• Skip to content
  • Skip to primary sidebar

Information Security Expert Blog

Dr. Ali Jahangiri

Archives for December 2009

After 3-days

December 31, 2009 By Ali Jahangiri

Microsoft fixed http://arabia.msn.com problem on Wednesday December 30, 2009. However, Microsoft did not inform public about the source of the problem and fixed it after three days without any explanation . I am not sure about Microsoft incident response procedure but 3-days is much longer than industrial standard!

Filed Under: Incident, Microsoft, News Tagged With: Opinion

Security Expert Finds Problem with Microsoft’s MSN.com

December 28, 2009 By Ali Jahangiri

A world renowned security expert has found a problem with a subdomain of Microsoft’s MSN.com where simple operations lead to error messages from the server. Is this just an error on Microsoft’s part or a prelude to a cyber attack?

December 28, 2009 – Dr. Ali Jahangiri, a world-renowned security expert, has discovered a problem on Microsoft’s MSN.com website. As an expert on hacking and server vulnerabilities he is concerned about Microsoft’s response time in fixing this problem as well, as the possibility that this is a prelude or even the result of an attack on Microsoft’s website.

Discovered on Saturday 26, 2009 at around 5:00pm GMT, the problem is with MSN’s Arabia subdomain. MSN uses subdomains to provide localized content to different parts of the the world. There are MSN subdomains for the UK, France, India and so on. There is also a subdomain for Arabia at http://arabia.msn.com. The problem occurs when users of the site try to access Microsoft’s Bing search engine.

On other subdomains and the main MSN.com website, entering a search term into the Bing search box takes you to the Bing search engine and a page of results for the term entered. But on the Arabia site using Bing results in an error. The error comes in two parts, the general error is “You are not authorized to view this page” and the reason given for this is “Forbidden: IP address of the client has been rejected.”

Dr. Jahangiri, who is the author of Live Hacking – a comprehensive guide to hacking techniques and countermeasures for ethical hackers, has tried accessing Bing on http://arabia.msn.com from computers in the U.S., U.K., Canada and UAE and the same error is seen. This means that it isn’t a specific problem with just a few computers but all computers on the Internet.

Dr. Jahangiri is calling on Microsoft to fix this problem quickly but to also check their MSN Arabia website to ensure that it hasn’t been compromised and also to check for any other vulnerabilities in the web server configuration.

Filed Under: Incident, Microsoft, News Tagged With: MSN Arabia

ISS Error Page at MSN.COM : Is it an attack?

December 26, 2009 By Ali Jahangiri

MSN Arabia gives Internet Information Services (IIS) error (HTTP Error 403.6 – Forbidden IP Address) while the users use Bing search engine.

The error discovered by Dr. Ali Jahangiri an information security expert while he tried to use Bing search engine at http://arabia.msn.com . Although, the error describe a rejection for a Forbidden IP Address but the test carried on with different IP addresses from different countries such as U.S., U.K., Canada and UAE.

The above mentioned error may occur due to misconfiguration or it could be the result of an attack to the Bing search engine at http://arabia.msn.com.

Figure 1: http://arabia.msn.com Main page with “this is a test” at the Bing Search Box.
Figure 2: The result of the search which is an IIS error.

Filed Under: Bing, IIS, Incident, Microsoft, Vulnerability

This Page & Changes

December 22, 2009 By Ali Jahangiri

I used to write on my  Amazon author page but Amazon Author Central is under development (beta version) and keeps only last three posts. Therefore I decided to have my blog on my own website to keep my posts and articles safe! In addition, there are some changes on my website to make it ready for 2010, I hope you enjoy it. Thank you for your comments!

Filed Under: General

New Distribution Channels

December 4, 2009 By Ali Jahangiri

LIVE HACKING will be available world-wide in less than four weeks. This will make LIVE HACKING available to a larger audience through more outlets including: retailers, bookstores, libraries, academic institutions, wholesalers, and distributors. The new distribution channels help to distribute LIVE HACKING to thousands of retail and wholesale outlets throughout the U.S. and world-wide.

Filed Under: Uncategorized Tagged With: Ethical Hacking, live hacking

My facebook Page

December 4, 2009 By Ali Jahangiri

I had received many requests from my students and colleagues to create a facebook page. Although, I was concerned about its security and other issues related to the social networking sites but I thought with a proper consideration that could happened. Please  click here to visit my facebook page.

Filed Under: General

Primary Sidebar

Recent Posts

  • Simple PHP Shell Script
  • MasterCard Australia: Untrusted SSL Certificate
  • How to Test Snort with Penetration Testing Tools
  • WordPress NextGEN Gallery Plugin; Directory Browsing Vulnerability
  • Koobface Gangs Investigative Report

Archives

Categories

Links

  • My Facebook Page
  • My Website
  • Privacy

RSS From LiveHacking.com

  • Nmap 7 Released!
  • Apple fixes security vulnerabilities in Safari, OS X, iOS and Apple TV
  • The OpenSSL project releases new versions of its software to squash 12 security vulnerabilities
  • FREAK vulnerability weakens secure Web sites
  • WP-Slimstat vulnerability exposes WordPress websites to SQL injection attacks
  • Google backpedals on its arbitrary vulnerability disclosure policy
  • Cross Site Scripting vulnerability found in IE 11
  • Apple updates iOS, OS X and Apple TV in monster patch release
  • Google discloses three more zero-day vulnerabilities, this time for OS X
  • Microsoft to fix Windows vulnerability that Google publicly disclosed last week

. Copyright 2007 - 2013 Information Security Expert Blog . All Rights Reserved .