Feeds

Nasdaq hacked through MS security hole

MS Internet Information Server fingered yet again

  • alert
  • submit to reddit

The essential guide to IT transformation

Flaws in Microsoft's Internet Information Servers have been blamed for the hack attack on the Nasdaq and American Stock Exchange Web site last week. The weaknesses allowed hackers to breach security and trash one of the most high profile Web sites in the US. The allegation was made by London-based mi2g software which carried out a post mortem of the hack attack. "Initial analysis suggests that well publicised vulnerabilities in Microsoft's Internet Information Server have been exploited," said the report. "Whilst Microsoft has been regularly issuing software patches for holes found, there is no guarantee that all patches may have been applied by the network administrators," it said. The attack -- which left graffiti all over the walls of the financial Web site -- was allegedly carried out by the hacker group "United Loan Gunmen" (ULG). The most sensitive aspect of the attack is a claim by the ULG that it set up an email account on Nasdaq's computers. If this proves to be true, it would mean that ULG obtained "deep access" to the Nasdaq computer system severely compromising the security of the site. "On-line financial institutions, bourses and shopping sites ought to be aware that they need to put Internet security at the top of the board agenda," warned DK Matai, MD of mi2g software. Despite being contacted on Friday to discuss the matter, no one from Microsoft was available for comment by press time. ®

Build a business case: developing custom apps

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
Class war! Wikipedia's workers revolt again
Bourgeois paper-shufflers have 'suspended democracy', sniff unpaid proles
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.