Language Selection

English French German Italian Portuguese Spanish

M$ Says MSN Site Hacked in S. Korea

Filed under
Microsoft

Microsoft acknowledged Thursday that hackers booby-trapped its popular MSN Web site in South Korea to try to steal passwords from visitors. The company said it was unclear how many Internet users might have been victimized.

Microsoft said it cleaned the Web site, www.msn.co.kr, and removed the dangerous software code that unknown hackers had added earlier this week. A spokesman, Adam Sohn, said Microsoft was confident its English-language Web sites were not vulnerable to the same type of attack.

South Korea is a leader in high-speed Internet users worldwide. Microsoft’s MSN Web properties — which offer news, financial advice, car- and home-buying information and more — are among the most popular across the Web.

The affected Microsoft site in South Korea offers news and other information plus links to the company’s free e-mail and search services. Its English-language equivalent is the default home Internet page for the newest versions of its flagship Windows software sold in the United States.

The Korean site, unlike U.S. versions, was operated by another company Microsoft did not identify. Microsoft’s own experts and Korean police authorities were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches, said Sohn, an MSN director.

“Our preliminary opinion here was, this was the result of an unpatched operating system,” Sohn said. “When stuff is in our data center, it’s easier to control. We’re pretty maniacal about getting servers patched and keeping our customers safe and protected.”

Microsoft’s acknowledgment of the hacking incident was the latest embarrassment for the world’s largest software company, which has spent hundreds of millions of dollars to improve security and promote consumer confidence in its products.

Security researchers noticed the suspicious programming added to the Korean site and contacted the company Tuesday. Microsoft traced the problem and removed the hacked computers within hours, Sohn said, but it doesn’t yet know how long the dangerous programming was present.

In recent days no customers have reported problems stemming from visits to the Web site, Sohn said.

The hacker program scanned visitors’ computers and tried to activate password-stealing software that was found separately to exist on some hacked Chinese Web sites.

Microsoft said it was trying to decide whether to issue a broad public warning to recent visitors of the Korean site as it examines its own records to attempt to trace anyone who might have been victimized.

© 2005 The Associated Press.

More in Tux Machines

Critical Live Boot Bug Fixed and Ubuntu 18.04 is Finally Released

A critical bug in live boot session delayed Ubuntu 18.04 LTS release for several hours. The bug has been fixed and the ISO are available to download. Read more

Nintendo Switch hack + Dolphin Emulator could bring GameCube and Wii game support

This week security researchers released details about a vulnerability affecting NVIDIA Tegra X1 processors that makes it possible to bypass secure boot and run unverified code on some devices… including every Nintendo Switch game console that’s shipped to date. Among other things, this opens the door for running modified versions of Nintendo’s firmware, or alternate operating systems such as a GNU/Linux distribution. And if you can run Linux… you can also run Linux applications. Now it looks like one of those applications could be the Dolphin emulator, which lets you play Nintendo GameCube and Wii games on a computer or other supported devices. Read more

Openwashing Leftovers

Linux Foundation: New Members, Cloud Foundry, and Embedded Linux Conference + OpenIoT Summit

  • 41 Organizations Join The Linux Foundation to Support Open Source Communities With Infrastructure and Resources
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 28 Silver members and 13 Associate members. Linux Foundation members help support development of the shared technology resources, while accelerating their own innovation through open source leadership and participation. Linux Foundation member contributions help provide the infrastructure and resources that enable the world's largest open collaboration communities.
  • Cloud Foundry for Developers: Architecture
    Back in the olden days, provisioning and managing IT stacks was complex, time-consuming, and error-prone. Getting the resources to do your job could take weeks or months. Infrastructure-as-a-Service (IaaS) was the first major step in automating IT stacks, and introduced the self-service provisioning and configuration model. VMware and Amazon were among the largest early developers and service providers. Platform-as-a-Service (PaaS) adds the layer to IaaS that provides application development and management. Cloud Foundry is for building Platform as a Service (PaaS) projects, which bundle servers, networks, storage, operating systems, middleware, databases, and development tools into scalable, centrally-managed hardware and software stacks. That is a lot of work to do manually, so it takes a lot of software to automate it.
  • Jonathan Corbet on Linux Kernel Contributions, Community, and Core Needs
    At the recent Embedded Linux Conference + OpenIoT Summit, I sat down with Jonathan Corbet, the founder and editor-in-chief of LWN to discuss a wide range of topics, including the annual Linux kernel report. The annual Linux Kernel Development Report, released by The Linux Foundation is the evolution of work Corbet and Greg Kroah-Hartman had been doing independently for years. The goal of the report is to document various facets of kernel development, such as who is doing the work, what is the pace of the work, and which companies are supporting the work.