Saudi hackers scalp MS UK
Defacement video tutorial pulled after attack
Saudi hackers manged to deface a page on Microsoft's UK web site last week, recording the techniques they used in an online video.
The software giant's sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack.
A video illustrating SQL Injection flaws affecting www.microsoft.co.uk, used to insert extra HTML code that formed the basis of the attack, was posted online. Details of how this might be done would be useful fodder for hackers so it shouldn't come as any particular surprise to learn that the video (posted on unbase.com) was pulled over the weekend.
The defaced page (www.microsoft.co.uk/events/net/eventdetail.aspx?eventid=8399) is also currently unavailable but defacement archive Zone-h has recorded the attack for posterity here.
According to Zone-h, microsoft.co.uk's externally hosted website remains potentially vulnerable to Cross Site Scripting and SQL injection attacks. It bases this conclusion on debug errors generated by scripts on the site.
Microsoft.co.uk is run using IIS6 on a series on Windows 2003 servers, according to Netcraft. ®
Sponsored: Customer Identity and Access Management