Microsoft Web Site Cracked!

[mea culpa <jericho () DIMENSIONAL COM>]

[Moderator: It is interesting to note that sites like Wired,
 ABC News and dozens of others are not giving credit to sites
 like HackerNews Network with stories like this. They show
 professional courtesy to other major news organizatinos, but
 apparently don't consider HNN and like sites "legitimate".
 One day I hope they realize that these sites have driven the
 industry on hacker and security news.]


http://www.wired.com/news/technology/0,1282,32142,00.html

4:00 p.m. 26.Oct.99.PDT
Microsoft Web site cracked! For first time ever, a Microsoft site
defaced!

Says so right there in Tuesday's tech media [36]headlines.

Well, sort of. Not really, said Microsoft.

"No part of the Web presence of Microsoft was compromised," said spokesman
Adam Sohn. "There's no new vulnerability here."

Then how to explain the message, "flipz was here and f0bic, your seksi
voice helped me through the night heh. Save the world. Kill Bill," that
appeared on a Microsoft's "Conference Management Server"  Web site?

The answer, according to Microsoft, is that the site was indeed cracked.
But it belonged to a lone Microsoft engineer's "test box," a standalone
Web server the engineer used to test code. The server was not connected to
either Microsoft.com or MSN.com or the Microsoft Intranet.

There are many such standalone servers, said Sohn, all of them outside the
corporate Web ring.

"Obviously, this one was not properly patched," said Sohn. "The guy who
put up the site, while he obviously knows a lot about information
technology, probably wasn't paying too much attention" to security.
Nothing was compromised, said Sohn.

So, properly speaking, fortress Microsoft.com remains unbreached -- at
least by Web site spoofers. It's not for lack of trying, said a
weary-sounding Sohn.

"People are banging on us constantly, all day, everyday from everywhere
around the world."

ISN is sponsored by Security-Focus.COM