Newsletters Welcome, Guest Log In | Register
News:

Security

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Microsoft Sites Under Attack

Posted by Kara Reeder Apr 29, 2008 9:27:11 AM

Microsoft has found itself in the middle of a massive hacking attack, reports InformationWeek. Hundreds of thousands of Web pages using Microsoft IIS Web Server and Microsoft SQL Server have been compromised. The sites contain contain injected JavaScript that attempts to take advantage of known vulnerabilities.

 

Panda Security said it had previously notified Microsoft about a problem with its Internet Information Services, according to this Computerworld article. Microsoft even issued an advisory on April 17, but said it hadn't determined whether the site attacks were related to the advisory.

 

Now Microsoft denies that vulnerabilities in IIS are to blame and puts the responsibility on application developers. Jeremiah Grossman, CTO of White Hat Security, agrees with Microsoft. In this News.com piece, Grossman points out that any vendor could have been targeted with the attacks.

 

Last week, Earthlink made news when hackers used its servers to launch phishing attacks. Earthlink was offered up as an example of companies that have become so focused on money that they ignore basic programming techniques.

 

So what can you do to protect yourself? Security firm F-Secure advises IT administrators to block three domains associated with the SQL injection attacks: nmidahena.com, aspder.com, and nihaorr1.com. U.S. CERT says it would be a good idea to disable JavaScript and ActiveX, too, although Grossman says that's no guarantee. And if you're a developer, check out this "how to" from Microsoft on protecting against SQL injection.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Premium Tools

Browse

Six Sigma Framework for IT

This collection of tutorials, calculators, and templates will show you how to apply six sigma thinking to IT service management.

Learn more >

Social Media Policies Toolkit

Define the rules at your company for the proper use of social media platforms such as Blogs, Twitter, Facebook and Youtube. Ensure your users are spending their time productively and company resources are being used for the business.

Learn more >

Related Content

Browse

Topic: Cyber Crime

The drive has grown stronger to separate users from their data and, eventually, their money

Blog: McAfee Releases Q3 Report on Threats

Article: Social Engineering Testing: It Can Come at Any Time in Many Forms

White Paper: The Top Ten Insider Threats and How to Prevent Them

Related Topics

Microsoft, Microsoft SQL Server, Security Vendors, Vulnerabilities and Patches

Featured White Papers

Browse

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

Browse

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them