Welcome to WebmasterWorld Guest from 184.73.126.70

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Beta site cracked... already!

   
8:37 am on Oct 17, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another one in the bag for the blackhats!

[theregister.co.uk...]

3:28 pm on Oct 17, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I know it's "wrong" but I love it when Microsoft is embarrassed with things like this. Maybe it will force them to take security more seriously in the future, and maybe that attitude will bleed over a little into their retail products.
5:27 pm on Oct 17, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It's not just MS (sadly). I heard about a linux box was put up not to long ago to demonstrate the server's security as it had been optimized to prevent hacking. It took only 15 minutes before the hackers had Root.

Xoc

5:49 pm on Oct 17, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I heard this story about the Windows 2000 beta at a conference. Microsoft put a box on the web and said "Try to find bugs/security holes in this." The /. crowd hammered on it. Then someone posted, "What are we doing? We're helping Microsoft!"

So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

7:10 pm on Oct 17, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Lorax, do you have a reference for that one?
7:42 pm on Oct 18, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



bird, I'll ask my co-worker for the info since he's the one who told me. He's big into security stuff and read it on some discussion board I believe. I'll get back to you next week unless he decides to check his email this weekend!
7:45 pm on Oct 18, 2002 (gmt 0)

WebmasterWorld Senior Member fathom is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

Seems like an ego thing... at both ends! :)

8:45 pm on Oct 18, 2002 (gmt 0)

10+ Year Member



Why dont these companies hire hackers crack the system and then fix the problem before release?
8:48 pm on Oct 18, 2002 (gmt 0)

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If they leave it to be discovered after release, they don't have to pay the hackers a salary to do it.
8:53 pm on Oct 18, 2002 (gmt 0)

10+ Year Member



I guess putting out a product with holes is a good thing. I know a guy whos been fighting hackers for 3 weeks, hes about ready to pop. Well mivox you have a point. If the company puts it out and the hackers have their way with it, then the company will learn the holes. The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around. Customer support will be on the line all times of day, so either way you cut it you will spend money.
9:24 pm on Oct 18, 2002 (gmt 0)

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around.

Well, that would be the nice way to go about it... but I guarantee a company like Microsoft would have to pay most self-respecting hackers a lot more money to "come to the dark side" and help them QA their products than they have to pay a wage-slave phone support "tech."

Phone support is a high turn-over cr@p job that pays garbage... like the McDonalds job of the tech industry. A good security expert would be a premium employee, who'd have to get paid enough to drown out the little voice in the back of his head whispering, "sell out!" whenever he tried to sleep. ;)

1:20 pm on Oct 21, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



bird, et al,
I stand corrected. I misunderstood my coworker - totally! The server in question was actually several servers - part of the honeynet project. I believe the server installs were default installs. Here's the link for those of you who want more information.

[honeynet.org...]

Just goes to show how much I need my morning coffee.:)

Best,
Gregg

2:14 pm on Oct 21, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks lorax, you earned your coffee... ;)