A world renowned security expert has found a problem with a subdomain of Microsoft’s MSN.com where simple operations lead to error messages from the server. Is this just an error on Microsoft’s part or a prelude to a cyber attack?
December 28, 2009 – Dr. Ali Jahangiri, a world-renowned security expert, has discovered a problem on Microsoft’s MSN.com website. As an expert on hacking and server vulnerabilities he is concerned about Microsoft’s response time in fixing this problem as well, as the possibility that this is a prelude or even the result of an attack on Microsoft’s website.
Discovered on Saturday 26, 2009 at around 5:00pm GMT, the problem is with MSN’s Arabia subdomain. MSN uses subdomains to provide localized content to different parts of the the world. There are MSN subdomains for the UK, France, India and so on. There is also a subdomain for Arabia at http://arabia.msn.com. The problem occurs when users of the site try to access Microsoft’s Bing search engine.
On other subdomains and the main MSN.com website, entering a search term into the Bing search box takes you to the Bing search engine and a page of results for the term entered. But on the Arabia site using Bing results in an error. The error comes in two parts, the general error is “You are not authorized to view this page” and the reason given for this is “Forbidden: IP address of the client has been rejected.”
Dr. Jahangiri, who is the author of Live Hacking – a comprehensive guide to hacking techniques and countermeasures for ethical hackers, has tried accessing Bing on http://arabia.msn.com from computers in the U.S., U.K., Canada and UAE and the same error is seen. This means that it isn’t a specific problem with just a few computers but all computers on the Internet.
Dr. Jahangiri is calling on Microsoft to fix this problem quickly but to also check their MSN Arabia website to ensure that it hasn’t been compromised and also to check for any other vulnerabilities in the web server configuration.