Language Selection

English French German Italian Portuguese Spanish

MSN site hacking went undetected for days

Filed under
Microsoft
Web

Password-stealing software planted by hackers was active on Microsoft's popular MSN Web site in South Korea for days before the world's largest software company learned about the break-in and removed the computer code.

Police investigators and Microsoft specialists are continuing to search for clues to the culprits behind this week's high-profile computer break-in. More details emerged Friday about the hacking, which targeted subscribers of an online game called "Lineage" that is popular in Asia.

Microsoft Corp. said it had cleaned the Web site, www.msn.co.kr, and removed the software code that had been planted on its news page. It said another company that operates the MSN Korea site apparently failed to apply necessary software patches, leaving its server computers vulnerable.

Security researchers at San Diego-based Websense Inc. discovered the break-in late Sunday during routine scans it makes against more than 250 million Web sites each week looking for sources of viruses and other infections.

A previous inspection by Websense of the MSN Korea site the evening of May 27 did not detect the dangerous software.

"Our alarms went off (Sunday). We noticed it was infected," said Dan Hubbard, its senior security director.

Hubbard said Websense researchers investigated further and quickly updated protective software to keep its own corporate customers safe. It did not successfully reach Microsoft officials to warn them about the break-in until midday Tuesday, a day after the Memorial Day holiday weekend.

Microsoft said it removed the password-stealing software from the MSN site hours later.

The chronology suggests the hackers could have harvested stolen passwords from visitors to the MSN site for up to three days. But their target -- passwords to game accounts -- lessened the significance of the break-in since the hacker software appeared not to collect any network or banking passwords.

The Lineage game and its successor boast more than 4 million subscribers, mostly in Asia, who pay about $15 each month, said Mike Crouch, a spokesman for the U.S. subsidiary of South Korea-based NCSoft Corp. Crouch said he was unaware of any significant increase in complaints by subscribers about stolen passwords tied to the Microsoft break-in.

South Korea is a leader in high-speed Internet users worldwide. Microsoft's MSN Web properties -- which offer news, financial advice, car- and home-buying information and more -- are among the most popular across the Web.

A Microsoft spokesman, Adam Sohn, said the company was confident its English-language Web sites were not vulnerable to the same type of attack.

Microsoft shares fell 36 cents to close at $25.43 on the Nasdaq Stock Market. They have traded in a range of $23.82 to $30.70 over the past 52 weeks.

Associated Press

More in Tux Machines

AMD Threadripper 1950X on Linux

KDE: Plasma Mobile in Randa, Calligra Suite Rant, Kubuntu Updates

  • Plasma Mobile in Randa(aaaaaaaa)
    Last week I had a chance to attend the Randa meetings 2017, my plan was to work on the Plasma Mobile during the sprint, improve the state of current images.
  • Progress On KDE Plasma Mobile From Randa 2017
    KDE contributor Bhushan Shah has shared some highlights of Plasma Mobile progress made from this year's Randa Meetings in Switzerland. At this annual KDE developer event in the Swiss mountains, some of the Plasma Mobile advancements worked on or reviewed included: - Plasma Mobile images are now being assembled by the KDE Neon build system rather than the Plasma Mobile CI.
  • Calligra Suite does not suit me
    It pains me to say so, but the split from KOffice to Calligra has given this program only a temporary infusion of hope, and looking back at my 2013 trial, it's not made any progress since. On the contrary. Calligra Suite is slow, difficult to use, and it comes with less than ideal file format support. My conclusion here is much the same regarding different Linux software, be it distros or desktop environments. 90% of it just shouldn't exist, and the effort must be focused on just one or two select programs with the highest quality and chance of making it big. The infinite forking doesn't do anyone any good. Calligra Suite has the potential, but it's far, far from realizing it, and the world of Plasma has left it behind. The interface split is bad, too much equity is taken by a confusing maze of options, the performance is dreadful, the stability flaky, and the rest does not scale or compare against LibreOffice, let alone Microsoft Office. I wish my findings were different, but it cannot be. Ah well. Like so many other flowers of the open-source world, this one must wilt. I'll keep an eye, but I doubt there is ever going to be enough focus or love to make Calligra into a serious competitor. Dedoimedo's sad prose out.
  • Plasma 5.11 beta available in unofficial PPA for testing on Artful
    Adventurous users and developers running the Artful development release can now also test the beta version of Plasma 5.11. This is experimental and can possibly kill kittens!
  • Kubuntu: Writing Japanese (Kanji, Hiragana, Katakana) Easily
    On Kubuntu system, we can write Japanese easily using Fcitx-Mozc tool! This awesome tool eases you with word-suggestions popup on-the-fly, with ability to switch between Kanji-Hiragana-Katakana-ASCII as simple as one click. It's very well integrated to the whole screens inside KDE Plasma desktop, enables you to write Japanese in Firefox browser, LibreOffice, Kate text editor, and even Konsole terminal.

Red Hat and Fedora: AnsibleFest SF 2017, So-called 'Open Organisation', and Pipewire

  • AnsibleFest SF 2017
    AnsibleFest was amazing, it always is. This has been my Third one and it's always one that I look forward to attending. The Ansible Events Team does an absolutely stellar job of putting things together and I'm extremely happy I was not only able to attend but that I was accepted as a speaker.
  • The eye-opening power of cultural difference
    Inclusivity is the quality of an open organization that allows and encourages people to join the organization and feel a connection to it. Practices aimed at enhancing inclusivity are typically those that welcome new participants to the organization and create an environment that makes them want to stay. When we talk about inclusivity, we should clarify something: Being "inclusive" is not the same as being "diverse." Diversity is a product of inclusivity; you need to create an inclusive community in order to become a diverse one, not the other way around. The degree to which your open organization is inclusive determines how it adapts to, responds to, and embraces diversity in order to improve itself. Interestingly enough, the best way to know which organizational changes will make your group more inclusive is to interact with the people you want to join your community.
  • Red Hat (RHT) PT Raised to $120 at Barclays Into Q2 Print
  • Barclays Holds To Rating And Raises Price Target On Red Hat, Inc. (RHT)
  • Red Hat, Inc. (NYSE:RHT) Volatility in Focus
  • Share Activity Lifted for Red Hat Inc (RHT) in Session
  • Red Hat Formally Rolls Out Pipewire For Being The "Video Equivalent of PulseAudio"
    Red Hat has quietly been working on PipeWire for years that is like the "video equivalent of PulseAudio" while now it's ready to make its initial debut in Fedora 27 and the project now has an official website. Pipewire has been talked about a few times in recent months while Red Hat's Christian Schaller wrote a blog post today about Launching Pipewire!

Ubuntu: Applications Survey, Mir support for Wayland, Canonical OpenStack Pike and Bright Computing

  • Results of the Ubuntu Desktop Applications Survey
    I had the distinct honor to deliver the closing keynote of the UbuCon Europe conference in Paris a few weeks ago. First off -- what a beautiful conference and venue! Kudos to the organizers who really put together a truly remarkable event. And many thanks to the gentleman (Elias?) who brought me a bottle of his family's favorite champagne, as a gift on Day 2 :-) I should give more talks in France!
  • Mir support for Wayland
    I’ve seen some confusion about how Mir is supporting Wayland clients on the Phoronix forums . What we are doing is teaching the Mir server library to talk Wayland in addition to its original client-server protocol. That’s analogous to me learning to speak another language (such as Dutch). This is not anything like XMir or XWayland. Those are both implementations of an X11 server as a client of a Mir or Wayland. (Xmir is a client of a Mir server or and XWayland is a client of a Wayland server.) They both introduce a third process that acts as a “translator” between the client and server.
  • Mir 1.0 Still Planned For Ubuntu 17.10, Wayland Support Focus
    Following our reporting of Mir picking up initial support for Wayland clients, Mir developer Alan Griffiths at Canonical has further clarified the Wayland client support. It also appears they are still planning to get Mir 1.0 released in time for Ubuntu 17.10.
  • Webinar: OpenStack Pike is here, what’s new?
    Sign up for our new webinar about the Canonical OpenStack Pike release. Join us to learn about the new features and how to upgrade from Ocata to Pike using OpenStack Charms.
  • Bright Computing Announces Support for Ubuntu
    right Computing, a global leader in cluster and cloud infrastructure automation software, today announced the general availability of Bright Cluster Manager 8.0 with Ubuntu. With this integration, organizations can run Bright Cluster Manager Version 8.0 on top of Ubuntu, to easily build, provision, monitor and manage Ubuntu high performance clusters from a single point of control, in both on-premises and cloud-based environments.