homepage Welcome to WebmasterWorld Guest from 184.73.104.82
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Beta site cracked... already!
creative craig

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3480 posted 8:37 am on Oct 17, 2002 (gmt 0)

Another one in the bag for the blackhats!

[theregister.co.uk...]

 

volatilegx

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3480 posted 3:28 pm on Oct 17, 2002 (gmt 0)

I know it's "wrong" but I love it when Microsoft is embarrassed with things like this. Maybe it will force them to take security more seriously in the future, and maybe that attitude will bleed over a little into their retail products.

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480 posted 5:27 pm on Oct 17, 2002 (gmt 0)

It's not just MS (sadly). I heard about a linux box was put up not to long ago to demonstrate the server's security as it had been optimized to prevent hacking. It took only 15 minutes before the hackers had Root.

Xoc

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3480 posted 5:49 pm on Oct 17, 2002 (gmt 0)

I heard this story about the Windows 2000 beta at a conference. Microsoft put a box on the web and said "Try to find bugs/security holes in this." The /. crowd hammered on it. Then someone posted, "What are we doing? We're helping Microsoft!"

So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

bird

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3480 posted 7:10 pm on Oct 17, 2002 (gmt 0)

Lorax, do you have a reference for that one?

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480 posted 7:42 pm on Oct 18, 2002 (gmt 0)

bird, I'll ask my co-worker for the info since he's the one who told me. He's big into security stuff and read it on some discussion board I believe. I'll get back to you next week unless he decides to check his email this weekend!

fathom

WebmasterWorld Senior Member fathom us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480 posted 7:45 pm on Oct 18, 2002 (gmt 0)

So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

Seems like an ego thing... at both ends! :)

miles

10+ Year Member



 
Msg#: 3480 posted 8:45 pm on Oct 18, 2002 (gmt 0)

Why dont these companies hire hackers crack the system and then fix the problem before release?

mivox

WebmasterWorld Senior Member mivox us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480 posted 8:48 pm on Oct 18, 2002 (gmt 0)

If they leave it to be discovered after release, they don't have to pay the hackers a salary to do it.

miles

10+ Year Member



 
Msg#: 3480 posted 8:53 pm on Oct 18, 2002 (gmt 0)

I guess putting out a product with holes is a good thing. I know a guy whos been fighting hackers for 3 weeks, hes about ready to pop. Well mivox you have a point. If the company puts it out and the hackers have their way with it, then the company will learn the holes. The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around. Customer support will be on the line all times of day, so either way you cut it you will spend money.

mivox

WebmasterWorld Senior Member mivox us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480 posted 9:24 pm on Oct 18, 2002 (gmt 0)

The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around.

Well, that would be the nice way to go about it... but I guarantee a company like Microsoft would have to pay most self-respecting hackers a lot more money to "come to the dark side" and help them QA their products than they have to pay a wage-slave phone support "tech."

Phone support is a high turn-over cr@p job that pays garbage... like the McDonalds job of the tech industry. A good security expert would be a premium employee, who'd have to get paid enough to drown out the little voice in the back of his head whispering, "sell out!" whenever he tried to sleep. ;)

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3480 posted 1:20 pm on Oct 21, 2002 (gmt 0)

bird, et al,
I stand corrected. I misunderstood my coworker - totally! The server in question was actually several servers - part of the honeynet project. I believe the server installs were default installs. Here's the link for those of you who want more information.

[honeynet.org...]

Just goes to show how much I need my morning coffee.:)

Best,
Gregg

bird

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3480 posted 2:14 pm on Oct 21, 2002 (gmt 0)

Thanks lorax, you earned your coffee... ;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved