LebGeeks

Chris

Member

Microsoft.uk Hacked

A hacker named rEmOtEr hacked Microsoft.uk, the attack was made via SQL Injection and the hacker recorded two videos showing the process of two different hacks.

"Roger Halbheer, chief security advisor for Microsoft in Europe, the Middle East and Africa admitted that the hack was successful and revealed that the whole event was unfortunate. According to Microsoft, no sensitive information was compromised in the attack. This is a clear indication that the hack was done for show, rather than to actually cause any harm. Another argument that supports such a scenario is the fact that rEmOtEr took time to document the hack in two separate video fragments. You will be able to watch for yourselves the live hacking via the two "remoter_vs_microsoft.avi" files.

The hack was possible mainly because of the fact that the database was allowed to return error messages explained Halbheer, as cited by InfoWorld. The attack was possible through a technique referred to as SQL injection. This fact is also confirmed by the hacker in the two videos that were made available. Via Structured Query Language injection rEmOtEr was able to gain access to the database. In the video fragments you will be able to see how easy the hacker obtains both usernames and passwords for the database. Working his way from error message to error message, rEmOtEr finally could switch from SQL queries with an unexpected form to direct instructions to the database."

I uploaded the videos on several file sharing services (in case some sites won't work for you -- 863 kB RAR archive only and extracts into 111 MB AVI files).
Its really funny and he makes it look so easy

Download from RapidShare
Download from SendSpace
Download from MegaUpload
Download from UnBase
Download from AxiFile
Download from Upitus

Enjoy ;)

Last edited by Chris (June 30 2007)

rolf

Member

Re: Microsoft.uk Hacked

cool

Chris

Member

Re: Microsoft.uk Hacked

Those punks should really work on security, imagine if someone would've messed with an update or something, all users would be screwed (of course those who bother to update ). On the other hand I would like to see someone screwing up an update

samer

Admin

Re: Microsoft.uk Hacked

I hope that internally they sign their binaries and do a CRC to prevent that.

WizaRd

Member

Re: Microsoft.uk Hacked

interesting

Chris

Member

Re: Microsoft.uk Hacked

Yup, Microsoft should hire every hacker on the planet, but again no hacker would want to work for them

Last edited by Chris (July 6 2007)

mezin

Member

Re: Microsoft.uk Hacked

what's so special about this hack ?

Chris

Member

Re: Microsoft.uk Hacked

Nothing, its actually nothing new, but it shows how weak Microsoft's security is.

mezin

Member

Re: Microsoft.uk Hacked

and you need that hack to know  ?

Chris

Member

Re: Microsoft.uk Hacked

Hehe not really
But its cool (^_^)