Microsoft follies: Insecure global Web sites

From: B.K. DeLong (bkdelong@pobox.com)
Date: Tue Jan 23 2001 - 10:59:48 PST

Next message: Tom Whore: "Re: P2P microrant (in honor of the P2P conference :-) )"
Previous message: Strata Rose Chalup: "Re: fleet week: just-in-time nuclear electricity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Today's humor de jour. I have GOT to stop getting up so early ;)

A Web (easier to read) version of this sucker is at:
http://www.attrition.org/security/commentary/microsoft0123.html

Around 2:54am ET this morning (Tuesday, January 23) the Web site for
Microsoft New Zealand was defaced by the group Prime Suspectz. This is the
6th time a Microsoft Web site has been defaced and they have previously
experienced defacements in both Brazil and Slovenia.
http://www.attrition.org/mirror/attrition/2001/01/23/www.microsoft.co.nz/

The full list of past Microsoft targets have included:

msrconf.microsoft.com (a supposed retired MS server and the first recorded
defacement of a Microsoft server) on October 24, 1999
http://www.attrition.org/mirror/attrition/1999/10/24/msrconf.microsoft.com/CMT/

Microsoft Brazil by IZ corp defaced June 3, 2000
http://www.attrition.org/mirror/attrition/2000/06/03/www.microsoft.com.br/

The Microsoft Events Server by someone unknown on November 11, 2000
http://www.attrition.org/mirror/attrition/2000/11/07/events.microsoft.com

Microsoft Slovenia (defaced twice) the first time by Furia.BR on December
14, 2000 and the second time by BoLoDoRiO 3 days later
http://www.attrition.org/mirror/attrition/2000/12/14/www.microsoft.si
http://www.attrition.org/mirror/attrition/2000/12/17/www.microsoft.si

Prime Suspectz is a group known for their regular campaign against foreign
Web sites of large multinational corporations including Nike Brazil,
Panasonic Italy, BMW France, Chevrolet Argentina, Samsung South Africa,
Nintendo Spain and many more. See our previous commentary on high profile
foreign defacements for a full list -
http://www.attrition.org/security/commentary/hp-foreign-01.html

Their targets aren't only limited to the foreign sites of multinational
corporations. Yesterday Prime Suspectz defaced the Ford Motor Corporation's
Media Web site.
http://www.attrition.org/mirror/attrition/2001/01/22/media.ford.com/

A full list of Prime Suspectz previous defacements are available at
http://www.attrition.org/mirror/attrition/psuspectz.html .

Prime Suspectz isn't the only group defacing high profile foreign sites. In
the last 3 days, sites for Canon Greece, Canon Turkey, and Xerox India have
also been defaced. We expect to see this trend continue until these
companies work to secure their global Web sites as well or better than
their flagship portals.
http://www.attrition.org/mirror/attrition/2001/01/22/www.canon.gr/
http://www.attrition.org/mirror/attrition/2001/01/21/www.canon.com.tr/
http://www.attrition.org/mirror/attrition/2001/01/21/www.xerox.co.in/

-- B.K. DeLong Research Lead ZOT Group

work 617.542.5335 ext. 204 cell 617.877.3271 bkdelong@zotgroup.com http://www.zotgroup.com

Next message: Tom Whore: "Re: P2P microrant (in honor of the P2P conference :-) )"
Previous message: Strata Rose Chalup: "Re: fleet week: just-in-time nuclear electricity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:19:02 PDT