Security News > 2001 > January > Microsoft's NZ Website Hacked
http://aardvark.co.nz/daily/2001/0124.shtml 24 January 2001 Users of Microsoft's Internet server software ought to be a little more worried today. In the wee small hours of this morning, a hacker (or hackers) attacked the Microsoft NZ website, replacing the homepage with some of their own rather pointed comments about the security of Microsoft's products. The culprit was allegedly "Prime Suspectz" and the regular home-page was replaced with one that said "oh!! what's happened! Another Micro$oft was hacked?" "The vulnerability is completely teorical [sic]" The hack leaves further egg on the face of Microsoft, who suffered a similar breach of security related to their Microsoft.com site just a few months ago. After all -- if Microsoft can't keep it's own websites secure when running its own software -- what chance do regular users have? Microsoft was unable to comment on the hack this morning when contacted by Aardvark, but said that it would be making a statement about noon. Would you like a coke to go with that egg sir? [Microsoft's Offical Response...] http://aardvark.co.nz/pr2001/012401.htm 24 January 2001 Microsoft Responds to Security Issue Auckland, New Zealand - Wednesday, January 24, 2000 -- In a statement issued today, Microsoft New Zealand says the Microsoft Security Response Centre learnt early this morning that www.microsoft.co.nz had been defaced, and immediately began investigating this report. Microsoft New Zealand's Technical Manager, Richard Burte says the company is committed to keeping customers' information secure, and takes all reports sent to secure () microsoft com very seriously. "This breach exploits an already known security issue for which a patch exists. There was no customer data or Microsoft-sensitive data on the site," says Burte. "So far our investigations have indicated that the New Zealand Direct Access Web Site (www.microsoft.co.nz/directaccess) is the only Microsoft web site affected. This site is the only one hosted at www.microsoft.co.nz All our other sites are hosted off www.microsoft.com." The Direct Access web site www.microsoft.co.nz/directaccess is currently operated by a third party vendor located in New Zealand and is not part of the Microsoft corporate network. "The Direct Access web site cannot be used to gain access to the Microsoft corporate network or the main Microsoft web sites www.microsoft.com or www.microsoft.com/nz. We are currently working with our third party vendor to determine how the site was defaced and to restore the site to normal operation," says Burte. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".