microsoft.com runs off a Windows Server 2008 box - I'm guessing they haven't made the switch yet for the uk version

And this comes as a surprise because ...

"Microsoft.co.uk is run using IIS6"

Let's see, build a server on an unsecure OS, then throw a pile of security holes on top, add an open invitation to "heck me," sit back and wait 15 seconds...

it's not a bug, it is an option

Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is, and everything to do with retarded web developers not sanitizing their variables.

And let's not forget that an SQL injection attack that results in more than just public data manipulation - such as a remote command shell - has absolutely everything to do with how good or bad the server software is, and its fundamental administration.

Of course, Microsoft wouldn't recommend leaving Enterprise server infrastructure exposed to the Internet without any sort of Defense in Depth would they? Or are they also suggesting that an ISA cluster let this through too ...

I thought this was what Microsoft wanted? I recall BillG setting out the call to action some months ago .. yes, here it is;

"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare a

anybody to do that once a month on the Windows machine."

-- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/

Must be a new month ...

" Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is "

No, you're right; let's never forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is. Let's remember that a near-warhol worm that brought down the entire internet in about fifteen minutes is to do with how good or bad the server software is, instead.

In other words, it's awful.

-- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/

Searching security focus for Apple -> Mac OSX -> 10.4.10 returns 0 results...

Am I missing something here? People might be finding bugs, but they're not 0day, don't affect a large homogeneous population of machines, are generally fixed quite quickly (you can get more than one update a month!!) and 90% of the existing bugs for OSX still don't give you root access.

There are lies, damn lies, and whatever microsoft says about apple :)

WRT the microsoft website;

Retarded web developers who could only get a job at M$ + IIS6 = Erm, our server just got defaced over in the UK.

This kind of thing makes me chuckle every time :)

All Microsoft UK URLs are www.microsoft.com/uk based not www.microsoft.co.uk. This is bogus wannabe blackhat propaganda.

How do you explain this then?

- quote -

microsoft.co.uk = 207.46.197.32

http://samspade.org/whois/207.46.197.32

-------

Domain name:

microsoft.co.uk

Registrant:

Microsoft Ltd

Registrant type:

UK Limited Company, (Company number: 1624297)

Registrant's address:

Microsoft Campus

Thames Valley Park

Reading

Berkshire

RG40 4UD

GB

http://tinyurl.com/24tl6c

http://webwhois.nic.uk/cgi-bin/whois.cgi?query=microsoft.co.uk&WHOIS+Submit.x=38&WHOIS+Submit.y=6

- unquote -

Glad to see the Saudi's have joined the Code Community! They also know well the vulnerabilities of Microsoft!

Every cloud has it's silver lining! Anyone who wants, can grab some of the hundreds of GNU/Linux distros at distrowatch.com or livecdlist.com or linux.org

Linux? Isn't that what Microsoft runs all it's websites behind? All it's Aruba Routers on?

BSD? Yes, that is what Hotmail, Yahoo, run on their servers.

Enjoy!