Bugtraq mailing list archives
http://www.news.com/News/Item/0,4,11759,00.html
From: aleph1 () DFW NET (Aleph One)
Date: Fri, 20 Jun 1997 17:08:16 -0500
Hackers jam Microsoft's site By Janet Kornblum June 20, 1997, 2 p.m. PT update Hackers exploited a bug in Microsoft's (MSFT) server software, jamming the company's Web site since yesterday. The hackers are apparently exploiting a bug in Windows NT 4.0 running Microsoft's Internet Information Server version 3.0, in which the entire site is jammed by someone typing in a specific URL into a Web browser, according to Mike Nash, director of marketing for Windows NT server. Hackers sent Microsoft an email at about 4 p.m. yesterday, Nash said. Microsoft engineers immediately developed a patch and are posting it on their own site today. The patch will be ready by 5 p.m., he added. "Hackers made us aware of a problem that they had identified," Nash said. "It is possible to develop a URL--a string of characters in a browser--that could cause interruption of service on a Web server." Someone identified as Todd Fast says on his site that he inadvertently discovered the bug "while examining the parameters of an URL Microsoft's Internet Information Server (IIS) would accept without an error." "This is a hugely embarrassing bug for Microsoft in my opinion, particularly since they've just been lauded for pulling ahead of Netscape in Web server market," Fast wrote. "Knowing that anyone with a grudge and a twitchy keyboard could shut down any of their customer's Web sites must bear horribly on their collective conscience." Microsoft representatives originally said that the problem was caused by busy servers and that users should expect delays through the end of the month. The problem was exacerbated by what Microsoft spokesman Adam Sohn called "phenomenal growth." In other words, not everyone who tries to access the site will get onto it every time. The problem is compounded by Internet routing jams and individual jams at Internet service providers, Nash said. Those who were able to get to the home page today were greeted with the following message: "We're upgrading; our apologies in advance due to growth...Over the next few weeks, some users may see some interruption in service. Read what's happening!" The "Read what's happening" had a link, presumably to a story, but people had trouble getting to that link. The outage and problems have angered some Web surfers who have been trying to get onto the pages. Some, who presumably did not yet know the cause of the outage, used the problems to criticize the company's Web server software. "Maybe they should have bought Linux," one reader sarcastically wrote to CNET's NEWS.COM. "They have so many bugs in their software, so why use it?," said Ben Efros, a Webmaster who also wrote in. "Microsoft is just a large company going nowhere on the Internet. But others came to the defense of Microsoft, saying its software is better than Linux.
Current thread:
- Re: Netscape Admin Servers /tmp/deamonstat Matthew Archibald (Jun 17)
- Re: Netscape Admin Servers /tmp/deamonstat Joe Zbiciak (Jun 17)
- Solaris 2.5.1 party piece Alan Cox (Jun 19)
- Core file anomalies under BSDi 3.0 Nir Soffer (Jun 19)
- Re: Core file anomalies under BSDi 3.0 Theo de Raadt (Jun 20)
- Re: Core file anomalies under BSDi 3.0 Ariel Biener (Jun 20)
- http://www.news.com/News/Item/0,4,11759,00.html Aleph One (Jun 20)
- Re: http://www.news.com/News/Item/0,4,11759,00.html Raymond Dijkxhoorn (Jun 21)
- Re: Core file anomalies under BSDi 3.0 Stacey Son (Jun 20)
- Core file anomalies under BSDi 3.0 Nir Soffer (Jun 19)
- /cgi-bin/handler - more notes Razvan Dragomirescu (Jun 19)
- Re: Solaris 2.5.1 party piece Doug Hughes (Jun 19)
- Re: Solaris 2.5.1 party piece Bojan Zdrnja (Jun 20)
- Re: Solaris 2.5.1 party piece Joe Gross (Jun 20)
- <Possible follow-ups>
- Re: Netscape Admin Servers /tmp/deamonstat Corinne Posse (Jun 17)
- Re: Netscape Admin Servers /tmp/deamonstat Valdis.Kletnieks () VT EDU (Jun 18)
- Re: your mail J. Joseph Max Katz (Jun 18)
- Re: your mail yeti (Jun 19)
- Re: Netscape Admin Servers /tmp/deamonstat Valdis.Kletnieks () VT EDU (Jun 18)