Microsoft U.K. Website Gets Distorted
A hacker attacked a Web page of Microsoft from the U.K. domain and defaced it by posting several images in connection with Saudi Arabia. This happened on Wednesday June 27, 2007.
Three pictures distorted the page - a child flying the flag of Saudi Arabia, a woman covering her face with a green scarf, and a standalone image of flag of Saudi Arabia. A message below the flag read "HACKED BY rEmOtEr".
The vulnerability of the site is unfortunate, said Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa, as published by PCworld on June 29, 2007.
Although the problem is over now, the hack demonstrates how even a big software company like Microsoft with sufficient expertise can be an easy target for hackers.
The hacker managed to invade the site by taking advantage of a programming error in it with the help of a technique named SQL (Structured Query Language). He injected the SQL to gain unlawful access to a stored data resource, said Halbheer. The site accepted the SQL queries within URLs (uniform resource locators) and sent them to a data resource. As the hacker embedded the query in an unrecognized form within the URL, the server returned error messages, concluded Halbheer.
These error messages helped the hacker to know the structure of the database. He then refined the SQL query so that the database accepted it as a command to insert instead of retrieving data. At the end, the hacker determined the exact combination and added a link to an external site into database.
The result was that on commanding for the normal Website in the browser, the database would take data from the external link. In this attack, it downloaded two photographs and a graphic whose screen shot is available on Zone-H.org that tracks hacked sites.
In May this year, a similar process defaced another Microsoft Website. The attack occurred on the IEAK and a Saudi attacker called cyb3rt carried it out. The defacement on the Website projected a picture of Bill Gates after protestors threw a pie on his face.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 10-07-2007