Hackers beat Microsoft - again

Microsoft this morning fell victim to hackers for the second time in just three days when attackers brought down the software giant's Slovenia website.

Security experts revealed to vnunet.com that the latest crack succeeded because Microsoft failed to follow basic procedures when patching its own systems.

"Our initial research suggests that it looks very much like they've [Microsoft] tried to apply too many patches at once and that only one has taken," said Matt Tomlinson, business development director at MIS Corporate Defence Solutions. "Not knowing how to patch your own kit, now that's embarrassing."

Originally defaced last Thursday in a pro-Linux rant by a hacker called Furia.br, the website was hit again today by a second hacker, Bolodorio.

Separately, last week saw Hewlett Packard's (HP's) Hong Kong website defaced with a cartoon depicting Bill Gates as half-angel, half-Satan by C1sco, part of a group calling themselves antihackerlink.

PSINet Hong Kong, the firm hosting HP's website, was running Microsoft's IIS 4.0a - a favourite target of hackers in recent weeks.

Security experts said both the attacks, which are not thought to have breached either companies' principal corporate networks, were possible because both firms had outsourced web hosting to local firms in an attempt to cut costs.

"Using local hosts is usually a marketing decision to try and capture more data and manage the cost of the websites as it is cheaper to go through local firms," said Tomlinson.

"However, business will have to review this policy. These attacks are a major slight to the credibility of computer firms like Microsoft and Hewlett Packard."