Korean MSN Site Hacked

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Thursday June 2, 2005 @04:13PM from the open-for-rooting dept.

An anonymous reader writes "CNN is reporting that MSN's Korean website was hacked in order to allow usernames and passwords to be stolen. Microsoft is initially blaming unpatched, outsourced servers. Just another embarrassment to Microsoft's security push."

23 of 305 comments (clear)

Min score:

Reason:

Sort:

They probably ran on linux by mingot · 2005-06-02 16:15 · Score: 5, Funny

We all know microsoft doesn't trust windows to run its webservers!
1. Re:They probably ran on linux by Quantum+Fizz · 2005-06-02 16:57 · Score: 4, Funny
  
  Strange, MSFT execs just offered me a soft drink, fortified with hints of "fresh oxytocin", and after whispering some words in my ear suddenly I just trust windows to run all my own webservers.
Here they come. by MyNymWasTaken · 2005-06-02 16:15 · Score: 3, Funny

Untold number of "In korea, only old people..." bad jokes are on their way.
Oh No! by Greenisus · 2005-06-02 16:17 · Score: 5, Funny

They might steal all the old peoples' email passwords!
The blame falls on Koreans by Dancin_Santa · 2005-06-02 16:18 · Score: 3, Interesting

It's not really an embarrassment to Microsoft. It's an embarrassment to Koreans who have long been the leaders in wide-spread broadband and internet usage. You'd have expected that they, of all nationalities, would have their act together when it came to running servers. Unfortunately, it seems that even they are not immune to hacks.

Which is all for the better, of course. The more these systems are attacked, the harder they become. Kind of like how the SR-71's outer plating would become harder each time it took to the skies, or like how the samurai's katana becomes harder each time it is thrust into the forge. Systems become stronger by trial.

So next time there won't be this problem. That there was a problem this time is unfortunate, but like the lessons of history, this experience will make the victims Better. Stronger. Faster than before.
1. Re:The blame falls on Koreans by nacturation · 2005-06-02 16:46 · Score: 3, Insightful
  
  It's an embarrassment to Koreans who have long been the leaders in wide-spread broadband and internet usage. You'd have expected that they, of all nationalities, would have their act together when it came to running servers.
  
  How do you figure that? Widespread broadband penetration does not imply widespread knowledge of sound security principles. I wouldn't be surprised to find that Korean servers are hacked just as often as the servers in any other nation -- the only differing being that the hackers/scriddies use higher speed connections.
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Please get some journalistic integrity... by Anonymous Coward · 2005-06-02 16:19 · Score: 4, Insightful

Please slashdot, you're not doing any justice by harping on Microsoft. Your bias is just disgusting. Why don't you post one of the 1,000,000 Linux defacements or break-ins that happen monthly?

And I know I'm posting Anonymously. I don't have an account nor do I care to create one at your site until you stop being the Fox Network equivalent for Tech News.
1. Re:Please get some journalistic integrity... by frikazoyd · 2005-06-02 17:28 · Score: 3, Interesting
  
  You don't get the major point here. It's an embarassment because it is a major, high-traffic website that requires more security than piddly local paper server number twenty seven that doesn't get a hundredth of the traffic, isn't nearly as popular, and isn't kept up to snuff on the patches.
  
  Now, when a major linux distribution website like RedHat or Suse or Ubuntu or Debian's gets hacked, then you'll have a case for comparison.
2. Re:Please get some journalistic integrity... by rungood · 2005-06-02 17:35 · Score: 3, Insightful
  
  if you find us as "the Fox Network equivalent for Tech News," do what I do with Fox- don't watch it. or in this case, don't read it. at least here on /. you get a forum where your voice can be heard, or your words at least read. and even though I don't mind some bias against microsoft, there are at least 2 or 3 anonymous cowards ;) that posted back to agree with you that they feel that unfair bias is placed against microsoft. while it appears that a paradox is emerging, at the same time we can see by modus ponens reasoning that slashdot isn't nearly as bad as Fox news. hey, the syllogism just proved your analogy wrong!
3. Re:Please get some journalistic integrity... by superpulpsicle · 2005-06-02 17:37 · Score: 4, Insightful
  
  Are you implying it's okay for Windows to be hacked 20 times if Linux is also hacked 20 times?
  
  If Linux has vulnerabilities, then Windows have even less excuse as a billion dollar corporation.
4. Re:Please get some journalistic integrity... by X.25 · 2005-06-02 19:19 · Score: 4, Insightful
  
  Here is a list of appoximately 325 Linux based web sites that were defaced today.
  
  Yeah, so? This isn't about what OS is hacked, but what system. And MSN is *big* (MSN passwords can be used for many things).
  
  If linux.com got hacked, it wouldn't matter, since it holds exactly 0 important things for a hacker. They would deface it.
  
  But MSN KR was not defaced, they subtly placed code in order to specifically get passwords.
  
  Quite different than placing "0wned!" message on a front page.
The server they run by putko · 2005-06-02 16:22 · Score: 4, Interesting

From Netcraft:

Windows Server 2003
Microsoft-IIS/6.0 9-Dec-2004

http://toolbar.netcraft.com/site_report?url=http:/ /www.msn.co.kr

--
http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
Microsoft doesn't deserve this criticism by typical · 2005-06-02 16:22 · Score: 4, Insightful

"CNN is reporting that MSN's Korean website was hacked in order to allow usernames and passwords to be stolen. Microsoft is initially blaming unpatched, outsourced servers. Just another embarrassment to Microsoft's security push."

Yes, Microsoft has a good deal of well-deserved bad karma. That you could consider this to be a failing of their software is ridiculous, though. If this is an embarassment to Microsoft, many Free, Open software packages of every sort, from Apache to Linux to OpenBSD to OpenSSH have been so embarassed.

I'm all for calling out Microsoft when they're (a) full of marketing bullshit, (b) way behind everyone else technically, and (c) playing dirty politics. They deserve to be criticized then. But this is simply a non-event. They had a website get cracked. Big deal. Heck, Sourceforge, the largest repository of Open Source software, has been cracked multiple times, if you want an Open Source counterpart.

Blame Microsoft when they deserve it, and your words will get more weight. If Oracle had run out and said that "Our database is hacker-proof", and the next day their website had been broken into and their database cracked, that would be a fair point to criticize someone. But simply "you had a website cracked" is no longer a big deal for most companies.

--
Any program relying on (nontrivial) preemptive multithreading will be buggy.
1. Re:Microsoft doesn't deserve this criticism by tres · 2005-06-02 17:20 · Score: 3, Insightful
  
  The news here is that it wasn't just a vulnerability published, nor a proof of concept, it was a full fledged crack attack against one of the sites that represent the corporation itself. The news here is that it's the same old Microsoft. The news here is that "Trustworthy Computing" is just another marketing buzzword.The news here is that if you can't even manage to secure your own servers, how do you expect the rest of the world to do it?
  
  Microsoft deserves every bit of blame that they get. They want to pretend like security is something that can be applied like a coat of paint, but in the end, incidents like this prove that it's the same old crap rolling out of Redmond.
  
  --
  Notes From Under *nix: blas.phemo.us
2. Re:Microsoft doesn't deserve this criticism by Tim+C · 2005-06-02 19:29 · Score: 4, Insightful
  
  So what? It most certainly is representative of the FOSS movement. It's built entirely using FOSS apps, it's (one of) the main repositories for FOSS projects, and as such is extremely high profile.
  
  You don't just get to say "yeah, but that's not how you'd normally create a website!", because that's how it was *chosen* to be created.
  
  --
  It's official. Most of you are morons.
In Korea... by Luigi30 · 2005-06-02 16:25 · Score: 4, Funny

Only old servers are unpatched.

--
503 Sig Unavailable

The Signature could not be accessed. Please try again later or contact the administrator
Outsourcing by stox · 2005-06-02 16:29 · Score: 4, Insightful

I am sorry, Microsoft, but I don't give a damn that you outsourced your servers. The customer is buying your name and reputation when they buy your product. So, you may have saved money on the bottom line, but you have squandered trust the consumer had for you. At some point in the future, you will realize what a valuable commodity this was and how expensive it is to re-acquire.

--
"To those who are overly cautious, everything is impossible. "
1. Re:Outsourcing by grolschie · 2005-06-02 16:57 · Score: 3, Insightful
  
  Can we at least make a couple of 'Insightful' speeches about the real bad guy?
  
  Meh! Bill Gates jokes are getting tiresome.
wipe and reload? by Elminst · 2005-06-02 16:43 · Score: 5, Funny

"Microsoft said it cleaned the Web site, www.msn.co.kr, and removed the dangerous software code... "

I got $5 that says this translates to "formatted and reinstalled the OS..."

--
No unauthorized use. Trespassers will be shot. Survivors will be shot again.
1. Re:wipe and reload? by TCM · 2005-06-02 16:53 · Score: 4, Insightful
  
  I got $5 that says this translates to "formatted and reinstalled the OS..."
  
  Well, what would you do?
  
  --
  Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Re:Mirror? by numatrix · 2005-06-02 17:01 · Score: 4, Informative

It wasn't an overt defacement; very small iframe at the bottom of the main page that pointed to a seperate file on the same server. That file contained an tag with a src url of some other file in the same directory ending in .gif.

Of course that file wasn't actually a .gif obviously, but was a collection of IE client-side exploits to try to load a particular bit of malware.

A quick google for that malware shows the other chinese sites that I found (hey, I think that's officially the first time I've made cnn). One was discussing it, the other appeared to be (intentionally or otherwise) loading it.
Not directly their fault by SamMichaels · 2005-06-02 17:04 · Score: 3, Interesting

Just another embarrassment to Microsoft's security push.

No, this is a classic case of why outsourcing mission critical systems and/or data is wrong. It also goes to show that it's NECESSARY to patch mission critical hardware (hell, even non-mission critical Spider Solitaire machines).

We all have issues with MS, but this time it isn't directly their fault.
Re:Imagine my surprise! by NanoGator · 2005-06-02 17:28 · Score: 3, Funny

"The site is running IIS/6.0. (obviously) Does this mean that it hard to patch Windows/IIS ?"

Difficulty is not necessarily a prerequisite to neglect. Ask any woman who's ever bitched about the elevation of the toilet seat.

--
"Derp de derp."