copy)? If Microsoft has a truth, they aren't telling it. Microsoft can't claim the high ground by complaining about dishonesty and then be dishonest with its costumers.