Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.techworld.com/security/news/index.cfm?newsID=9336
:
: By Jeremy Kirk
: IDG news service
: 29 June 2007
:
: A hacker has successfully attacked a web page within Microsoft UK
: domain, resulting in the display of a photograph of a child waving the
: flag of Saudi Arabia.
:
: It was "unfortunate" that the site was vulnerable, said Roger Halbheer,
: chief security advisor for Microsoft in Europe, the Middle East and
: Africa.
And lest we forget history, this isn't the first time Microsoft has been
hit. Worse, this isn't the first time for Microsoft UK. And poor
Halbheer, I wonder how long he's been in that position..
./1999/10/24/msrconf.microsoft.com
./2000/01/04/www.microsoft.com.tw
./2000/06/03/www.microsoft.com.br
./2000/11/07/events.microsoft.com
./2000/12/14/www.microsoft.si
./2000/12/17/www.microsoft.si
./2001/01/23/www.microsoft.co.nz
./2001/04/19/www.microsoft.be
./2001/04/20/www.microsoft.com.gr
./2001/04/27/www.microsoft.com.gr
./2001/05/03/www.microsoft.co.uk
./2001/05/03/www.microsoft.com.mx
./2001/05/03/www.microsoft.com.sa
./2001/05/07/streamer.microsoft.com
./2001/05/12/pc.microsoft.is
./2001/05/17/www.microsoft.ro
./2001/07/19/windowsupdate.microsoft.com
Check Zone-H for Microsoft defacements after these.
: SQL injection attacks are on the rise, overall, since valuable data is
: held within databases, said Paul Davie, founder and chief operating
: officer of Secerno, a security vendor that develops technology to
: protect databases from SQL attacks.
:
: "I don't think Microsoft are unique in this respect and shouldn't be
: held up as particularly slipshod," Davie said. "This could have happened
: to practically anybody."
If Microsoft can't stop SQL injection, how are customers to trust more
complex vulnerabilities like those overflow thingies or memory
corruption?
Received on Wed Jul 4 00:31:07 2007