| Microsoft: programming contest defaced, not hacked |
|
| by David M Williams | |
| Tuesday, 07 October 2008 | |
|
Page 2 of 3 The non-genuine submissions may have been removed by Microsoft, but the ghost of their presence lives on. The “top rated submissions” table which previously gave kudos to Ov3rLord and chums now gives top marks to three blank entries – the three spots once held by the now-deleted entries.Featured Whitepaper
5 Best Practices for Smartphone Support
Both posts were rendered literally, foiling attempts by their authors to inject executable code within the web page as displayed within a browser and as executed on the Microsoft web server. So that’s that; to Microsoft there is no story here; we simply have the case where some wannabes posted junk within a portion of the site that permitted user-submitted content. Mind you, the so-called hackers really needn’t have bothered; the site suffered several problems at the hands of Microsoft themself. Let me explain. First, as suggested, the contest submissions went through no moderation process. Any person could submit content of his or her own volition and have it appear immediately on a Microsoft web site, under the microsoft.com.au domain. Granted, it’s not a major trophy but the fact it could happen is a surprising omission on somebody’s part. Additionally, a problem with the site’s programming meant some submitted images did not display correctly. The lengthy, but correct, image URL http://devsta.microsoft.com.au/images/submissions/longguid.jpg showed as the even lengthier, and most definitely not correct, http://devsta.microsoft.com.au/images/ submissions/C:\inetpub\devsta.microsoft.com.au@80@443-2f\ wwwroot\images\submissions\longguid.jpg instead - with the folder path and name C:\inetpub\devsta.microsoft.com.au@80@443\wwwroot inadvertently inserted. This glitch has some ramifications. Even so, it's not the major flaw on the site. That is something else. CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
