Welcome to WebmasterWorld Guest from 54.196.214.35

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Beta site cracked... already!

     
8:37 am on Oct 17, 2002 (gmt 0)

Senior Member from ZA 

WebmasterWorld Senior Member 10+ Year Member

joined:July 15, 2002
posts:1720
votes: 1


Another one in the bag for the blackhats!

[theregister.co.uk...]

3:28 pm on Oct 17, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 22, 2001
posts:2450
votes: 0


I know it's "wrong" but I love it when Microsoft is embarrassed with things like this. Maybe it will force them to take security more seriously in the future, and maybe that attitude will bleed over a little into their retail products.
5:27 pm on Oct 17, 2002 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


It's not just MS (sadly). I heard about a linux box was put up not to long ago to demonstrate the server's security as it had been optimized to prevent hacking. It took only 15 minutes before the hackers had Root.

Xoc

5:49 pm on Oct 17, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 18, 2001
posts:1437
votes: 0


I heard this story about the Windows 2000 beta at a conference. Microsoft put a box on the web and said "Try to find bugs/security holes in this." The /. crowd hammered on it. Then someone posted, "What are we doing? We're helping Microsoft!"

So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

7:10 pm on Oct 17, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 10, 2001
posts:1550
votes: 10


Lorax, do you have a reference for that one?
7:42 pm on Oct 18, 2002 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


bird, I'll ask my co-worker for the info since he's the one who told me. He's big into security stuff and read it on some discussion board I believe. I'll get back to you next week unless he decides to check his email this weekend!
7:45 pm on Oct 18, 2002 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member fathom is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 5, 2002
posts:4110
votes: 109


So for about three days there were no attacks. Then Microsoft posted, "Nobody has found a hole in three days!" Suddenly everyone was back hammering on it again.

Seems like an ego thing... at both ends! :)

8:45 pm on Oct 18, 2002 (gmt 0)

Full Member

10+ Year Member

joined:Dec 12, 2000
posts:237
votes: 0


Why dont these companies hire hackers crack the system and then fix the problem before release?
8:48 pm on Oct 18, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 6, 2000
posts:3928
votes: 0


If they leave it to be discovered after release, they don't have to pay the hackers a salary to do it.
8:53 pm on Oct 18, 2002 (gmt 0)

Full Member

10+ Year Member

joined:Dec 12, 2000
posts:237
votes: 0


I guess putting out a product with holes is a good thing. I know a guy whos been fighting hackers for 3 weeks, hes about ready to pop. Well mivox you have a point. If the company puts it out and the hackers have their way with it, then the company will learn the holes. The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around. Customer support will be on the line all times of day, so either way you cut it you will spend money.
9:24 pm on Oct 18, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 6, 2000
posts:3928
votes: 0


The only problem there is the customer gets messed over trying to find out what the hackers did. It seems eaiser to me to get the bugs worked out and then release it to the public not the other way around.

Well, that would be the nice way to go about it... but I guarantee a company like Microsoft would have to pay most self-respecting hackers a lot more money to "come to the dark side" and help them QA their products than they have to pay a wage-slave phone support "tech."

Phone support is a high turn-over cr@p job that pays garbage... like the McDonalds job of the tech industry. A good security expert would be a premium employee, who'd have to get paid enough to drown out the little voice in the back of his head whispering, "sell out!" whenever he tried to sleep. ;)

1:20 pm on Oct 21, 2002 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


bird, et al,
I stand corrected. I misunderstood my coworker - totally! The server in question was actually several servers - part of the honeynet project. I believe the server installs were default installs. Here's the link for those of you who want more information.

[honeynet.org...]

Just goes to show how much I need my morning coffee.:)

Best,
Gregg

2:14 pm on Oct 21, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 10, 2001
posts:1550
votes: 10


Thanks lorax, you earned your coffee... ;)