South Korean MSN site hacked
6/2/2005 10:11:05 PM, by Eric Bangeman
Microsoft is red-faced over the infiltration of its South Korea MSN site by hackers. Visitors to the site, www.msn.co.kr, ran the risk of having their passwords (and as a result, other personal information) stolen. According to Microsoft, security experts found some fishy-looking code added to the MSN site and contacted them on Tuesday. The company then removed the program and had the servers patched within hours of being informed.
Ah, server patches. A Microsoft spokesman said the hackers took advantage of a known flaw for which there is a fix. However, the company to which Microsoft subcontracts the operation of the South Korean MSN site failed to keep the server patched.
"Our preliminary opinion here was, this was the result of an unpatched operating system," [Microsoft spokesperson Adam] Sohn said. "When stuff is in our data center, it's easier to control. We're pretty maniacal about getting servers patched and keeping our customers safe and protected."
Indeed, none of the MSN sites operated by Microsoft were compromised, or are even vulnerable to that particular attack, according to Sohn. The hack also serves as a reminder of the importance of staying on top of patches, especially with gangs of hackers looking for easy targets. Still, the problem looks bad for a company that has promised to make security the priority. Having its web portal—which is the homepage for millions of surfers—hacked is a big embarrassment for Microsoft. I wouldn't be surprised if the competition (both server and portal) is laughing