Jump to content
Tuts 4 You

Microsoft Website Hacked


Recommended Posts

The official Microsoft U.K. Domain was attacked and defaced by a hacker identified as rEmOtEr. Microsoft confirmed that the hack has been successful. rEmOtEr altered a webpage in the Microsoft.co.uk domain with two images and multiple references to the kingdom of Saudi Arabia. The U.K. branch of the Redmond company managed to fix the problem, and the functionality of the website is back to normal parameters. The

webpage hacked dealt with Microsoft events and can be found here. In the adjacent image you can see how

the hacker defaced the page, courtesy of Zone-H.

Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa admitted that the hack was successful and revealed that the whole event was unfortunate. According to Microsoft, no sensitive information was compromised in the attack. This is a clear indication that the hack was done for show, rather than to actually cause any harm. Another argument that supports such a scenario is the fact that rEmOtEr took time to document the hack in two separate video fragments. You will be able to watch for yourselves the live hacking via the two "remoter_vs_microsoft.avi" files.

The hack was possible mainly because of the fact that the database was allowed to return error messages explained Halbheer, as cited by InfoWorld. The attack was possible through a technique referred to as SQL injection. This fact is also confirmed by the hacker in the two videos that were made available. Via Structured Query Language injection rEmOtEr was able to gain access to the database. In the video fragments you will be able to see how easy the hacker obtains both usernames and passwords for the database. Working his way from error message to error message, rEmOtEr finally could switch from SQL queries with an unexpected form to direct instructions to the database.

Source and Video: _http://news.softpedia.com/news/Microsoft-Got-Hacked-58708.shtml

Link to comment
Share on other sites

thats a sum display of skillz.... :P

im guessing they wouldnt have to much trouble on this site





Link to comment
Share on other sites

They seem to have used reasonably basic attacks. The link is vuln to XSS and SQL injection which they've used to include a remote CSS.

Kinda surprised no-one's done it before!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...