Industry Standard - The Dutch hacker who penetrated one of Microsoft Corp.'s Web servers last Friday has done it again, marking the third time in less than two weeks that the software vendor has had to confirm that its corporate network was successfully breached by outsiders.
A Microsoft Web server that redirects incoming traffic to another system was compromised Tuesday in much the same way it was last week. In the first incident, the hacker, whose alias is "Dimitri," took advantage of a known security hole in Microsoft's Internet Information Server (IIS) that the company had failed to plug even though it recently urged users to install an already-available patch (see story).
On Tuesday, Dimitri took credit for another incursion in which the Web server was defaced with a text file that read, "Patching your systems is very hard, huh?" Dimitri also complimented pop singer Britney Spears, who he claims is his idol, for a concert she performed last Saturday in the Netherlands.
Microsoft spokesman Adam Sohn confirmed the latest incident took place, but he said the hacked pages on the server weren't visible to regular users of the company's Web site. Only people privy to the specific Web address of the pages that Dimitri created could view them, Sohn said, adding that the hacker disseminated the URL to reporters and other hackers.
Microsoft's systems administrators "just don't bother securing their networks," Dimitri said when asked why he had broken into the Web server for a second time. "The only thing they did on Friday was remove the file I left [then]," the 19-year-old student added. "Basically, they lied about applying patches."
However, Sohn said the software giant remains unsure of exactly how the second hack was accomplished. The patch that's supposed to plug the IIS security hole was indeed installed after the initial incident last week, he added. Sohn couldn't say why the patch wasn't applied in the first place but claimed that the oversight was "certainly the exception, not the rule."
Sohn also downplayed the impact of Dimitri's hacking exploits, saying the victimized Web server is in semiretirement and is only being used to redirect traffic to a second system that stores information about upcoming Microsoft events. "It's an unfortunate and annoying occurrence," Sohn said.
But the two hacks by Dimitri came close on the heels of Microsoft's disclosure that it had been hit by a more serious month-long intrusion in which an attacker was able to view the source code for an unspecified future product (see story). That incident was
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
