Hackers jam Microsoft's site

Hackers exploited a bug in Microsoft's (MSFT) server software, jamming the company's Web site since yesterday.

The hackers are apparently taking advantage of a bug in Windows NT 4.0 running Microsoft's Internet Information Server 3.0, in which the entire site is jammed by someone typing in a specific URL into a Web browser, according to Mike Nash, director of marketing for Windows NT server.

Hackers sent Microsoft an email at about 4 p.m. yesterday, Nash said. Microsoft engineers immediately developed a patch and said they would post it on their site today by 5 p.m., he added.

"Hackers made us aware of a problem that they had identified," Nash said. "It is possible to develop a URL--a string of characters in a browser--that could cause interruption of service on a Web server." (The site remained available through an alternative IP address.)

Someone identified as Todd Fast says on his site that he inadvertently discovered the bug "while examining the parameters of an URL Microsoft's Internet Information Server (IIS) would accept without an error."

"This is a hugely embarrassing bug for Microsoft in my opinion, particularly since they've just been lauded for pulling ahead of Netscape in the Web server market," Fast wrote. "Knowing that anyone with a grudge and a twitchy keyboard could shut down any of their customer's Web sites must bear horribly on their collective conscience."

Microsoft representatives originally said that the problem was caused by busy servers and that users should expect delays through the end of the month.

The problem was exacerbated by what Microsoft spokesman Adam Sohn called "phenomenal growth."

In other words, not everyone who tries to access the site will get onto it every time. The problem is compounded by Internet routing jams and individual jams at Internet service providers, Nash said.

Those who were able to get to the home page today were greeted with the following message: "We're upgrading; our apologies in advance due to growth...Over the next few weeks, some users may see some interruption in service. Read what's happening!"

The "Read what's happening" had a link, presumably to a story, but people had trouble getting to that link.

The outage and problems have angered some Web surfers who have been trying to get onto the pages. Some, who presumably did not yet know the cause of the outage, used the problems to criticize the company's Web server software. "Maybe they should have bought Linux," one reader sarcastically wrote to CNET's NEWS.COM.

"They have so many bugs in their software, so why use it?," said Ben Efros, a Webmaster who also wrote in. "Microsoft is just a large company going nowhere on the Internet."

But others came to the defense of Microsoft, saying that despite the bug, its server software was superior to others.