No doubt the clever person who invaded the MS UK Web Site will be offered employment for their fine efforts and then they'll all live incestuosly "happily ever after".

Yeah, I'm sure that's how these things are happend--This is an indication of poor programming and security levels.

As always, the OS that is on a majority of servers or home users PC's is under attack constantly. If Mac OS or Linux were a majority on servers or home PC's they would be under constant attack also.

So the majority of internet web "SERVERS" run LAMP (Linux, Apache, MySQL, PHP), and have a lower number of security incidents then WIMPA (Windows, IIS, MSSQL, PHP, ASP) has no bearing on this?

Yes LAMP servers do get hacked, yes the majority of internet facing web servers are LAMP servers, and yes LAMP servers get hacked "less" then a WIMPA server despite having a larger install base.

Windows is on the majority of home computers, but this topic isn't about home computers.

What a completely wacko statement indicative of someone who understands neither OS design nor SQL injection.

This is an indication of poor programming and security practices.

SQL injection is a fundamental attack and one of the most simple to harden a system against.

Dude, LAMP WON'T make headline. Only time when they make headline is when someone company like DELL or HP start including them with their system.

I don't remember when was the last time I read something about LAMP without a big next on the same sentence.

"SQL injection is a fundamental attack and one of the most simple to harden a system against."

Really? Then why are there so many patches to fix SQL vulnerabilities in *nix OSes as well as Microsoft's?

"It also said it was in contact with the third party which hosts the UK Web site to improve the security and prevent similar attacks from occurring. It is not known whether the database that was hacked was Microsoft's, although Zone-H speculated that it was MS SQL Server."

Figured that...MS may not have impenetrable servers here in the states, but they definately have enough oversight to notice little things before they get through...they'd of shut out the user's ip address from accessing it before they could have changed the site had it been on Microsoft's servers here in the states...IMO, anyway.

IIS.. hahahaha... whew. .. .. .

IIS.. ohh hahahah ha.. ha ha.. oh boy.. wheew..

IIS.. oh ohh hahahahaha ...whoo hooo hoo. ahhh.

Man no matter how many times I hear that joke, it always makes me laugh.

Moral of the story:

Smoke less pot, and keep up on your server security (regardless of what platforms you use).

I hate when people call these SQL flaws. This is just simple SQL injection caused by people not validating input correctly. If you shoot yourself in the foot its not a flaw in the gun or your shoe, its actually the user of the gun.

Well said. Yet because it's MS site, people start to blame IIS & SQL Server.

Having said that, MS should have conducted thorough penetration testing across all its websites. Otherwise people will never take them seriously.

Apparently it wasn't Microsoft's direct oversight--remember these servers are hosted by a third party company?

Microsoft.com's servers here in the US used to run off of conxion.com, but they haven't been hacked--at least not that I recall--since they were directly hosted by Microsoft themselves.

"Unfortunately, these things happen." ... to sites that run IIS or use weak passwords.

Yeah, I'm sure that's how it was hacked--Microsoft always uses simple passwords because they only employ ignorant morons for security-- hence their insignificant market share (/end sarcasm)