.com runs on 2008
microsoft.com runs off a Windows Server 2008 box - I'm guessing they haven't made the switch yet for the uk version
Saudi hackers manged to deface a page on Microsoft's UK web site last week, recording the techniques they used in an online video. The software giant's sites are periodically hit by acts of digital graffiti. In this case, however, the defacement gang unusually decided to document its attack. A video illustrating SQL …
And let's not forget that an SQL injection attack that results in more than just public data manipulation - such as a remote command shell - has absolutely everything to do with how good or bad the server software is, and its fundamental administration.
Of course, Microsoft wouldn't recommend leaving Enterprise server infrastructure exposed to the Internet without any sort of Defense in Depth would they? Or are they also suggesting that an ISA cluster let this through too ...
I thought this was what Microsoft wanted? I recall BillG setting out the call to action some months ago .. yes, here it is;
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare a
anybody to do that once a month on the Windows machine."
-- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/
Must be a new month ...
" Let's not forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is "
No, you're right; let's never forget that an SQL injection attack has absolutely nothing to do with how good or bad the server software is. Let's remember that a near-warhol worm that brought down the entire internet in about fifteen minutes is to do with how good or bad the server software is, instead.
In other words, it's awful.
-- Feb. 1, 2007; http://www.msnbc.msn.com/id/16934083/site/newsweek/page/0/
Searching security focus for Apple -> Mac OSX -> 10.4.10 returns 0 results...
Am I missing something here? People might be finding bugs, but they're not 0day, don't affect a large homogeneous population of machines, are generally fixed quite quickly (you can get more than one update a month!!) and 90% of the existing bugs for OSX still don't give you root access.
There are lies, damn lies, and whatever microsoft says about apple :)
WRT the microsoft website;
Retarded web developers who could only get a job at M$ + IIS6 = Erm, our server just got defaced over in the UK.
This kind of thing makes me chuckle every time :)
How do you explain this then?
- quote -
microsoft.co.uk = 207.46.197.32
http://samspade.org/whois/207.46.197.32
-------
Domain name:
microsoft.co.uk
Registrant:
Microsoft Ltd
Registrant type:
UK Limited Company, (Company number: 1624297)
Registrant's address:
Microsoft Campus
Thames Valley Park
Reading
Berkshire
RG40 4UD
GB
http://tinyurl.com/24tl6c
http://webwhois.nic.uk/cgi-bin/whois.cgi?query=microsoft.co.uk&WHOIS+Submit.x=38&WHOIS+Submit.y=6
- unquote -
Glad to see the Saudi's have joined the Code Community! They also know well the vulnerabilities of Microsoft!
Every cloud has it's silver lining! Anyone who wants, can grab some of the hundreds of GNU/Linux distros at distrowatch.com or livecdlist.com or linux.org
Linux? Isn't that what Microsoft runs all it's websites behind? All it's Aruba Routers on?
BSD? Yes, that is what Hotmail, Yahoo, run on their servers.
Enjoy!