BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 2d, 15h, 28m | CPU: 41% | MEM: 1849MB of 3203MB used
{The community for beta collectors}

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 PostPost subject: Microsoft Got Hacked!        Posted: Mon Jul 02, 2007 4:03 am 
Staff
User avatar
Offline

Joined
Wed Apr 11, 2007 2:11 pm

Posts
2607

Location
Germany, Earth

Favourite OS
Windows 10
Microsoft Got Hacked!

The official Microsoft U.K. Domain was attacked and defaced by a hacker identified as rEmOtEr. Microsoft confirmed that the hack has been successful. rEmOtEr altered a webpage in the Microsoft.co.uk domain with two images and multiple references to the kingdom of Saudi Arabia.

The U.K. branch of the Redmond company managed to fix the problem, and the functionality of the website is back to normal parameters. The webpage hacked dealt with Microsoft events and can be found here. In the adjacent image you can see how the hacker defaced the page, courtesy of Zone-H.

Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa admitted that the hack was successful and revealed that the whole event was unfortunate. According to Microsoft, no sensitive information was compromised in the attack. This is a clear indication that the hack was done for show, rather than to actually cause any harm.

Another argument that supports such a scenario is the fact that rEmOtEr took time to document the hack in two separate video fragments. You will be able to watch for yourselves the live hacking via the two "remoter_vs_microsoft.avi" files.

The hack was possible mainly because of the fact that the database was allowed to return error messages explained Halbheer, as cited by InfoWorld. The attack was possible through a technique referred to as SQL injection. This fact is also confirmed by the hacker in the two videos that were made available. Via Structured Query Language injection rEmOtEr was able to gain access to the database. In the video fragments you will be able to see how easy the hacker obtains both usernames and passwords for the database. Working his way from error message to error message, rEmOtEr finally could switch from SQL queries with an unexpected form to direct instructions to the database.

Source: http://keznews.com/

Video: http://rs73.rapidshare.com/files/39675384/remoter_vs_microsoft.zip

_________________
MS vNext: Windows 10 ESD Database - Windows 10 Build Labs - Windows 10 Update Archive - Office 2016 Version Tracker - Office Downloader


Top  Profile  WWW
 PostPost subject:        Posted: Mon Jul 02, 2007 4:40 am 
FTP Access
Offline

Joined
Tue Jun 26, 2007 12:13 am

Posts
229

Favourite OS
Windows 7 SP1
Microsoft's websites have been attacked before, in the past and defaced numerous times. It's not too surprising that it has happened again.


Top  Profile
 PostPost subject:        Posted: Mon Jul 02, 2007 1:12 pm 
FTP Access
Offline

Joined
Tue Jun 19, 2007 11:04 pm

Posts
124

Location
In front of a Thinkpad
That has to be embarrassing, I mean, come on, if Windows servers are so stable and secure, why did Microsoft get pwned?
I know one thing: I'm sticking to Windows 2000 for my main PC OS. It pwnz any other OS. Mac OS X is pretty good, also, and Puppy Linux is the best Linux I've tried.

_________________
http://ubuntu.com
^Ubuntu 8. New installer. Why the heck didn't they do this years ago?


Top  Profile  WWW
 PostPost subject:        Posted: Mon Jul 02, 2007 1:22 pm 
Donator
Offline

Joined
Sat Aug 19, 2006 1:25 am

Posts
590

Location
Israel
ZSS9393 wrote:
That has to be embarrassing, I mean, come on, if Windows servers are so stable and secure, why did Microsoft get pwned?

Actually, if the hack was really only possible because of SQL injections, then it's not the Microsoft servers that are at fault, but the website's ASP code, or (if you compare it to PHP, which escapes special characters automatically) ASP itself.


Top  Profile
 PostPost subject:        Posted: Mon Jul 02, 2007 2:25 pm 
Donator
Offline

Joined
Fri Aug 18, 2006 12:05 pm

Posts
698

Location
Or-stray-liagh
I'm surprised a company like Microsoft wouldn't have checked their code for potential SQL injections: this is from the company that publishes the book Writing Secure Code*. Though I've got to say that the guy who did it, well, he's a dumbass for posting his name, email address, and website on the video. Is he asking to be thrown in jail? It seems like it. :P I liked the video, I laughed at how he kept writing "lolz" after doing things. :P



* It's actually a good book

_________________
pr0gram the pr0grammer
BetaArchive retiree | OSBA Expat


Top  Profile
 PostPost subject:        Posted: Tue Jul 03, 2007 5:30 pm 
Donator
User avatar
Offline

Joined
Tue Jun 19, 2007 5:55 pm

Posts
549

Location
UK

Favourite OS
Windows NT 4.0
that guy is definitely going to jail.

MS is the software giant and he has woke the giant.

_________________
My Website -
Ecclesia Semper Reformanda Est


Top  Profile  WWW
 PostPost subject:        Posted: Wed Jul 04, 2007 6:35 am 
FTP Access
User avatar
Offline

Joined
Mon Sep 04, 2006 1:45 pm

Posts
732

Location
Norway

Favourite OS
HP keystroke RPL
I doubt he'll go to jail, not for a silly little proof of concept attack.
Unless he did something to expose personal information or directly caused damage he'll probably just get a fine, if that.

This is assuming he didn't do anything beyond the hacks shown in the videos.

I mean, the HL2 hacker just got community service.

Also, this is post 100!


Top  Profile  WWW
 PostPost subject:        Posted: Wed Jul 04, 2007 1:07 pm 
Donator
User avatar
Offline

Joined
Fri Aug 18, 2006 4:30 pm

Posts
1520

Favourite OS
Mac OS 9.2.2
pr0gram the pr0grammer wrote:
I'm surprised a company like Microsoft wouldn't have checked their code for potential SQL injections: this is from the company that publishes the book Writing Secure Code*. Though I've got to say that the guy who did it, well, he's a dumbass for posting his name, email address, and website on the video. Is he asking to be thrown in jail? It seems like it. :P I liked the video, I laughed at how he kept writing "lolz" after doing things. :P



* It's actually a good book

Quote:
* It's actually a good book
[/quote] I've read it, and it is a very good book.

_________________
Image
Mozilla/5.0 (Macintosh; U; PPC; en-US; mimic; rv:9.3.2) Clecko/20120101 Classilla/CFM
"Stupid can opener! You killed my father, and now you've come back for me!"


Top  Profile
 PostPost subject:        Posted: Thu Jul 05, 2007 12:06 am 
FTP Access
User avatar
Offline

Joined
Sun Nov 12, 2006 1:47 am

Posts
161

Location
Melbourne, Australia
lol i know doing something like that then giving an email address?


Top  Profile
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 




Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS