[ Thanks to stimpy for
this link. ]
“One week after Microsoft Corp. reported an intrusion into
its corporate networks, another hacker claimed to have penetrated
the company’s Web servers on Friday. The Dutch hacker, using the
alias ‘Dimitri,’ said that Microsoft failed to install a patch for
a known bug in its Internet Information Server (IIS) software, and
has not sufficiently secured its Web servers, he said in an
interview with the IDG News Service.”
“He gained access to several of Microsoft’s Web servers and was
able to upload a short text file, “Hack The planet,” boasting of
the hack to http://events.microsoft.com/, Dimitri said. He could
alter files on Microsoft’s download site, he said. “I could add
Trojan horses to software that MS customers download,” Dimitri
said.”
“Dimitri also claimed that he downloaded files containing
administrative user names and passwords to the server. The
encrypted files could be decoded with a tool called the L0ft crack,
he said, but added that he had not and would not decode them. … A
Microsoft spokesman confirmed that the hacker reached at least one
server, but said that Microsoft security personnel were rechecking
their servers for holes to patch.”