Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Window Security Site Defaced With Anti-XP Message

Window Security Site Defaced With Anti-XP Message

by Majik on October 26th, 2001 As Microsoft [NASDAQ:MSFT] Chairman Bill Gates was celebrating the release of Windows XP in New York today, Web vandals replaced the home page of Windowsecurity.com with a derogatory message about Redmond's new operating system.


The Windowsecurity.com site, registered to Enershield Window Film Services, has no connection to the big software firm. But attackers apparently thought it made a clever target for their message.





"There will never be any secure Windows OS!" said the page put up by a hacking group calling itself ConClaveCrew.





The defacement also included an obscene remark about Windows XP, and said "Gates is a control freak."





According to the Alldas defacement archive, Windowsecurity.com is running Microsoft's IIS 5 Webserver on Windows 2000, the forerunner to Windows XP.





Enershield representatives were not immediately available for comment. The Toronto company's main corporate site describes itself as a leading installer of window films that protect against glass breakage and ultraviolet rays.





A security consultant, who asked not to be identified, noted that the Windowsecurity.com site has not been patched against several security bugs in IIS exploited by the recent Nimda worm.





In addition, the Windows 2000 server had an unpatched version of the file transfer protocol (FTP) service running. The WAR-FTPD service is susceptible to a buffer overflow attack that can allow malicious users to run their own code on the system, according to the security expert.





What's more, the compromised server also had TCP port 445 open and accessible to anyone on the Internet, the expert said.





In August, a hacker told Newsbytes he was able to penetrate hundreds of machines on Microsoft's corporate network because they had improperly secured port 445, which is used by Windows 2000 for network file sharing.





At the time, Microsoft would not confirm or deny the intrusion. But Scott Culp, head of the company's security response team, acknowledged that Windows 2000 ships with port 445 open by default and does not require administrators to set a password.





In an attempt to harden security in Windows XP, the new operating system will disable file sharing if an administrator does not password protect port 445, Culp noted.





A mirror of the Windowsecurity.com defacement is here: http://defaced.alldas.de/mirror/2001/10/25/www.windowsecurity.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »