• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Microsoft Got Hacked????

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Coffee Shop >> Microsoft Got Hacked???? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Microsoft Got Hacked???? - 1.Jul.2007 7:12:12 PM   
carlos_andres

 

Posts: 44
Joined: 28.Jan.2004
From: Venezuela
Status: offline
Sorry Admin if this is not the right place..
 
I found this info over the web, hopefully this site was not protected for Isa Firewalls..

Read.

The U.K. branch of the Redmond company managed to fix the problem, and the functionality of the website is back to normal parameters. The webpage hacked dealt with Microsoft events and can be found here. In the adjacent image you can see how the hacker defaced the page, courtesy of Zone-H.

Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa admitted that the hack was successful and revealed that the whole event was unfortunate. According to Microsoft, no sensitive information was compromised in the attack. This is a clear indication that the hack was done for show, rather than to actually cause any harm.

Another argument that supports such a scenario is the fact that rEmOtEr took time to document the hack in two separate video fragments. You will be able to watch for yourselves the live hacking via the two "remoter_vs_microsoft.avi" files.

The hack was possible mainly because of the fact that the database was allowed to return error messages explained Halbheer, as cited by InfoWorld. The attack was possible through a technique referred to as SQL injection. This fact is also confirmed by the hacker in the two videos that were made available. Via Structured Query Language injection rEmOtEr was able to gain access to the database. In the video fragments you will be able to see how easy the hacker obtains both usernames and passwords for the database. Working his way from error message to error message, rEmOtEr finally could switch from SQL queries with an unexpected form to direct instructions to the database.

source: news.softpedia.com
Post #: 1
RE: Microsoft Got Hacked???? - 20.Apr.2010 1:29:39 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
If you put a website on the Internet with a flaw in the website design,...the firewall you put it behind is not going to make any difference (it doesn't matter what the firewalls is.

If the website is flawed,..then the website is flawed,...period.

_____________________________

Phillip Windell

(in reply to carlos_andres)
Post #: 2
RE: Microsoft Got Hacked???? - 27.Apr.2010 9:39:48 AM   
jqdurham

 

Posts: 42
Joined: 16.Apr.2010
Status: offline
quote:

ORIGINAL: pwindell

If you put a website on the Internet with a flaw in the website design,...the firewall you put it behind is not going to make any difference (it doesn't matter what the firewalls is.

If the website is flawed,..then the website is flawed,...period.


As both a web developer and an IT manager, I agree.  SQL injection is the most common cause of "website hacking" and needs to be addressed in IIS (in this case) as well as the .NET application (again, in this case).

(in reply to pwindell)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Coffee Shop >> Microsoft Got Hacked???? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts