Microsoft's World Wide Web site has been the target of hackers twice in two weeks.
On June 30, the site www.microsoft.com/ was attacked by an unknown hacker who caused the site to be periodically inaccessible to the one million users Microsoft says access it every day.
The hacker disabled the site through a bug present in Microsoft's NT and Windows 95 operating systems, activated by sending a packet whose header - which provides details about the packet to follow - is different from the data actually contained in the packet, said Mike Nash, director of marketing for Windows NT server and infrastructure products at Microsoft.
According to Nash, the likelihood is very small that a packet's header could inadvertently misidentify the packet's data. "This is about someone explicitly writing a program to bring down a server," he said.
Moreover, on Sunday night June 29, Microsoft received e-mail from an unidentified person who mentioned the bug, Nash said. It is unknown whether this person then launched the attack the following day or whether another person, through a news group or elsewhere, read of the bug and hacked the site on his or her own, Nash said. A fix for the problem was expected to be available on Microsoft's site shortly after the attack.
This attack comes on the heels of a June 20 incident in which Microsoft.com was made to "pause" by a hacker who discovered that typing "www.microsoft.com/" followed by a very long URL into a browser could slow the system down, Nash said. In this case the hacker submitted an 8000-character URL, he said. A fix for that bug was up within 25 hours of its discovery, Nash maintained.
Microsoft has been upgrading the eight-to-10 servers which power Microsoft.com, which may have increased the site's vulnerability to some kinds of attack, according to Nash. For example, as the Redmond, Washington-based company prepares its two mirror sites, in London and Tokyo, each US-based server has come offline for up-grades, possibly making the site more susceptible to pauses and slow downs, he said.
Also contributing to the vulnerability to slow downs is the popularity of the site, whose one million daily users, double from six months ago, account for 80 million page hits per day, Nash said.
"Frankly, we didn't build the servers up from a hardware perspective as quickly as we should have," he said. "I don't think we anticipated the load."