Microsoft.com Hacked and Defaced

[Lee]

Yep it was done. See .png

 

[Glaanieboy]

They already removed the page

 

[Mainframeguy]

see it was a .uk page though - yet the hackers seem like they may be non-UK? Ayone googled or know of this wolfgroup? Seems slightly lame to me - wonder if they reported to MS their methods to help improve security? Or what else they did? Did MS react and how.... HMMmmm may google a moment but really SHOULD be doing other things

[EDIT] see here Also noticed that if you google on outlaw group wolfblack this is not the top hit - top hit is the MS page they had to fix at present - so MS missed a bit of cleaning up there maybe? .... I did look a little further too, they're a brazilian outfit and I am not posting any more links because they start to go into areas th emods would definitely not appreciate [/EDIT]

 

[Geffy]

its not Microsoft.com site its the MSPress one

 

[SPeedY_B]

its not Microsoft.com site its the MSPress one

running on Microsoft.com ...

 

[Graebob]

bleh. I hate hacks where people just put their name on something in spazz form. Less harmful than an aggressive attack though I suppose, and probably what I would go given the necessary tools and knowledge (and possibly inclination )

 

[Mainframeguy]

^^ AWwww c'mon, I agree with you and believe that even you (given time and inclination) could come up with something mildly witty and spoof like - maybe a link and something enticeful like a banner promising some free M$ software or something? Just don't link to OSNN unless you want a banning I guess? *runs*

I think these guys were probably slightly A juvenille and B linguistically challenged maybe?

 

[Xie]

haha lame hack but a hack none the less ... better hope they didn't make any mistakes as M$ has the resources to find them if so.

 

[Lee]

some info, maybe I thought you knew what and who they are, but no-one posted a site, I waited all day so here we go.

Example, defaced.

http://www.zone-h.org/defaced/2004/05/03/cachacataio.com.br/


http://outlawgroup.cjb.net

 

[Mainframeguy]

read again Lee (post 3!)

...but no-one posted a site, ...

you will see I posted your first and I was aware of your second and others - but thought better of posting.... Although I did say they were indeed Brazillian... Surprised you missed it if you were on the lookout

 

[Lee]

you know me as dyslexic as the next person. duh@me.

 

[tdinc]

some info, maybe I thought you knew what and who they are, but no-one posted a site, I waited all day so here we go.

Example, defaced.

http://www.zone-h.org/defaced/2004/05/03/cachacataio.com.br/


http://outlawgroup.cjb.net

To all OSNN members, PLEASED BE ADVISED that if you enter "www.zone-h.org"
the following port and ip addy '10.0.0.201' (113)) can be scanned...by who? I don't know just be careful. My Honeypot server picked up this scan

update: attacker using SMTP Extensions (EHLO) DOD attack. multiple pings

 

[Xie]

Yeah no need for a HTTP site to need an ident request/reply. Probably never a good idea to visit a cracker site.

-edit- Also don't think thats a internet routeable ip

 

[SPeedY_B]

10.0.... are internal network IP's are they not?

 

[NetRyder]

10.0.... are internal network IP's are they not?

Yes, according to the IANA specs, the 10.0.0.x range is supposed to be internal LAN IPs.

 

[tdinc]

all i know is that i was getting port attacked while visiting that site. I'm in the process
of contacting the web admin.

 

[sean.ferguson]

someone could just be spoofing the IP

 

[Xie]

someone could just be spoofing the IP

thats what I was getting at or maybe a sploit?

 

[allbusiness]

hahaha, I visited those websites on a school computer and 2 and a half hours later our entire network went down.

COINCIDENCE? I THINK NOT!

 

[Lee]

You naughty boy/girl, write me 1000 lines,

''I will not surf defaced websites and I promise to eat my greens''.