Slashdot Mirror
Microsoft Cracked again?
Dominic writes: "Seems microsoft have been hacked (possibly) again, acording to infoworld."
They don't seem to have a lot of evidence, but there's some interesting commentary related to this, and the earlier crack where the source code to Windows and Office was supposedly stolen (I'll believe that when I see it).
It seems that with these hacks Microsoft is losing more than their renound ability to market and spin themselves around. Usually their Marketing does all the work and the technical side of their product is kept to a whisper. But now with these hacks their Admins are admitting their faults and it seems the marketing is coming back to "clarify" things so we the public don't panic.
Let me guess... A few days from now the story will be cleared up as a minor breach and that no data was modified nor seen...
fslg503-985-8686503-985-8686503-985-8686503-985-8
Microsoft advertise thier products as being "secure solutitions". Assuming Microsoft use thier own products, this is clearly a hypocritical statement, perhaps misleading.
They also seem to have a complete disregard for the security of their products, allowing them to be made availiable in this way.
Perhaps Microsoft should actually think about the problems this caused for them, and the problems is could quite easily cause for others, the consequences are most severe.
Buck up your attitude?
yer.. few years ago people would have just said "who'd put windoze boxen on the net?!!" and that would be that.
How we know is more important than what we know.
They are probably "cracked" on a regular basis, but because you don't hear about it, and so it remains a non-issue. As soon as a little event ends up in the news, this sort of silliness is the result. Hopefully, you'll understand why most companies, including banks, are extremely reluctant to share information with the law enforcement agencies. One simple little attack might take a company's value through the floor because investors don't understand the hoopla surrounding a security incident. You hear about bank holdups all the time, but you'll never hear about real incidents of electronic fraud or Internet banking attacks, even though they occur every day somewhere on the planet.
There are many companies that take a similar risk-managed approach to security. You classify assets based upon their worth to the organisation, and then you protect them to that value. Cracking into the machines that do "download.microsoft.com" is different to cracking into the corporate ERP system or the internal code repositories.
With over 10,000 attacks a week, Microsoft takes a reasonable approach to security, in my opinion. No one can be 100% secure, and it costs so much to be near 100% secure that it's not worth doing so. If you don't agree with me, bite me. Unlike most of you, risk managed security architecture is what I do for a living.
Andrew van der Stock
The news agencies are probably not reporting it because they use Microsoft Windows and can't make themselves look bad to the public.
Too often on here I see the ignoramus posting about the evils of microsoft and Gates. I think its the same thing as penis envy...he's rich, he's got an amazingly successful company..and you dont. I'm no fan of the software quality myself, but I wont go about spouting how the CEO is evil. Thats just immature. I think Gates has proven himself a worthy human with all his donations. At least he's doing more than those other tech people who claim that computers can solve everything. You need to be able to eat decent food and clean water before you need a SystemTech PentiumProThlon 9000 w/ advanced graphics capabilities and altec lansing speakers. You need to solve starvation before planting a laptop in the hands of the poor.
-
Well, by that standard then, nations like Cuba and Iraq ought to be paradises. The embargos keep us vicious foreign devils from looting them. So, why are they miserable pits of desperation and poverty?
As for rule of law, that's very vague. If you mean the laws that allow only US-owned businesses to import and export food while depriving native farmers of implements and supplies, then I'd have to say you're wrong. If you mean establishing a minimum standard of living for the populace, I'd say you're right.
No, I mean that you pass laws that permit people to keep the fruits of their labors and assure certain basic rights such as speech, assembly, voting, etc. and you make sure that you have a legal system that enforces those laws. Without corruption or cronyism.
Your response betrays your mindset that for a nation to succeed, it must obtain the means to do so from outside. I maintain that that simply isn't true. The reason the West prospers is a result of its freedoms, laws, and capitalism. For a good example of what happens when you lose that, you need look no farther than South Africa. Once the economic jewel of the continent, it's gradually descending into a chaos of tribalism and corruption. Unchecked, it will ultimately be as impoverished as its neighbors.
I know, I just wonder how it could happen twice so close to each other, one should think that they would have a lot of attention on the subject after the first time.
Of course if it was years ago, then most people would lower their guards and relax a bit because they needed a "wake-up-call".
And it cant be easy to be a favorite hacking object.
--------
> I haxored kernel.org and downloaded the linux source code
That's nothing. I downloaded it, changed some things, and uploaded the changes!
I even put my name in the files, so anyone else who downloads it will know I did it!
Sheesh, evil *and* a jerk. -- Jade
Your subject title is actually a very good answer to your question. Microsofts security system is not entirely Windows based - if you recall an aticle entitled `Unix at the Empire' a few months ago, or talk to those who have knowledge of MS internal security, there is a lot of ipfilter based OpenBSD firewalls.
Though, as Microsoft are often in the habit of eating their own dog food, they might beusing their new Internet Security and Acceleration [ISA} Server, the replacement to shitty old proxy server. This eliminates much of the nastiness [and non-firewallness] of PS, and is about -3 months old. This incident would damage the launch severely is MS told anyone what they were using.
I'd suspect, with regards to security, they do the testing in a closed environment for quite some time.
But your point is nevertheless a good one - while we don't know what MS use internally, the habit of people calling Outlook Viruses `email viruses', when they only affect a specific client, is misleading.
Sorry- having an open mind is great so long as your brain doesn't fall out. I think you've been spun. The guy's still the primary personality behind the totally unacceptable behavior of Microsoft, which has been _convicted_ of monopolistic crimes, the list of which is so long it'll make your head spin. Did they just do this at random? No, there was a pattern of 'search and destroy' and open attack of the capitalistic process coming right from the top there.
If tossing a few nickels at charity can really make you forget that, you have a _short_ memory.
breaking news! microsoft hires monty python to write the killer joke and embed it in the source code. avoid at all costs, it WILL kill you!
Voting Moo Anyway!
What I do not understand is why so many people try to crack Microsoft itself. Yes, sure, you wave your manhood for everybody to admire its size, but...
... in the meantime you help actively to make the Microsoft-site the best-protected site in the world. Do you want that?
So mess with the customers of Microsoft as much as you want, embarass them for the whole world, but leave Microsoft itself alone! There may come a time when it is desperately necessary to break into the Microsoft stronghold and *then* you want all those exploits wide open; not plugged.
a boy wanting to show off to his girlfriend:
b: look at my machine
g: wow, so much cables and so...
b: i am a superhacker. i already hacked pentagon and nearly sent nukes on russians
g: cool really? can you show something to me?
b: sure look now i login to internet
aolsoft: you've got mail
[click click] [ftp://billg:linuxsuxx@microsoft.com]
[rm -r $HOME]
b: now i hacked microsoft!
g: wow, you are my hero *kiss*
"It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
I know that you don't need the source code to find buffer overflows. I also know that of 1000 people who can find a buffer overflow by examining the source code, maybe 2 or 3 know how to use SoftICE or IDA to find the same exploit by working on the binary. So basically, although you are correct in that you don't need the source code, it makes it much more difficult for the average script kiddie to find it, and thus less likely that it will become public knowledge.
Even an accountant who has 6 terminals open into an IBM mainframe knows that it's Lopht, not Loft.
Smells terribly fishy to me.
"I don't want the cheese; I only want out of the trap."
Most sites are cracked by exploting a script (perl, c, php) that resides on the server. And sometimes there is just human error, like forgetting to change a default password (*cough* slashdot *cough*)
Read this:9 03,393015,00.html
http://www.observer.co.uk/international/story/0,6
This single article reversed 180 degrees my opinion of Mr. Gates.
I previously believed him to be a greedy, naieve, power-hungry egomaniac. If this article is accurate, and he will be giving away his money for food and medicine instead of for computers (which are pretty useless if you don't have anything to eat) then maybe slashdot should look into not portraying his as such an evil person. Maybe he has finally matured?
(I know this goes completely against the conventional wisdom on Slashdot, but read the article, maybe submit it as a story here... show that even geeks can be open-minded)
Open Source, Closed Minds. We are Slashdot.
Reality has a liberal bias
From a local paper: ... network security consultant and expert on hackers, said that if a copy of the code was downloaded, the person who seized it may demand a ransom for its safe return. Or if the attacker was an "open-source vigilante," the hacker might release it on the Internet for everyone to enjoy.
"They believe information wants to be free," he said. "And that Microsoft is the big, evil empire."
A
Then after, MS will say that the Open Office's source have the stolen MS Office source code and they will condamn anything that OpenSource is made from stolen source code and all the crap they normally say.
Office source code was stolen? Yeah, sure!
That's funny, dammit!
The moderator who modded the above post as "Troll" must be whacked with a cluestick, please!
Quidquid latine dictum sit, altum viditur.
I only post comments when someone on the internet is wrong.
anyone with their heads on the outside of their ass has backups stuffed away somewhere physically separate from the servers, preferably on 2 or more locations.
Voting Moo Anyway!
This is a hoax. The reason behind it was that Bill Gates watched "Charlie's Angel" yesterday...
Bill went home and started calling every Charlie on the phone book to hire angels.
(red herring: l0pht is incorrectly spelled "l0ft" in the article)
Shouldn't l0phtcrack be just as "illegal" regarding Microsoft SAM encrypted password files as DeCSS is to DVDs?
Speak truth to power.
Yhcrana
The voices in my head don't like you
"It's hard to give you an absolute certainty that the patch had been applied across the board. Given today's incident, our security teams are going back to check out the systems."
This statement is particularly disheartening. When the problems with Microsoft Outlook Express and the "features" that allow virus's to spread have their only fix with these Patches, and that -- according to even Microsoft -- its hard to make sure that the patches our applied completely: we should worry.
One might say that the little Microsoft Accessories should have been coded correctly the first time (before being published) but that is often a very hard thing to do.
I am asking You All: What ways could we make sure that "patches" had been applied across the board?
We know that no web server is immune to being cracked. Not because it's a Microsoft web server that it should be immune. They're using the same software as the other big web sites that have been cracked.
Think like a man of action, act like a man of thought.
Color me paranoid but I think microsoft is up
to no good....Hacked twice in a couple of weeks?
AdFuel
One can easily see that this code no longer belongs to microsoft since it's "rewritten from stratch"!
________
Actually, its l0pht. Well, actually it's @Stake now. Or @Steak, if you want.
Well, they were dumb enough to get hacked twice in the first place. They probably have their backup, on tape or cd somewhere in a fireproof safe in their building| like i do. I usually keep my server's backup in my basement, so if disaster hits, Ill get a jackhammer, and get to my backup on DVD disk. :)
ETRN x
They switched to Solaris as a consequence of being cracked.
OT and all but don't use wu-ftpd, if they have problems(not really an if) use ProFTPd or something else.
--
I would still like to see a Boland compiler, being able to download a newer RealPlayer for Linux and being able to feel save of Peter Norotn's Apps. It's not just about being able to see Director in Linux... Flash would be nice. =)
From Zero to Hero... Starbuck Zero
If you h4x0r3d it, could you please post the 2.4 source code?
We've been waiting for it for soooo long...
</TROLL>
____________________
Ni!
And now they will release "Windows RT 2000 Secure Edition"
RT - Russian Technology
--
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
Certainly the "Safe return" thing is funny. There's no way they could guarantee the code was deleted or anything.
But the second bit... well, that's the attitude I sometimes see reading slashdot. I can see how it would be easy for media "outsiders" to make that assumption.
-J
Karma: T-rexcellent.
Microsoft reserves the right to terminate any user
Now that's scary. I won't object termination of the license agreement, but sending death-squad to the user who peeked into M$ code seems to me a bit like over-reaction...
-- Si hoc legere scis nimium eruditionis habes.
> even though the patches are developed and tested in the same building
.. You forgot to mention the bugs, which are also developed in the same building...
-- javaDragon is an instance of JavaDragon.
I was given a copy of a small log that Dimitri shared with the IDG reporter. Egg.microsoft.com was not one of the servers mentioned.
And yes, the exploit was nearly identical to one of the lines you mentioned above.
(The IDG reporter said I couldn't share the log, sorry. Though it's possible that restriction might be gone now that the story has been published. The Infoworld story is a reprint of the IDG story that broke on Friday. Strangely enough, I didn't actually say the first sentence attributed to me in the article.)
I've seen this so called hacker on a Dutch television show and he's more then pathetic. When security and such were a bit more popular he got invited to a television show in which he would show how easy it was to hack a website. The site being targeted was www.voetbal.nl. Like I said it was more then pathetic; he claimed that he hacked it (during a commercial break) and when he wanted to show it it wasn't able to anymore. "They changed the password", he said. Yeah right; at 22:00 on a sunday someone is still working and immediatly changed the password in, say, 5 min. No, this is just your regular hacker wannabe who will try anything to "ride a wave" in order to get his name mentioned. Rememeber; "it doesn't matter how you talk about them as long as you are talking about them".
If the exploit is sufficienly high priority (and -- not to dig at Microsoft -- most Microsoft patches are high priority because of the length of time they take to release them and the likelihood that a real-world exploit already exists for them) there is only one way to be sure. Shut down access to everything that doesn't have it yet, and only bring it back online when it does.
--
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Is it basically because not enough people design software to be secure? Or because people tend to add new features without considering the security ramifications?
Still, I don't see why being hacked is inevitable; at some point, software can be designed so that circumvention involves breaking underlying assumptions which must be true in order for your system to run at all. i.e. any crack would instantly disable your system, leaving it secure.
As a sysadmin, you can't know every single line of every program that's on your system, but isn't this the point of OpenSource: that some people will be intelligent enough to design secure software, and that others can fix what little glitches they miss?
You seem too pessimistic.
"If you look 'round the table and can't tell who the sucker is, it's you." -- Quiz Show
Unfortunately, persuant to subparagraph J of section 3, chapter 13 of the Microsoft end-user license agreement (EULA), Microsoft reserves the right to terminate any user who comes in contact with the Windows source code.
If you do recieve the code via email or any other means, you are required to unplug your computer, telephone, and television, close your eyes, cover your ears, and chant "la la la, I can't hear you". Failure to comply with these provisions that protect our intellectual property is a violation of the DMCA, and will result in the MS Death-Commando(tm) being dispatched to your location.
We reserve the right to take legal action against anyone who has seen the aforementioned code, anyone who assisted in the theft of the code, anyone who made funny remarks about our IP protection measures, and anyone who found said illegal statements humourous. Stop lauging, we mean it
0 1 - just my two bits
JavaScript Error: http://www.microsoft.com/, line 28:
loadPage is not defined.
Actually, fired up my ol' stinkpad that I keep around for such emergencies, and it comes up ok in Internet Explorer. But I used to be able to get to it from netscape. How long has it been broken for non-MS users? Same error on Linux, Irix, Solaris.
Though some firewalls are penetrable, I think some are not. Setting up a good firewall will provide additional security, and might cover your butt in a tight spot (portscan). Keeping the skript kiddies at bay is a good start :)
:) )
(of course, nothing replaces a well patched system, but a firewall complements it
Stop the brainwash
As long as humans are designing software, it's going to reach a complexity where not all use-cases can be considered. Therefore, there is the highest chance that some flaw will creep in. And then, since the number of people trying to discover that flaw in order to abuse it is always going to exceed the number of people looking for flaws to fix, the situation will continue. We've had say, 20 years of cracking - no reason to assume it's going to stop now.
--Remove SPAM from my address to mail me
Yea, sendmail is crap .. so go use qmail and find something else to complain about :>
/. and Taco (dunno if it was even his own personal fault) about the /. break-in .. and there was plenty deal made about it when it happened.
.. unless you've not been paying attention, there's been TWO of these 'M$ gets hacked' stories around recently and people are beginning to notice a bit of a 'theme' shall we say about the lack of security at M$ and now how even their own patches are not applied.
.. but a lot of it is not without justification.
I think people still give
This is more than a 'glimmer' of a problem
Sure people here love Linux and tend to bemoan M$, I know I do
--
Delphis
I realize that this is somewhat inflammatory, but I feel like it should be asked. I am not a programmer, and have the utmost respect for anyone who is capable of writing something like wine, but: Is that really a loss to the Free Software community? Is there any real use for wine except to run proprietary software under Linux? Does this not further our addiction to proprietary software (most notably that heinosity known as "Office") by reducing the imperative to create Free alternatives? Does this not endanger Free alternatives by extending the marketshare of proprietary applications (in that, Office users can now legitimately carp to Linux users that all work should be done in Office since it runs on wine)?
I do not have a signature
Let's all drive Pintos, eat TV dinners, and and live in card board boxes.
Nothing is better than anything else.
I can't figure any other reason anyone would make such boneheaded comment.
I get the distinct feeling you believe that if Microsoft has aproblem then everyone has the problem because that's just the way things are.
Thanks for reminding me why I don't do windows users.
The message on the other side of this sig is false.
I am being serious here, but at the same time, I know that I am being paranoid.
Microsoft has ties with several people in the government. Good ties. Friendships, so to speak. All of these recent hacker attempts seem a little fishy to me. Why all of the publicity, all of a sudden? Why the big stink?
The USA government wants to pass even more restrictive internet and computer laws... laws which will be passed in the name of security, yet at the same time, killing our necessary personal freedoms - our rights.
Bush and Bill are buddy buddy. Microsoft will hold out on seeing the Supreme Court until Bush has become prez and has appointed new Justices. Microsoft will get a slap on the wrist. Our government will then apply god awful amounts of regulation to the computer industry...
So, yes I am being paranoid, but it all seems so obvious to me. Lets just hope that I am wrong, and next year, I am NOT saying "I told you so."
Is that supposed to be sarcastic?
.sig ya clam
Try reading my
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
When they were "cracked" last week, the stock rose a few bucks. Of course they go cracked again!
Was recently discussing some procedures with a customer, who insisted they didn't have email. When asked how they'd got the email I just sent them, they replied "oh, that's an Outlook message".
What is a very good way for M$ to stop wine, or at least discourage people from working on it? Create a situation where they can feasibly claim that code in it just might be stolen or that the people who wrote it had access to Windows source code. Whether they did or not is irrelevant, the fact that you can cause legal problems for them simply based on the idea that they might have is what matters. If I were a ruthless organization bent on world domination (like microsoft or $cientology), this is exactly what I would do.
Expect to see legal roadblocks in the future for wine.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
...Seems microsoft have been hacked (possibly) again...
Of course they were hacked again!
Somebody fixed some M$ bugs and then had to upload the source back to M$
Ha ha ha!!!
As I understand it, UCITA allows software companies to remotely disable software (almost) at will. If companies go for this (well they got the law passed for a reason), this could mean that hacking into a company such as M$ would give access to the programs / codes / whatever to shut down any of that company's software on any customer's site (assuming they're connected to the net).
Now that would be scary.
I bet the politicians behind UCITA didn't think of that.
Notice how no news agency that has reported the recent cracks has equated the security flaws in Microsoft's network and servers to Microsft's Windows operating system. No news agency is suggesting that "if you use windows, you could be next", as they often do with other reports. "Man dead after drinking poisoned orange juice... Find out if your orange juice could be poisoned - tonight at 10." Why is it that the news media is not running their usual tricks to scare the populus. In my (not ever humble) opinion, everyone running Windows is running the risk of their network/servers being cracked.
-------
Oh shit! I forgot to click "Post Anonymously"...
Microsoft's internal network is made up of many seperate domains (and Active Directory forests). The Houston domain used exclusively for Microsoft's online properties (MSN.com, Microsoft.com, etc...) and has no privledges to Microsoft's primary domain, REDMOND.
BTW: You can PPTP into Microsoft at cxn-redmond.microsoft.com. (However, they took it down recently because of these security problems.) Username: REDMOND\billg; Password: ????
If slashdot.org / apache.org can't setup a UNIX system with Apache + common tools who can?
If you'll blow away your haze of zealot fog that makes it hard for you to see the truth you'll recall both sites have recently been hacked.
You will also note that attrition.org notes more apache sites being defaced (even by percentage) than Windows 2000/IIS.
Have a nice day..
*ponders*
Install Potato, have apt auto-update from security.debian.org (covering all known vulnerabilities).
Install NT, apply service pack, apply hotfix, apply service pack, apply hotfix, apply this, apply that, watch the other break.
Yes, you do need to maintain whatever boxen you are responsible for.. But to believe for even a minute that it puts Linux and NT on the same ground is plain idiocy.
There are more updates for NT then I could possibly count, they have to be applied in a certain order lest your system refuses to boot. Hell, there are entire websites dedicated to figuring out what order you want to install Service Packs and hotfixes depending on what software you plan on having your NT server run.
The only thing that suggests to me is that there is enough cruft underneath everything that updating NT is an excersise in futility. There is no security, MS can't even do it. The next person to whine about UNIX cruft is getting a ClueStick beating.
President Clinton could not be reached for comment, but Governor and Presidential candidate George W. Bush said "that's the way the cookie jar crumbles." No, we don't know what he was talking about either.
Jeff
He doesn't want to believe he threw his money away on garbage.
MS has no incentive in the marketplace to improve their software. Maybe bringing it home to them, by showing them how bad their security is, will force them to make a better product. I doubt it though.
I worked in a bike shop for a few years. One man kept bringing in his bike to repair flats. He had about ten patches on his tires. It would have been cheaper to buy a heavy-duty inner tube and thorn scrapers, than to have it repaired over and over again, but he kept that leaky old inner tube.
photosMy Photostream
Free software is limited by one important issue, who is going to do the coding and who is going to use the product coded? The vast majority of free software is created by people because they use it themselves. But there are also other areas where the people who have the talent to write the code have no interest in using the end product. Here proprietary solutions will continue to dominate.
/citrix metaframe style system.
I don't know about you, but I really don't care whether my word processor is freeware or commercial. I want the underlying operating system to be free, or at least have all its specs published in full. Linux is great not so much because it is free of charge, but because there aren't any secrets about it. With windows there are lots of secrets. With the MacOS there are even more. But with Linux everything is right there on the table and its got a complete development environment included to boot! Talk about a hackers (!cracker) dream come true!
In short, the open source/free software model is one that works in some areas. It does not work for all. Therefore it is not going to take over the world. Twenty years from now commercial software will be just as prevalent as it is right now, if not more prevalent. There is every chance that free software might not be successful in the long run. There is also every chance that it will be successful. But there is nearly zero chance that it will overtake every other development model.
I personally think wine is the greatest thing since Linux itself. Imagine a terminal server type system based off wine? M$'s own terminal server is severly limited by the poor multi-user performance of NT. Unlike Linux and virtually any other version of Unix, it is very easy for a single user to eat up all the resources and lock out everyone else. This is a serious problem, but one that wine does not share. It wouldn't be too hard to make wine into one kick ass terminal server
I'm looking forward to bigger and better things from wine.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Or maybe it was a FRICKIN joke. [As in Frikin Hot Pocket]
Pay no attention to the man behind the curtain with all your metadata.
Exactly :)
ETRN x
Flamebait, My Eye. The good eye, I mean....
Pay no attention to the man behind the curtain with all your metadata.
Anyone else find it amusing that is was 'egg' that got cracked? :) No, oh well
Phear my l33t homepage.
www.cotse.com featured an article about this on november 2nd, and over 25 microsoft servers are currently known to be unpatched. one rather boisterous ms uk employees has been talking about honeypots on the ms network as of late, too.
--
no, some l33t p33ple just registered their name servers. You get the same for apple.com and aol.com too IIRC
Phear my l33t homepage.
They did not actually switch to Solaris - they use NT for the front-end servers off an Oracle back-end database running a Sun Solaris server.
The reason is that they find it easier to do rapid application development on the Windows machines. So in theory they can keep their back-end solid via Unix while having the development tools on an easily mastered platform.
Personally, I think running the whole thing on Solaris would have been easier, but that is/was their rationale.
D
----
whois microsoft.com
[whois.crsnic.net]
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.OR GN UR ISTS.NETS .NET. FRANCS.DOUZE.ORG
MICROSOFT.COM.OWNED.BY.MAT.HACKSWARE.COM
MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.
MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERRO
MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG
MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG
MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSIVE
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM.HACKED.BY.HACKSWARE.COM
MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS
MICROSOFT.COM
To single out one record, look it up with "xxx", where xxx is one of the of the records displayed above. If the records are the same, look them up with "=xxx" to receive a full display for each record.
>>> Last update of whois database: Sun, 5 Nov 2000 06:07:48 EST The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.
--It's Pimptastic!--
In fact, the world doesn't even need more food, water, or shelter. We have ample of each to provide even for our current population.
The problems we are facing are economic and social. We need to distribute resources efficiently, limit population growth, and limit consumption.
The only solution to our problems lies in better education, better communication, better public health, and more efficient economic systems. And information technology is probably the best tool we have for that.
Yes, but that's Mandrake. There's several other distributions that are Much more security-concious (I think the current canonical example is Debian, but don't take me seriously on that as that could start a flame war :) )
Mandrake's primary intended audience is those who don't want to bother poking around with their computers - which, while valid, often means that the details get missed.
(Disclaimer: IANAS (for S == Sysadmin) but I pretend to know what it's like to be one on /.)
--Jo Hunter
--Jo Hunter
Smile! It makes them wonder what you're up to.
MS server software is, out of the box, full of security holes and downright dangerous to put on the Net without extensively patching them first, and
In the past, I had to keep up on patching default Mandrake Linux 7.0 installs just to make sure that I didn't get owned by a wu-ftpd site-exec kiddie. Installing any OS requires keeping on top of things when you admin a server(s)... Micro$~1 makes sure that you have more to do to keep your servers "secure"
First thing I do after installing any Os is find any security info I can and apply the related fixes.
One future, two choices. Oppose them or let them destroy us.
Microsoft mistake.
Again. But who really cares?
I don't. Leave them alone.
This real impact here is what this does to MS as a service vendor. At a time when system software is quickly joining hardware in the "commodity" category, services are becoming ever more important to companies as a revenue source. If MS can't even secure their own servers, how can they possibly claim to be able to do so for clients?
Adobe and Macromedia do run on an OS other than Windows. It's called the Macintosh, and most Adobe products actually tend to be better behaved on the Mac than under windows [/goodnaturedribbing]
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
and ... that would accomplish what? the words "jack shit" comes to mind. can you say "backups"? good doggie. sit, ubu. sit.
Voting Moo Anyway!
That it wasn't me
(if I had the know how to do it)
I would have done as much damage
as possible just for the hell of it.
http://Lenny.com
I am willing to bet this "hacker" owned egg.microsoft.com, which was not patched. It took them a few days to take it down and it still is offline.
/ cmd.exe?/c+dir
/ cmd.exe?/c+dir
/ cmd.exe?/c+dir
/ cmd.exe?/c+dir
/ cmd.exe?/c+dir
/ cmd.exe?/c+dir
/ cmd.exe?/c+dir
He was not a "hacker" he just created one of the unicode urls that got parsed incorrectly by IIS. No skill.
http://target/scripts/..%c1%1c../winnt/system32
http://target/scripts/..%c0%9v../winnt/system32
http://target/scripts/..%c0%af../winnt/system32
http://target/scripts/..%c0%qf../winnt/system32
http://target/scripts/..%c1%8s../winnt/system32
http://target/scripts/..%c1%9c../winnt/system32
http://target/scripts/..%c1%pc../winnt/system32
Ok, now kids, don't go owning any banks running IIS today (Most are not patched)!
Ever need an online dictionary?
Steve Mann who is a prof at UofT (Toronto) teaches hardware engineering and wearable computers noted that any MS Windows is a toy operating system. The guy only deals with Unix though.
You can't handle the truth.
That's not quite true, though. One additional, and very important, thing that you can do is to try to figure out how to minimize the damage that an attacker can do even if he does manage to crack something. This is an area in which Unix/Linux and NT both fall down pretty badly; they spend a lot of time trying to make it hard to get priviledge, but let you do pretty much anything you want if you do. There needs to be a lot more attention paid to making systems damage tolerant, so that a broken ftpd (or whatever) won't put the whole system at risk.
There's no point in questioning authority if you aren't going to listen to the answers.
From the sound of the article Microsoft is trying to save face by saying that they where in the process of patching and this hacker just "slipped through" Meanwhile johnny hacker guy takes jab after jab saying microsofts security is weak. The posturing and the bs aside the real fact is that yes Microsoft was hacked again, it doesn't what server was hacked it still shows that Microsoft needs to beef up security and to do it at a faster pace.
"I am a kernel in the linux army"
M$ does not care about being the Sec. company they our out to make a dollar. (arent u?) SO when money is a key to either release something now or wait fix a few things lose money i think u would release it to wouldnt u? When you get Quake 3 (or hl or unreal) and u cant wait for the team that gave u your quake 2 mod to come out with one for q3 u want them to release something buggy or not do u not? then come out with patch's right? I try not to use Windows but when games is something i want and its only out for Windows then i use it. but for servers i think windows should get out and just let the Daemon is the choose for me. But then there is Choose's Ford, Chevy, Import? EVERYONE IS OUT TO MAKE A BUCK! LIVE WITH IT!
I tried this exploit against one of MY OWN MACHINES. As in, a machine that is owned by me, on which I already know the Admin password etc.
/c dir command like x-empt suggested and the result was the expected.
The first thing I tried was the cmd.exe
Then I pcanywhered in and decided to see if I remote launched notepad if it would appear on the display. When notepad.exe was launched, the whole system crumbled. I tried to kill it, but it won't die. Task Manager just says "Access Denied". Geez, where's kill -9 when you need it. I'm even logged in as admin. I can't kill the process, and I can't start anything except task manager. Can't even launch the services panel to kill IIS.
So now I'm attempting the tried and true method of fixing a win box.
.. theres a Borland Pascal compiler for Linux; Kylix.
...is at risk of being cracked.
Connect your computer to the internet. Allow it to accept any connection of any sort, ever, from anyone.
Congratulations. You're now at risk of being cracked.
All you can do now is neurotically, obsessively, try to think of every situation in which this cracking could happen, and try and cover it. Then ask all your friends, enemies, and family pets to tell you what you missed.
You're still going to get cracked one day, if enough people try, and enough people care. System administration is more about making this cracking difficult to the point of it not being worth it, rather than ruling it out altogether.
--Remove SPAM from my address to mail me
see http://www.surriel.com/diary/msposter.jpg
You are assuming script-kiddies need the source code to find out vulnerabilities in software, but the truth is, if they were able to understand the design intrincacies of software they would not be script-kiddies.
Believe me, for those of us who are competent enough to choose between building or destroying, it's much more rewarding to be creative.
Problem with MS is that they're Microsoft certified, they probably missed an click-on-OK-button.<P>
I believe E-mail clients for Linux were once made insecure when this guy called Pitr wrote a VB plugin. Fortunately, we have overview in bad things: The worlds largest shitholes can be counted on two hands...
Bizar technology?
As much as I dislike M$, but honestly:
You wouldn't bring a Linux box online without disabling everything you don't need, setting up ipchains in a secure manner, apply the latest patches and so on...
Sad, but those M$ hacks don't get the public attention they deserve....:-(
But the above statement:
~I just hacked kernel.org and downloaded the entire Linux Source Code~
Was worth it...:-))
Michael
Enditallnow
Hmm. Let's see here... sendmail... one of the most popular mail-servers out there, cracked time and time again. nobody says shit. slashdot got cracked due to admin mistakes, nobody make a BIG deal out of it. a *glimmer* of a microsoft mistake, and people lunge at it. yeah. that sounds unbiased.
Voting Moo Anyway!
I don't recall them saying "Warning all Solaris users!" after eBay was cracked. I think they just don't know enough to comment on the matter. They probably aren't even aware of the issue, since I can't imagine a media outlet refusing to comment on something just because they didn't have a clue.
If you are modding me down because you disagree with me, use the "Flamebait" category, not the "Troll" one.
You must be insane. Why the hell did they release you from the hospital?
ETRN x
Please, enlighten me, what's the point?
We all know that most people here on ./ enjoys a good M$ bashing when they get the chance. Sometimes the subject are a bit questionable and not really good material for it. But if the article are correct, then they have really asked for it this time. :-) :-)
Now for mine. A company that size with so many users depending on them, have a huge reasonability in keeping this from not happening. When it happened the first time, they should have the resources to make sure that it doesn't happen again. Don't tell me they can't divert the manpower needed to solve this. Let's see the list of posts grow as usual, can we go past 500.
[extreme bashing on]If they cant secure their own network based on their own products who can.[extreme bashing off]. ah felt good.
But somehow I doubt that it will affect anyone's decision about running their software. No impact at boss level, I'm afraid.
--------
I haxored kernel.org and downloaded the linux source code
1) MS server software is, out of the box, full of security holes and downright dangerous to put on the Net without extensively patching them first, and
2) Patching them won't even help you, because there are too many patches and too many holes. So many, in fact, that even MS can't keep up with them, even though the patches are developed and tested in the same building.
Did I miss anything?
How to get your software onto somebody else's computer in the first place? Try a piece of Javascript code in an HTML page.
For the last souple of years (perhaps under the influence of this wife Malinda, perhaps not), Gates has been throwing money at various philanthropic targets.
Perhaps not. The upsurge in charitable spending (which is still, in relative terms, pathetic) started very shortly after someone calculated that Bill's personal giving, pro rata, was much, much lower than the average single Welfare mum's personal giving. Call it embarrassment, call it publicity, but please don't call it unadulterated altruism. Also, a lot of the donating that he does comes with the proviso that his name is loudly involved (like ``the Bill Gates building'' he donated to one university, which at the time of opening housed computers running ``a variety of operating systems'' or at least of Linux distributions).
Got time? Spend some of it coding or testing
> and the earlier crack where the source code to Windows and Office
> was supposedly stolen (I'll believe that when I see it)
Report is everyone who has seen the code is now dead. They have all laughed themselves to death.
People keep going and develeping games, software, and hardware that only works with M$ stuff. I have a bad feeling about using MS stuff now right along with there updates and patches for Win2K. I guess I'll boot into Linux pay for the VMware Emulator and start making a diffirents. Hell it's time for a change, so people don't want that it... While most do... Adobe, Macromedia, and other companies just need to look into to Linux or other OS if anything.
From Zero to Hero... Starbuck Zero
well isn't that obvious from my post?
Whats your point?
http://Lenny.com