Microsoft investigates Web attack

Microsoft's security record took a battering Monday when its New Zealand Web site was defaced group of cyber hooligans called "prime suspectz", leaving the world's largest software firm red-faced.

The company says it is investigating the breach and has notified the authorities in New Zealand.

The defacement posted to Microsoft's New Zealand homepage mocks the company's security record. "Another Micro$oft was hacked? Yes!! 'The vulnerability is completely theoretical' I don't think so!! security wuz broke'n!," it reads.

Paul Rogers, network security analyst with UK computer security company MIS Corporate Defence Solutions, says that, although this may be a fairly remote outpost for Microsoft, such lax security is unacceptable. "Typically this is what happens when a global security policy is in place, but isn't adhered to."

Rogers, among other experts, said the attack appeared to have been carried out by relatively unskilled hackers, sometimes called "script kiddies".

The site was powered by Microsoft's own IIS (Internet Information Services) Web serving software and Windows 2000 operating system. Rogers says there are many well-known vulnerabilities in IIS and says that the cybervandals may have used a commonly available tool to deface the site.

"We always take security very seriously, and investigate every single case," says a Microsoft spokeswoman in London.

In October last year, Microsoft suffered a security breach at its Redmond headquarters in which, according to initial reports, hackers stole secrets including the source code behind some of its products.

Is your PC safe? Find out at the Hackers News Special.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.