Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers, Meet Microsoft

Posted by CowboyNeal on from the come-together dept.

Mz6 writes "The random chatter of several hundred Microsoft engineers filled the cavernous executive briefing center recently at the company's sprawling campus outside Seattle. Within minutes after their meeting was convened, however, the hall became hushed. Hackers had successfully lured a Windows laptop onto a malicious wireless network. 'It was just silent,' said Stephen Toulouse, a program manager in Microsoft's security unit. 'You couldn't hear anybody breathe.' The demo was part of an extraordinary two days in which outsiders were invited into the heart of the Windows empire for the express purpose of exploiting flaws in Microsoft computing systems. The event, which Microsoft has not publicized, was dubbed 'Blue Hat' -- a reference to the widely known 'Black Hat' security conference, tweaked to reflect Microsoft's corporate color."

3 of 496 comments (clear)

  1. Re:Can We Get Firefox Developers To Do This, Too? by zifferent · · Score: 0, Troll

    What kind of FUD is this?

    Astroturf isn't going to be unanswered on my Slashdot!

    Make no mistake. This is a stunt, and I'm not going to stand for it!

    M$ doesn't really care about security, and if they didn't have Linux and Firefox breathing down their neck their security record would keep getting worse.

    Mark my words M$ products will continue to writhe in the secuurity dumps, because they are a closed source company at the end of their upgrade rope. They can't even get ppl to switch to XP! How the heck are they going to get ppl to switch to Longhorn?

    I'll tell you how. By heaping on pointless features and adding cruft, and blathering on about how important the new widget is. That's the only way to sell the next generation OS and office suite.

    But while M$ continues to rebuild much of their code from scratch (and introduce plenty of new bugs and security flaws in the process), Linux and BSD will continue to build upon stable code bases and will only become more stable.

    From here on in the Cathedral model of OS development is going to fail them.

    Onward LINUX soldiers!

    --
    cat sig > /dev/null
  2. Re:Can We Get Firefox Developers To Do This, Too? by kosmosik · · Score: 0, Troll

    > And let's not forget that Netscape
    > provided Microsoft with some much-
    > appreciated help in taking over the Web,
    > by screwing up their own release schedule
    > so badly that there never was a Netscape
    > 5.0.

    Lets not forget that MS laveraged their monopoly on operating systems to give their browser away for free and still being able to operate (financialy). Netscape was just killed by MS. The lack of 5 version release was an effect, not a cause.

    > They are aiming to be the top of the heap
    > in security, and they've got drive, ambition
    > and aggression.

    Too bad still they have serious problems here. Like things got better inside corporate networks etc. (but not like it is MS-only achievement - entire market was generated around windows lack-of-security). But it still *is* an issue.

    > Make no mistake, this kind of event is
    > exactly what a company that wants to get
    > secure should be doing.

    No, publishing some marketing stuff with phrases like "hackers are hacking Windows and everybody is happy" is like PR/marketing bullshit.

    Face it - now the real crackers (I mean virus writing etc.) are working for profit - under wings of multinational organizations. This is no longer underapriciated-geek-thing - this whole security business is about money. Not some "blue hats" (WTF are they?) - it is like - you crack a system -> you get profit from it. Marketing stupid names like "blue hats" is not going to change much.

    (...)
    > These things say to me that, within a few
    > years, we're going to see some really damn
    > secure stuff coming out of Microsoft.

    Yeah - like say it gazilllion times and it will become truth. It is not like MS has not made any secure product. The opinion (MS -> insecure) comes from the fact that MS had done some unsecure products before. Yelling "WEEE ARE ALL ABOUT SECURITY DADADADA ETC." wont change much unless there will be noticable changes with their security practices. Right now I see a problem with MSIE (in general - entire system) - when you ask the video driver to draw very huge bitmap the system hangs... It works for +/-50% of systems (my research, even if it would be 5% it is still an issue). And guess what - you wont find MS talking about this *problem*. So how do they handle security?

  3. ... and I am an alcoholic ... by xqcom · · Score: 0, Troll
    The first step to fixing a problem is an organization wide acceptance that the problem is real. This kind of a meeting between the "establishment" and "hackers" is so unprecedented, I can only assume that Microsoft is totally serious about fixing security.

    The one thing we do know from the Netscape vs IE war is that when Microsoft puts it mind to it, they are capable of working miracles. The same story goes for the WinCE vs Palm OS war. So I am quite confident that Microsoft will evenually be able to deliver it promise of "secure computing environment".

    Maybe Microsoft will have to take some drastic changes to the OS to get there, but then Apple had to do the same to get where they are today with OSX.

    In the spirit of full disclosure, I run both WinXP and MAC OSX at home, and own MSFT stock :)

    --
    Denial is not a river in Egypt