Microsoft press gang attacked by outlaws

PORTUGUESE SPEAKING hackers dubbed the "Outlaw group" have defaced the ultra-secure Microsoft.com's uk press page using a well-known hole that should have been patched months ago.

Red-faced spinsters pulled the hacked page (www.microsoft.com/mspress/uk/) yesterday after the defacers modified the title and introduction of the Microsoft Press section to write "Owned OutLaw Group by Pharoeste e Wolfblack".

Despite the fact that the HQ site is touted as one of the industry's most secure, and it contained press releases extolling the virtues of security patches the INQ understands that the defacement was no great hacking feat. The site easily fell over to an attack tuned onto a well known hole in Microsoft's patchwork quilt.

Basically, the attack involved finding the administration page and performing an SQL injection attack to gain control of the content.

It seems that someone had not visited the Microsoft web-page and upgraded their patches. A mirror and a screenshot of the defacement can be found here although it is not that artistic.

Microsoft only became aware of the defacement after it was contacted by security company Zone-h and apparently the hacked page remained in Google's search "cache" for sometime. A spokesman for Zone-h said the hacker group has been a bunch of busy spotty Herberts. The group was first noticed in December last year when it defaced this Brazilian address, which is a Linux based site. Since then the mob has knocked out over 60 sites.

Two months ago, two Microsoft Korean web sites were defaced, and the Microsoft Mexican (microsoft.com.mx) web site was "defaced" last week when someone alleged to be a Turkish vandal called Iskorpitx put his moniker in the cgi-bin folder.

A spinner for Zone-h said that in the last case the hacker took advantage of a recent vulnerability in the Windows operating system (MS04-011) which also would have been prevented had the Vole upgraded its server. He wondered why it hadn't.µ