Hacker Defaces Microsoft U.K. Web Page
- By Keith Ward
- June 29, 2007
A hacker managed a rare feat Wednesday, successfully attacking a Web page within Microsoft's U.K. domain and replacing the page with several graphics related to Saudi Arabia.
The hacked page was a U.K. events page here. It has since been fixed. According to the security site Zone-h, a SQL injection attack is the likely culprit.
"Most probably, the attacker exploited the site by means of SQL injection to insert the HTML code...in a field belonging to the table which gets read every time a new page is generated," Zone-h reported. This kind of attack would work on a page utilizing Microsoft's SQL Server.
The defaced page had three images: a child waving a green and white flag of Saudi Arabia; a woman with a green scarf over her face; and a standalone image of the Saudi Arabian flag. Beneath the flag is a message that reads "HACKED BY rEmOtEr."
A U.K.-based news site, The Register, quoted a Microsoft spokesperson as saying that although the attack was embarrassing, it didn't appear to be serious.
"There is no reason to believe customer data or any other sensitive information has been compromised," the Microsoft rep said.