A hacker breached the Web site of Boot's, UK's largest chemist, and posted the 'Hacker's Manifesto' on the corporation's home page. Although Boot's maintains that sensitive data was not included on the site, the break-in exposes a flaw in Microsoft's Internet Information Server (IIS) 4.0, which will be a concern for thousands of website operators. According to Netcraft, which conducts monthly surveys into web server use, 19 per cent of the 4.1 million companies it questioned in October use IIS.
Boots is the latest in a line of websites running IIS 4.0 or 5.0 on NT 4.0 to have been hacked. According to attrition.org, NT was the most hacked system last year. Microsoft has said that some attacks occur because users didn't read their manuals properly, but more often are a case of administrators failing to patch newly found weaknesses before a hacker exploits them. Paul Rogers, network security analyst at MIS Corporate Defence Solutions, said: "The person responsible for security needs to get better information on how to update their software with the latest patches.
They either aren't subscribing to the right communication lists, or they don't know what they're doing."
The 58-line poem, written by "Mentor" and published previously, explains computer hacking in the context of teenage angst and alienation in the modern world. It also criticises the punishment of hackers: "Yes, I am a criminal. My crime is that of curiosity."