Feeds

MS UK 0wn3d by hackers. Again

Embarrassing defacements 'R Us

  • alert
  • submit to reddit

SANS - Survey on application security programs

D'oh. Microsoft's UK website was defaced early this morning by previously unknown hackers called the OutLaw Group.

Headings on a page (www.microsoft.com/mspress/uk) plugging tech manuals were altered to "Owned by OutLaw Group" during the brief period the site was defaced. A Microsoft's spokeswoman confirmed a page dealing with technical text books was "briefly replaced by unauthorised content". Microsoft is investigating the incident. Beyond stating it's confident that no customer data was jeopardised by the hack, Microsoft is staying schtum about the embarrassing security breach.

Successful hack attacks on Microsoft webites are nothing new, but previous attacks have focused on spraying digital graffiti across the front page of sites, especially those hosted by third-party companies at the time. The latest attack is a more subtle data poisoning assault - the digital equivalent of urinating on Microsoft's back porch. It's unclear what attack mechanism was used to inject the rogue content onto the site, which runs IIS 6.0 on Windows 2003.

The timing of the attack couldn't be much worse for Microsoft. At yesterday's TechEd conference the software giant was talking up the capabilities of its Internet Security and Acceleration (ISA) Server software in preventing security breaches. Today's attack does nothing to help MS's pitch that the latest version of ISA Server is gaining traction with server vendors and giving more traditional software firewall vendors, such as Check Point, a run for their money. ®

Related stories

MS hacked once, twice, three, FOUR times
Microsoft UK 0wn3d
WIN2K is even easier to deface than NT
Greece and Belgium are the weakest links in MS Hacks

Related links

MS defaced (from Google cache)

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.