Slashdot Mirror
Korean MSN Site Hacked
An anonymous reader writes "CNN is reporting that MSN's Korean website was hacked in order to allow usernames and passwords to be stolen. Microsoft is initially blaming unpatched, outsourced servers. Just another embarrassment to Microsoft's security push."
We all know microsoft doesn't trust windows to run its webservers!
They might steal all the old peoples' email passwords!
Please slashdot, you're not doing any justice by harping on Microsoft. Your bias is just disgusting. Why don't you post one of the 1,000,000 Linux defacements or break-ins that happen monthly?
And I know I'm posting Anonymously. I don't have an account nor do I care to create one at your site until you stop being the Fox Network equivalent for Tech News.
From Netcraft:
/ /www.msn.co.kr
Windows Server 2003
Microsoft-IIS/6.0 9-Dec-2004
http://toolbar.netcraft.com/site_report?url=http:
http://www.thebricktestament.com/the_law/when_to_
"CNN is reporting that MSN's Korean website was hacked in order to allow usernames and passwords to be stolen. Microsoft is initially blaming unpatched, outsourced servers. Just another embarrassment to Microsoft's security push."
Yes, Microsoft has a good deal of well-deserved bad karma. That you could consider this to be a failing of their software is ridiculous, though. If this is an embarassment to Microsoft, many Free, Open software packages of every sort, from Apache to Linux to OpenBSD to OpenSSH have been so embarassed.
I'm all for calling out Microsoft when they're (a) full of marketing bullshit, (b) way behind everyone else technically, and (c) playing dirty politics. They deserve to be criticized then. But this is simply a non-event. They had a website get cracked. Big deal. Heck, Sourceforge, the largest repository of Open Source software, has been cracked multiple times, if you want an Open Source counterpart.
Blame Microsoft when they deserve it, and your words will get more weight. If Oracle had run out and said that "Our database is hacker-proof", and the next day their website had been broken into and their database cracked, that would be a fair point to criticize someone. But simply "you had a website cracked" is no longer a big deal for most companies.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
Only old servers are unpatched.
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
I am sorry, Microsoft, but I don't give a damn that you outsourced your servers. The customer is buying your name and reputation when they buy your product. So, you may have saved money on the bottom line, but you have squandered trust the consumer had for you. At some point in the future, you will realize what a valuable commodity this was and how expensive it is to re-acquire.
"To those who are overly cautious, everything is impossible. "
"Microsoft said it cleaned the Web site, www.msn.co.kr, and removed the dangerous software code... "
I got $5 that says this translates to "formatted and reinstalled the OS..."
No unauthorized use. Trespassers will be shot. Survivors will be shot again.
It wasn't an overt defacement; very small iframe at the bottom of the main page that pointed to a seperate file on the same server. That file contained an tag with a src url of some other file in the same directory ending in .gif.
.gif obviously, but was a collection of IE client-side exploits to try to load a particular bit of malware.
Of course that file wasn't actually a
A quick google for that malware shows the other chinese sites that I found (hey, I think that's officially the first time I've made cnn). One was discussing it, the other appeared to be (intentionally or otherwise) loading it.