Security is hard.

So the past few weks have been rough on Microsoft and on Adobe. First, a flaw in Microsoft SQL Server allows ASP sites to be compromised by a general SQL injection attack; then a flaw in the Adobe Flash player allows a miscreant to hijack the Web browsers of people with the Flash plugin installed.

In both cases, the vulnerabilities have been exploited to try to redirect surfers to a Web site at, which hosts a malicious script that tries to infect users’ computers with a virus.

That’s the old news.

The funny news–and believe me, I think this is fucking hysterical–is that one of the Web sites clobbered by the SQL injection attack is, a Web site that is “the independent voice of the Microsoft IT community.” It’s a pro-Microsoft, look-how-great-we-are “news” site that has been so massively infected that…


…well, if you Google it, Google gives you a “this site may harm your computer” warning.

Many of the infected Web pages are pages about computer security–or, at least, apologies for Microsoft products masquerading as articles on computer security.

I know, I know, the real assholes here are the hackers, but still…goddammit, I can’t stop laughing.