MS hacked once, twice, three, FOUR times

Prime Suspectz takes the IIS out of Microsoft


Notorious hacker Prime Suspectz has gone on a cracking spree against Microsoft servers that has resulted in the defacement of FOUR of the software giant's sites.

Three of the sites hit by the attack (all of which appear to be recently introduced, and under development) are currently inaccessible. A fourth, webcfeedback.msn.com, has been redefaced by hacker group Silver Lords with a protest against human rights abuses in Kashmir after being attacked earlier this morning by Prime Suspectz.

A record of Prime Suspectz's defacements has been recorded on defacement archive Alldas.de and can be seen here (click on arulk.rte.microsoft.com, feeds.mobile.msn.com and redsand.rte.microsoft.com to see the latest attacks). All the sites involved run Microsoft's IIS web server on a Windows platform and add to the lengthening list of the software giant's Web servers to fall victim to s'kiddies.

In the latest defacements, Prime Suspectz taunts Microsoft's Web administrators and brags of his hacking prowess.

"Prime Suspectz again! One, two, three, in only 30 minutes, As we can see, this server IIS is very good!! Micro$oft, where i find secure products made by you? WHERE?," he mocks.

The webcfeedback.msn.com defacement takes up the same theme: "Prime Suspectz is back micro$oft. + one for the collection when your security will go to improve? never hehehe! kisses adm gay!"

Mark Read, a security consultant at MIS Corporate Defence Solutions, said exploits of the recently announced ISAPI (Internet Server Application Programming Interface) bug in IIS were the most probable exploit used in the attack. However he added that since IIS is as full of holes as Swiss cheese other exploits like the Unicode bug couldn't be ruled out.

"Microsoft has released a patch for these exploits but hasn't applied it themselves," said Read. "All it takes is for a system admin to be down the pub when an alert comes out and remote sites, or those used for development, will end up unprotected." ®

External Links

Prime Suspectz defacements

Related Stories

MS confronts another IIS system-level hole (ISAPI bug)
Microsoft UK 0wn3d
Microsoft hacked in the Balkans
Microsoft Web site hacked in Kiwiland
Exploit devastates WinNT/2K security
How you hack into Microsoft: a step by step guide


Other stories you might like

  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading
  • In record year for vulnerabilities, Microsoft actually had fewer
    Occasional gaping hole and overprivileged users still blight the Beast of Redmond

    Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.

    Figures from the National Vulnerability Database (NVD) of the US National Institute of Standards and Technology (NIST) show last year broke all records for security vulnerabilities. By December, according to pentester Redscan, 18,439 were recorded. That's an average of more than 50 flaws a day.

    However just 1,212 vulnerabilities were reported in Microsoft products last year, said BeyondTrust, a 5 percent drop on the previous year. In addition, critical vulnerabilities in the software (those with a CVSS score of 9 or more) plunged 47 percent, with the drop in Windows Server specifically down 50 percent. There was bad news for Internet Explorer and Edge vulnerabilities, though: they were up 280 percent on the prior year, with 349 flaws spotted in 2021.

    Continue reading

Biting the hand that feeds IT © 1998–2022