homepage Welcome to WebmasterWorld Guest from 54.234.59.94
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Beta site cracked... already!
creative craig




msg:295542
 8:37 am on Oct 17, 2002 (gmt 0)

Another one in the bag for the blackhats!

[theregister.co.uk...]

 

volatilegx




msg:295543
 3:28 pm on Oct 17, 2002 (gmt 0)

I know it's "wrong" but I love it when Microsoft is embarrassed with things like this. Maybe it will force them to take security more seriously in the future, and maybe that attitude will bleed over a little into their retail products.

lorax




msg:295544
 5:27 pm on Oct 17, 2002 (gmt 0)

It's not just MS (sadly). I heard about a linux box was put up not to long ago to demonstrate the server's security as it had been optimized to prevent hacking. It took only 15 minutes before the hackers had Root.

Xoc




msg:295545
 5:49 pm on Oct 17, 2002 (gmt 0)

I heard this story about the Windows 2000 beta at a conference. Microsoft put a box on the web and said "Try to find bugs/security holes in this." The /. crowd hammered on it. Then someone posted, "What are we doing? We're helping Microsoft!"

So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

bird




msg:295546
 7:10 pm on Oct 17, 2002 (gmt 0)

Lorax, do you have a reference for that one?

lorax




msg:295547
 7:42 pm on Oct 18, 2002 (gmt 0)

bird, I'll ask my co-worker for the info since he's the one who told me. He's big into security stuff and read it on some discussion board I believe. I'll get back to you next week unless he decides to check his email this weekend!

fathom




msg:295548
 7:45 pm on Oct 18, 2002 (gmt 0)

So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

Seems like an ego thing... at both ends! :)

miles




msg:295549
 8:45 pm on Oct 18, 2002 (gmt 0)

Why dont these companies hire hackers crack the system and then fix the problem before release?

mivox




msg:295550
 8:48 pm on Oct 18, 2002 (gmt 0)

If they leave it to be discovered after release, they don't have to pay the hackers a salary to do it.

miles




msg:295551
 8:53 pm on Oct 18, 2002 (gmt 0)

I guess putting out a product with holes is a good thing. I know a guy whos been fighting hackers for 3 weeks, hes about ready to pop. Well mivox you have a point. If the company puts it out and the hackers have their way with it, then the company will learn the holes. The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around. Customer support will be on the line all times of day, so either way you cut it you will spend money.

mivox




msg:295552
 9:24 pm on Oct 18, 2002 (gmt 0)

The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around.

Well, that would be the nice way to go about it... but I guarantee a company like Microsoft would have to pay most self-respecting hackers a lot more money to "come to the dark side" and help them QA their products than they have to pay a wage-slave phone support "tech."

Phone support is a high turn-over cr@p job that pays garbage... like the McDonalds job of the tech industry. A good security expert would be a premium employee, who'd have to get paid enough to drown out the little voice in the back of his head whispering, "sell out!" whenever he tried to sleep. ;)

lorax




msg:295553
 1:20 pm on Oct 21, 2002 (gmt 0)

bird, et al,
I stand corrected. I misunderstood my coworker - totally! The server in question was actually several servers - part of the honeynet project. I believe the server installs were default installs. Here's the link for those of you who want more information.

[honeynet.org...]

Just goes to show how much I need my morning coffee.:)

Best,
Gregg

bird




msg:295554
 2:14 pm on Oct 21, 2002 (gmt 0)

Thanks lorax, you earned your coffee... ;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved