Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Consults Ethical Hackers at Blue Hat

Posted by samzenpus on from the dare-you-to-break-it dept.

linumax writes "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see.Blue Hat V2 was held on Thursday and Friday and teamed noted "white hat" hackers with Microsoft employees to break into and expose security weaknesses in the company's products. Over 1,000 Microsoft developers, managers and security experts attended, including Microsoft brass Jim Allchin and Kevin Johnson, co-presidents of the company's Platforms, Products & Services Division."

162 comments

  1. Good thing by Sinryc · · Score: 5, Insightful

    This is a good thing. It always is good to get someone to try and break your software, that way you know what you can do to fix it. Lets be honest here, Microsoft is number 1 in sales, so I hope they can make a better product, for the saftey of everyones computer.

    --
    Yay, I have a sig.
    1. Re:Good thing by SycoCowz · · Score: 3, Interesting

      A small invited group is hardly representative of the resources global hacker community. They should unleash the world on their software, ala OpenHack; that would be a better security test and/or learning experience.

    2. Re:Good thing by Anonymous Coward · · Score: 3, Funny

      This is a good thing. Finally someone with ethics on the Micro$oft campus.

    3. Re:Good thing by geekoid · · Score: 5, Insightful

      Except this way they can keep the vulnerabilities to the selves and fix them with less PR issues.

      Hiring outside security people to break a system is not uncommon.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    4. Re:Good thing by fantababy · · Score: 0

      Yes, this will help microsoft in reducing software piracy.

    5. Re:Good thing by DurendalMac · · Score: 1

      Too true. I'm wondering if Billy beefed up security this year to prevent someone from hacking into his home computer during the Blue Hat and putting all his Scheisse videos on a projector for all to see.

    6. Re:Good thing by Anonymous Coward · · Score: 0

      "This is a good thing. It always is good to get someone to try and break your software, that way you know what you can do to fix it. Lets be honest here, Microsoft is number 1 in sales, so I hope they can make a better product, for the saftey of everyones computer." - by Sinryc (834433) on Wednesday October 19, @07:51PM

      Agreed, 110%, on all accounts you mentioned Sinryc...

      * :)

      (It's just too bad that the majority of folks here @ "/." tend to be SO damn "anti-microsoft" in their sentiments)

      APK

      P.S.=> This event done by them is one of the best things they can do imo as well... apk

    7. Re:Good thing by Captain+Splendid · · Score: 3, Insightful
      A small invited group is hardly representative of the resources global hacker community. They should unleash the world on their software, ala OpenHack; that would be a better security test and/or learning experience.

      Well, yeah, but this is Microsoft, so let's be thankful for small mercies, eh? Baby steps, my friend, baby steps.

      --
      Linux, you magnificent bastard, I read the fucking manual!
    8. Re:Good thing by rob_squared · · Score: 3, Funny

      In related news, 1000 marine snipers were asked to John Smith's community farm and challenged them to hit the broad side of his barn.

      --
      I don't get it.
    9. Re:Good thing by Philip+K+Dickhead · · Score: 1

      These are the same presenters and materials as CanSec West, ToorCon and BlackHat. This is to get this material in front of the developers, who will profit by the experience - and their executives - to get this on the agenda for the business.

      Make all the wisecracks you want. I was there this last Friday, and as an old Pen/Vuln hand, found it quite worthwhile.

      --
      "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
    10. Re:Good thing by Anonymous Coward · · Score: 0

      Microsoft is the leader in technology, whether folks like it or not. They have the resources, the user market ignored for years by big iron and family. They'll succeed in securing windows AND still provide robust functionality instead of removing functionality in an attempt to secure things which is what a lot of everyone else does. Part of the reason they are always ahead of the game.

    11. Re:Good thing by NineNine · · Score: 1

      They should unleash the world on their software, ala OpenHack; that would be a better security test and/or learning experience.

      Uuuh, every day the entire world is unleashed on their software with no set parameters. MS's software is hacked at, picked at, poked, prodded, more than any other software on the planet. Every single day. I'd stake my life that that a hacker, somewhere in the world, is trying to poke holes in MS's software every second of every day. They have had more cumulative experience with security than any software company in the world.

      They brought in the pros so that they could try certain products and scenarios in a controlled environment.

    12. Re:Good thing by Anonymous Coward · · Score: 0

      get someone to try and break your software

      "try to break".

    13. Re:Good thing by ExKoopaTroopa · · Score: 1

      do you really think that skilled hackers that are into it for the money, are going to reveal their tricks of the trade to OpenHack ?

      --
      Don't Tell Me What I Can't Do!
    14. Re:Good thing by Captain+Splendid · · Score: 1

      No wisecrack was intended, in fact, quite the opposite. The fact that Microsoft is (publicly) doing things (like this) that it wouldn't have touched with a ten-foot pole a few years ago is great. I'm no Microsoft lover, but imagine if all of a sudden MS started actually innovating and taking a few more chances. Personal computing is already a lot of fun, but it would be much better if the 800-pound gorilla in the room loosened up and joined the party once in a while.

      --
      Linux, you magnificent bastard, I read the fucking manual!
  2. I wonder... by CygnusXII · · Score: 4, Interesting

    I wonder how many items covered this year, were rehashes of last year, and "we told ya so!"

    --
    My cat's picked up a Hammer. HEY! Put down that Hammer. Put Down that Hamm...THUNK!
    1. Re:I wonder... by Karma_fucker_sucker · · Score: 1

      That's probably why they were hired. I think MS is starting to get really serious about their security. I bet they're really tired of the constant bad PR about their security and I bet that in some biz segment the perceived lack of security is affecting their business.

      --
      Evil people don't think they're evil. - George Lucas, Making of Ep III
    2. Re:I wonder... by pookemon · · Score: 0, Redundant

      So it took them 30 years to get "serious" and "tired of the constant bad PR". More like this is a publicity stunt.

      --
      dnuof eruc rof aixelsid
    3. Re:I wonder... by Anonymous Coward · · Score: 0

      Completely OT, but you have a lovely name *strokes your face*.

  3. On the internet by aussie_a · · Score: 4, Funny

    Every day is Blue Hack day.

    1. Re:On the internet by Anonymous Coward · · Score: 0

      Every day is Blue Hack day.

      I think you mean Blue Screen day.

    2. Re:On the internet by Karma_fucker_sucker · · Score: 1
      I think it's a plot by BG. He's using the hackers to break into government sites for world control! Yeah! You'll see. All of those white hats will die in mysterious ways! And he'll put bugs purposely into his code so that he can sell upgrades!

      Oh, wait...that's a Bond Movie ...my bad!

      --
      Evil people don't think they're evil. - George Lucas, Making of Ep III
    3. Re:On the internet by smittyoneeach · · Score: 2, Insightful

      Aw, c'mon: I have seen exactly one BSOD on XP. I was actually impressed to have done something stupid enough with the hardware to make it happen. Come to think of it, that was pre-Nervous Pack #1: it's been solid ever since. On the rare occasions I boot it, that is.

      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
    4. Re:On the internet by Anonymous Coward · · Score: 0

      And on Slashdot everyday is Ass Hat day.

    5. Re:On the internet by ozmanjusri · · Score: 1

      Aw, c'mon: I have seen exactly one BSOD on XP.

      That's not a bug, that's a feature. To fix it, you just Right-click on My Computer, click Properties, click the Advanced tab. Under "Startup & Recovery," click Settings. Under "System Failure," uncheck the box in front of "Automatically restart."

      Once you've done that, you'll have your old familiar bluescreen back in no time!

      --
      "I've got more toys than Teruhisa Kitahara."
    6. Re:On the internet by Anonymous Coward · · Score: 0

      By the time the White Hackers made it into the system, they found that it was already infected with the My.taub.J2x.Win32 Virus.

      Anon.

    7. Re:On the internet by 4mn0t1337 · · Score: 1

      Heh... when I got the invitation, I was a tad suspicious.

      Told my family where I was going, and when I was to return. If I failed to check in, I pointed to woods around Redmond where they were to look for my body.

      --

      ______
      Once: you're a philosopher. Twice: a pervert.

  4. Typical /. response by Anonymous Coward · · Score: 0, Insightful

    Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see

    Of course if this were an OSS project, the code would be there for all to see and try to crack instead of 'select' few.

    Still, I'm sure it's a useful PR exercise.

    1. Re:Typical /. response by notasheep · · Score: 5, Insightful

      If you'd RTFA you'd understand that they were invited there to show techniques that hackers use so MS developers can have a better understanding of what to think about when they code. They weren't there to do a line-by-line security review.

      --
      Your mind looks a little cramped. Why don't you stretch it a little?
    2. Re:Typical /. response by oztiks · · Score: 1

      So what your saying is, they've nearly completed an operating system which is now past beta stage and is almost ready to be shipped and sold in stores around the world and will be used by millions if not billions of people. Now all of sudden they've decided to sit down and think about how they should of coded it ...

      Right, perfectly logical ... *rolls eyes*

      What is it with people looking at these dumb ass articals and thinking this blatently stupid behaviour is actually positive it really does amazes me ..

    3. Re:Typical /. response by Anonymous Coward · · Score: 0

      You're an idiot, you think this is the first they've thought of security? XP SP2 has yet to have any worms, so obviously they've been thinking about security for a while. What amazes me is how people make opinions without the facts.

    4. Re:Typical /. response by oztiks · · Score: 1

      You're an idiot, you think this is the first they've thought of security?

      Well it was blue hat v2 so i guess it would be the 2nd time they've thought about it.

      XP SP2 has yet to have any worms, so obviously they've been thinking about security for a while. What amazes me is how people make opinions without the facts.

      We'll see, a large percentage of this type of stuff stays private amoungst hackers and crackers, when it become public is the real issue. But i guess you would no nothing about that. Throw down the gauntlet and challengers will appear.. never under estimate the hacking community, that was microsofts 1st mistake.

    5. Re:Typical /. response by Anonymous Coward · · Score: 0

      They've been focusing on security for a while now, why make comments when you're totalling ignorant?

    6. Re:Typical /. response by oztiks · · Score: 1

      They've been focusing on security for a while now, why make comments when you're totalling ignorant?

      In the scheme of things, No they havent thats why we have big big companies called symantech and NAI and TrendMicro because they had a plenty big gap to make lots and lots of money out of the fact windows has ignored security for such a long time.. Thank you next please.

    7. Re:Typical /. response by kcelery · · Score: 1

      when you are drive a bus and got hit by a falling brick, you'll think gee, we need a tank. Ok, put an armour here, put an armour there, voila, we have a tank. And that's the tank running on almost every desktop.

    8. Re:Typical /. response by oztiks · · Score: 1

      A strange analogy but a correct one, for windows anyway. For myself secuirty has always been a customised 'thing' ive always done myself to ensure my home pc or the servers that i run a safe from harm, doesnt mean they cannot be broken into but they stand a good chance from 99.9% of the things that are out there that could possibly cause problems and provided i keep them regulararly patched i feel safe knowing that its going to be tough for anyone to get in. Now not to blow my own horn and rant on about how long ive been doing this and how long ive been doing that, i do have experience with pcs a good solid decade mind you and during that expeirence linux security is something that has been evolving during the time ive been using pcs, ive seen it by watching such sites as bugtraq, neworder, packetstorm, phrack... the list is endless and what do all these places have in common? continuous evolution of bugs and information of secruity flaws, linux has had PLENTY of them and as result it has founded a strong base for security during this time. On these sites windows is looked at as a bit of a haha JOKE because its behind the rest of these multiuser os' in this evolution process. Read the last issue of phrack PERFECT example, there is a chapter about smashing windows stack to get into the system whereas in linux there is an artical about tricking the stack protection patches to then smash the stack/heap. Some silly little conference inviting a bunch of geeks who subscribe to bugtraq and perhaps write these articals for phrack, a) they wont tell ms the real nasty tricks b) its a much bigger issue then a conference once a year. Yes im ignorant, sure whatever, i suggest the silly little wise asses who go "your ignornat, your an idiot" should go and learn something about secruity before commenting about how its wonderful that microsoft decided to devote a WHOLE DAY into learning about secuirty from the very people who are most likley on the other end causing the problems for them .... Yep, good measure of cluelessness out and about these days ...

    9. Re:Typical /. response by canuck57 · · Score: 1

      If you'd RTFA you'd understand that they were invited there to show techniques that hackers use so MS developers

      So like most Microsoft events it is staged. This is why other events like Black Hat are far more credible... inviting anyone who wants to sign up. Demonstration of DMA with USB is old news, Microsoft developers knew it was a problems many years ago and it still remains a problem. In fact they participated in it's design.

  5. It's about time... by bypedd · · Score: 4, Insightful
    Kaminsky and others have spent years sounding alarm bells about holes in the security defenses of Microsoft's software, including the Windows operating system and the Internet Explorer browser. As a sign of how times have changed, he and other presenters were treated to a lunch with retiring Windows chief Allchin and Johnson...

    A sign of changing times, indeed. It seems pretty clear that Microsoft has needed to buddy up more with the people who can break their software, because it's going to happen anyways, at least now they might have a head start. I can't really commend the decision to start now, though, as it seems to be both forced by the current politics and belated in that they should have had the foresight to do it earlier.

    1. Re:It's about time... by ScentCone · · Score: 1

      I can't really commend the decision to start now, though, as it seems to be both forced by the current politics and belated in that they should have had the foresight to do it earlier.

      Er... what would you say if they didn't do it (now)? It's either a good thing or it's not. Well, it can only be a good thing, really.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:It's about time... by Anonymous Coward · · Score: 0

      Hello You must be new here, Welcome to Slashdot!

  6. blue hat, white hat by brandanglendenning · · Score: 1, Funny

    this segregation cannot continue!!!!!

    1. Re:blue hat, white hat by LiquidCoooled · · Score: 1

      What do you propose then?

      Attack of the cyan hat hackers?

      --
      liqbase :: faster than paper
  7. Ethical Hackers.. White Hat Hackers.. by jkind · · Score: 3, Interesting

    Okay I don't like either of these terms for hackers with morals.. Lets think of something new:

    -Deeks (decent geeks?)
    -Prerds (Principled Nerds?)
    -Fairackers (fair hackers?)
    Also remember that the term hacker is not always seen as negative in of itself: From: http://www.smoothwall.net/support/glossary.html "A highly proficient computer programmer who seeks to gain unauthorised access to systems without malicious intent."

    --
    ~jennifer.k~
    1. Re:Ethical Hackers.. White Hat Hackers.. by Anonymous Coward · · Score: 0

      If you can use a keyboard then you are in fact a hacker. The term originated from the old typewriters where you had to "hack" at the keys to make them work. So how can anyone take the term hacker as derogative?

    2. Re:Ethical Hackers.. White Hat Hackers.. by neonstz · · Score: 5, Funny

      Whackers

    3. Re:Ethical Hackers.. White Hat Hackers.. by Phantasmo · · Score: 1

      I also have a strong dislike for the term. It's like going out of your way to say "Ethical Professors" or "Ethical Architects."
      What's wrong with a cracker being an evil hacker, and a script kiddie being a cracker without any real skill?

      --

      The US Army: promoting democracy through unquestioned obedience
    4. Re:Ethical Hackers.. White Hat Hackers.. by name773 · · Score: 1

      you can be the architect of something non-ethical

    5. Re:Ethical Hackers.. White Hat Hackers.. by Anonymous Coward · · Score: 0

      Because white hat and black hat sound and look cool, that's why.

    6. Re:Ethical Hackers.. White Hat Hackers.. by jonom · · Score: 1

      Damn! No mod points!

  8. Is it me? by systemofadown · · Score: 0

    Or this "hat" thing has gotten a little retarded, I've never heard of the term "Blue Hat" before. I mean how about calling "Black Hats" == criminals?

    --
    Science is but a perversion of itself unless it has as its ultimate goal the betterment of humanity. -Nikola Telsa
    1. Re:Is it me? by hunterx11 · · Score: 1

      Apparently Microsoft has become more internationally-oriented since the EU lawsuits, and decided to allow UN peacekeeping forces to test their software.

      --
      English is easier said than done.
    2. Re:Is it me? by 4mn0t1337 · · Score: 1

      "Blue Hat" is just a cute name for an internal training/conference at Microsoft. Very few of us from the "Community" (Which seems to be the polite way to say "hacker") were invited, and most of them (not myself) are speakers. Outside of "community" members, it is only MSFT staff there. So, no one really thinks of themselves as "Blue Hats" (or at least, god I hope not!).

      --

      ______
      Once: you're a philosopher. Twice: a pervert.

  9. Yawn, nothing to see here -- move along... by merc · · Score: 3, Insightful

    I'm sure "(white|blue)-hat hacker" in this case is redefined to mean "anyone who cooperates with Microsoft when finding security vulnerabilities". Of course there are always proper ethical ways of dealing with the discovery of serious security flaws in software--that doesn't mean they have always had Microsoft's business or PR interests in mind.

    This is just a publicity stunt, a pretense that Microsoft is taking security research seriously.

    If I'm wrong, then it would be interesting to know what security vulnerabilities were "uncovered" at their event. Are they going to be disclosing the details of such flaws? What do you, as a security researcher, have to "sign away" to participate?

    --
    It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
    1. Re:Yawn, nothing to see here -- move along... by pookemon · · Score: 5, Funny

      I'm sure "(white|blue)-hat hacker" in this case is redefined to mean "anyone who cooperates with Microsoft when finding security vulnerabilities".

      Yes, the rest of the world would call them Testers.

      --
      dnuof eruc rof aixelsid
    2. Re:Yawn, nothing to see here -- move along... by Lesrahpem · · Score: 1

      Actually, I see a reason for this that isn't all that obvious. It's one thing to hear that someone has found a vulnerability in a piece of software you helped write. It's a lot different to actually see them do it, and how they do it. Maybe the higher-ups at MS realize that and this is their way of giving that kind of experience to their developers.

    3. Re:Yawn, nothing to see here -- move along... by andreyw · · Score: 1

      Actually, laugh all you want, but you would be surprised just *how* much Microsoft pushes the whole security/testing/debugging/safe code aspect during its college presentations.

      Heck, if you decide to go for an internship you have pretty much 3 choices - Program Manager (specs), SDE (Software Development Engineer) and SDET (Software Development Engineer in Test). That last position is very much QA.

    4. Re:Yawn, nothing to see here -- move along... by Cally · · Score: 1
      Yes, the rest of the world would call them Testers.
      If you know how testing can positively verify that no security bugs remain in a non-trivial program, I'm all ears.
      --
      "None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
    5. Re:Yawn, nothing to see here -- move along... by pookemon · · Score: 1

      I would like you to define how this exercise differs from Testing? Other than Microsoft don't actually have to employ the people they are using - not that that defines testing in any way?

      --
      dnuof eruc rof aixelsid
    6. Re:Yawn, nothing to see here -- move along... by 4mn0t1337 · · Score: 1
      I'm sure "(white|blue)-hat hacker" in this case is redefined to mean "anyone who cooperates with Microsoft when finding security vulnerabilities".

      As I pointed out above, the term blue hat is just a name for an internal conference. All of the engineering staff I met did not call themselves anything other than employees. Not even the security people there. (Although the ones I know in hacker circles might call themselves black/white/grey hat, but then again, they probably don't care enough to use those labels.)

      This is just a publicity stunt, a pretense that Microsoft is taking security research seriously.

      Well, I really doubt this is a publicity stunt. There was only one reporter there. I talked to him for a while and am in the article. If it was a stunt, there would be a lot more press there. Instead, they have kept this thing relatively quiet.

      The thing that struck me was watching the employees. I know most of the talks, but most of this was new stuff to them. (I did talk to a few people there that do hit a few of the Cons (BlackHat, DefCon, Shmoocon, ToorCon, etc.) but that was a few and these people were more interested in security to begin with.) The questions they asked at the end of each talk was great -- It showed that they were paying attention and that their interest was captured. Rather than putting their heads in the sand, they actively pursued the topics. And quite a few of them expressed interest in attending the Security/Hacker Cons after hearing what they heard that day.


      Now, if you want to talk about a PR stunt, try having MFST sponsor the beer at a hacker conference.
      That is unabashed.
      So was the drinking.

      --

      ______
      Once: you're a philosopher. Twice: a pervert.

    7. Re:Yawn, nothing to see here -- move along... by Anonymous Coward · · Score: 0

      I'm sure "(white|blue)-hat hacker" in this case is redefined to mean "anyone who cooperates with Microsoft when finding security vulnerabilities". Of course there are always proper ethical ways of dealing with the discovery of serious security flaws in software--that doesn't mean they have always had Microsoft's business or PR interests in mind.

      What the hell are you talking about?

      This is just a publicity stunt, a pretense that Microsoft is taking security research seriously.

      Seriously, what the hell do you people want? "A pretense"? Do you know how many billions Microsoft spends on security these days? Sure, you can be cynical and say that they do it because they have to, because of politics, because of the Linux threat -- whatever. But you can't say that they don't take it seriously, because that's just nuts. Every programmer they hire have to take an initial course in writing secure code, they have whole full-time teams that do nothing but try to find exploit (and other full-time teams who fix them), they cooperate with hackers who break their software. How many companies can say the same?

      If I'm wrong, then it would be interesting to know what security vulnerabilities were "uncovered" at their event. Are they going to be disclosing the details of such flaws? What do you, as a security researcher, have to "sign away" to participate?

      Read up on last years event. Many exploits were indeed uncovered at the event, but that's not its sole purpose anyway -- it's just as much to get MS in touch with the hackers so that they can learn from what they do, and to show MS engineers what state of the art exploits can do to their code. And you don't have to "sign away" anything.

      I'm all for MS bashing when it has some -- some -- rational motivation. But this drooling, knee-jerk Slashbot response just irritates me no end. This is a good thing and whiners like you, frankly, need to get out of your echo chamber and shut the fuck up.

    8. Re:Yawn, nothing to see here -- move along... by Cally · · Score: 1
      Testing compares actual application behaviour to a defined list of expected behaviour. Security bugs often fall outside the remit of testing (tho' fuzzing has , uhm, blurred the line somewhat) because they often manifest themselves in scenarios that were not forseen at design time (which is when the spec's definde, and of course QA tests are defined by the spec. Specs rarely describe what software should NOT do, only what it SHOULD do.

      Yes I have done professional QA on well-known software products, as well as pentests and vuln dev work.

      --
      "None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
  10. Blue Hat? by Ruvim · · Score: 0

    Blue Hat? As in Red Hat without air supply?

  11. Ethical? by frovingslosh · · Score: 3, Funny

    If they are ethical, why are they working with Microsoft?

    --
    I'm an American. I love this country and the freedoms that we used to have.
    1. Re:Ethical? by ScentCone · · Score: 1

      If they are ethical, why are they working with Microsoft?

      Gee... because much of the world's economy flows across desktops and servers running MS products?

      And if any association with an organization or group you don't like means something to you... are you suggesting that there are no unethical users of Linux or other non-MS platforms/tools?

      Even people who don't use (or like) MS and/or its products have an interest in hundreds of millions of people running cleaner, safer machines. Get a grip.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:Ethical? by Anonymous Coward · · Score: 0

      Even people who don't use (or like) MS and/or its products have an interest in hundreds of millions of people running cleaner, safer machines. Get a grip.

      Personally I'm all for ms enhancing their product line with security in mind, but what i see it its not with secruity in mind (but i choose not too use them). Just like any secruity company out there microsoft is using computer secruity as a tool to market their upcomming OS.

      Ofcourse you get security from ms update but you dont get "blue hat annual meeting just after the realease of vista" heck you dont even get it annually, you get it when ms wants it which means they are delivering this "conference" more so for media attention before the realse of their product. Nothing more.

      Secruity is not in mind, the possability of secruity is in mind and for some terrified business person (secruity wise) this is more then enough.

  12. Re:Is it me? -- Hacker Color Codes by Anonymous Coward · · Score: 5, Funny

    Black Hat = Cool Hackers, mostly under age 18, can not be prosecuted as an adult.
    Grey Hat = Hackers transitioning from Black to White.
    White Hat = A hacker over the age of 18, who rattles door knobs and probes security, but has stopped defacing websites.
    Blue Hat = WTF? Blue hats? Are these smurfs?
    Red Hats = Hackers with an RHCE, very, very dangerous.

  13. Adgenda indeed by oztiks · · Score: 3, Insightful

    This type of this stuff happened upon the realese of XP, everyone thought it was secure and i remember geeks and business people alike preaching how great and secure XP is and how there arnet any problems. A year later the problems a rose, now its time for everyone to go out an by Vista so lets peddle how we as microsoft care about our users security to get them to by Vista, then we'll do what we did before... let it get out of control so when it comes to the next version after vista we can look like the heros again

    Why on earth would they want to secure an OS, if it gets too secure there is less of a reason for people to spend hundreds of dallors on the next version..

    1. Re:Adgenda indeed by Anonymous Coward · · Score: 0

      So apple doesn't make a secure OS either then? Or is that "different"?

    2. Re:Adgenda indeed by oztiks · · Score: 1

      Yeah its quite different, Apple wouldnt be very concerned with their os as it doesnt hinge their sales like MS... Without windows MS doesnt get your money, without OSX you've still had to buy the entire computer from them.. Logcically it would be quite beneficial for OSX to mindful of secruity because it then has something over MS..

    3. Re:Adgenda indeed by dodobh · · Score: 1

      Geeks preaching XP security? I don't know of any. Quite a few people did praise XP SP2 though.

      --
      I can throw myself at the ground, and miss.
  14. So..... by RoadWarriorX · · Score: 1

    What did they find, hmmmm?

    --

    Coderz 4 Life
  15. MOD PARENT UP by QuantumG · · Score: 1

    belly chuckles.

    --
    How we know is more important than what we know.
  16. its getting warm in here... by Anonymous Coward · · Score: 0

    Outside researchers also had informal sessions with company developers, including a "burrito lunch" with the IE7 development team

    IE7 developers and burritos? too many hot air sources in that meeting...

    almost as much hot air as balmer :-)

  17. Marketting move? by elfguygmail.com · · Score: 4, Informative

    Why do I feel this is nothing more than a marketting move to show MS in a brighter light. After all, they are releasing a new Windows, Office, etc next year...

  18. I could have saved them a lot of trouble by Weaselmancer · · Score: 4, Insightful

    If they wanted to have their boxes 0wned, they don't have to hold a conference and invite a bunch of hackers over. I know a better way.

    Just plug the suckers straight into the net. And wait about three minutes. Done deal.

    --
    Weaselmancer
    rediculous.
    1. Re:I could have saved them a lot of trouble by oztiks · · Score: 1

      I'd laugh thinking this is something humerous that was just said, execpt ive seen this happen!

    2. Re:I could have saved them a lot of trouble by I'm+Don+Giovanni · · Score: 2, Insightful

      Unfortunately (or fortunately), this wouldn't work with XP SP2. ;-)
      Recall the studies that appeared some months ago (around February, I believe) showing that XP SP2, Mac OSX, and Ubunto Linux all resisted being compromised over a two week period of being connected to the net. XP SP2 was attacked much more, but resisted the attacks. XP SP1 was also part of the study, and it got owned within 12 minutes. :p

      --
      -- "I never gave these stories much credence." - HAL 9000
    3. Re:I could have saved them a lot of trouble by oztiks · · Score: 1

      i knew someone who put a spanking brand new 2003 box in a dc not so long ago, didnt run the patches before linking it up ...

      3hours and the system had enough spyware on it to sink a battle ship!

    4. Re:I could have saved them a lot of trouble by Dan_Bercell · · Score: 1

      Anyone care to explain to me how you get spyware on a computer without browsing to 'not-so-decent-sites' or installing junk software from the Internet?

    5. Re:I could have saved them a lot of trouble by hoopmastaflex · · Score: 0, Troll

      How come this is modded as insightful where other less anti-microsoft comments are modded as troll?

    6. Re:I could have saved them a lot of trouble by rcamans · · Score: 1

      yes, just put the box on a broadband connection and wait a few minutes.
      Someone will port scan you and fix your spyware challenged machine for you.
      apparently ms does not put their boxes on broadband networks.

      --
      wake up and hold your nose
    7. Re:I could have saved them a lot of trouble by oztiks · · Score: 2, Funny

      Anyone care to explain to me how you get spyware on a computer without browsing to 'not-so-decent-sites' or installing junk software from the Internet?

      install windows

    8. Re:I could have saved them a lot of trouble by Anonymous Coward · · Score: 0

      You don't. It's just more fun to ignorantly bash "Wind0z3".

    9. Re:I could have saved them a lot of trouble by oztiks · · Score: 1

      You don't. It's just more fun to ignorantly bash "Wind0z3".



      Yes :D

    10. Re:I could have saved them a lot of trouble by Dan_Bercell · · Score: 1

      Does a firewall prevent this? I am really curious, I havent seen a computer just 'get' spyware from the Internet, it usually takes user actions to get the crap on their pc. But then people like 'read' things on the net, then repeat it like they know whats going on.

    11. Re:I could have saved them a lot of trouble by Dan_Bercell · · Score: 1

      Forgot to mention that I have access/support about 400-500 different workstations/servers and have never seen this happen, but then again they are all behind a firewall.

    12. Re:I could have saved them a lot of trouble by ipn1nj4 · · Score: 1

      I agree. I support a similar number of machines and have never seen this happen without user interraction. Although I find it interesting that a default XP pro install will put some "questionable" cookies on your system according to spybot.

    13. Re:I could have saved them a lot of trouble by waamaral · · Score: 2, Interesting

      Let's just say the last time I installed a plain Win2k (i.e. no SP) I got the Blaster Worm 2 minutes after the first boot, and I didn't even started ANY program, including iE (I was trying to prove to myself the point that user interaction wasn't needed to compromise your system).
      The Windows I have now is XP-SP2, but I have not run into this, as I unplugged the network before installing, and only plugged again after I got a firewall installed.
      And, of course, any decent firewall will block this type of thing - that's precisely what the firewall is made for.

      --
      What, do I need a sig now?
    14. Re:I could have saved them a lot of trouble by Dan_Bercell · · Score: 1

      A worm is not considered 'spyware' though, not to mention a firewall (even a cheap netgear router) will block worms, especially blaster (I dont think any system should be on the Internet without a firewall, although Windows IS more likely to get infected by people then other OSs when not behind a firewall) You are correct, worms will infect systems not patched/behind a firewall, but I was refering to Spyware, which to my knowledge requires user interaction to infect. I would assume that any 5-6 year old 'popular' OS, by this I mean has been used by has/had been install on at least 10% (modest) of desktops/serves, would be easily infected/hacked as its security vulnerabilities are widely known and well documented by now.

    15. Re:I could have saved them a lot of trouble by Anonymous Coward · · Score: 0

      You don't. It's just more fun to ignorantly bash "Wind0z3".

      DING DING DING DING DING

    16. Re:I could have saved them a lot of trouble by syukton · · Score: 1

      Just because a worm is the most well-known example of a vulnerablity doesn't mean that it is the only thing making use of that particular vulnerability. Just because "slammer" equates to "uses vulnerability XYZ" in some peoples' minds, we (the remainder, those who are not under this impression) must keep in mind that it isn't unreasonable to believe that the same vulnerability could be exploited by other kinds of programs or other organizations.

      --
      Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
  19. WTF? by oztiks · · Score: 1
    "I would imagine that if we look into the future at the sixth Blue Hat ... there probably won't be anything like the topics discussed at the first and second one, because things will have changed," he said.

    ummmmm ... DUH!!!!!

  20. A head start? by AltGrendel · · Score: 1

    No, I don't think so. They are playing catch up no matter what they do. We all know that there have been cases of exploits that have been found, use, and not reported.
    At least they seem to be responding to pressure to do someting proactive about it now.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

    1. Re:A head start? by Anonymous Coward · · Score: 0

      What's all this about "now"? This is the second year in a row....in IT terms, a year ago is ancient history.

    2. Re:A head start? by 4mn0t1337 · · Score: 1

      Second BlueHat. Not second year. 1st one was earlier this year.

      --

      ______
      Once: you're a philosopher. Twice: a pervert.

  21. So what hat does this leave? by electrosoccertux · · Score: 4, Funny

    Microsoft is ok with "white hat" hackers, but when asked about the "Red Hat" crackers, Microsoft confirmed that these malicious coders only hurt Windows.

    Heh, yeah, thats the point of Linux.

  22. Can't Expect Improvements by putko · · Score: 2, Insightful

    You can't expect much in the way of security improvements at Microsoft -- MicroSoft does things to make money. If security costs money for them, or causes the support desks of their customers to take a lot of bullshit calls, they won't do it.

    Furthermore, if they were to start prioritizing security (or just plain old "quality") over the task of "making money", their shareholders would be very unhappy.

    I think the only thing that could cause them to take it seriously would be some sort of PC-aids: a worm that would linger, damaging business data and hardware -- such that customers would decide to finally junk Windows.

    This is very different from other businesses. E.g. if Paypal screws up their security, they will go out of business. So Paypal probably has some awesome security.

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  23. PR Stunt. by miffo.swe · · Score: 3, Interesting

    Just like with Windows 2000 (the unbreakable) this is just a publicity stunt. Real security comes from good design, not slap together crap and let 1000 monkeys throw random bits at it.

    --
    HTTP/1.1 400
    1. Re:PR Stunt. by Nevo · · Score: 2, Insightful

      You apparently haven't read up on Microsoft's Secure Development Lifecycle. Microsoft is now designing security into their products from the ground up. (http://msdn.microsoft.com/msdnmag/issues/05/11/SD L/default.aspx)

      Tell me... what are other software companies doing to improve their product security?

      Microsoft is leaps and bounds ahead of most software vendors when it comes to product security. Go ahead, flame away at Microsoft. I'll agree there have been some colossal security screwups in Microsoft products.

      At least they have a plan (and it's currently in place and working) to improve their product quality. What is your software vendor doing in that arena?

    2. Re:PR Stunt. by FidelCatsro · · Score: 1

      "Microsoft is leaps and bounds ahead of most software vendors when it comes to product security"
      God help us

      --
      The only things certain in war are Propaganda and Death. You can never be sure which is which though
    3. Re:PR Stunt. by dodobh · · Score: 1

      You mean, people like OpenBSD, or perhaps Debian, or Gentoo or ....
      When you avoid screwing up your design the first time round, it does help that you need to do less work.

      --
      I can throw myself at the ground, and miss.
    4. Re:PR Stunt. by Xarius · · Score: 1

      Tell me... what are other software companies doing to improve their product security?
      What is your software vendor doing in that arena?

      The same thing they've been doing for over a decade in most cases, and that is always having security as one of the top priorities.

      --
      C17H21NO4
  24. Definition hacker? by azatht · · Score: 3, Insightful

    Isn't the definiton of a hacker not a cracker?

    --
    ------- In the end there are no begining
    1. Re:Definition hacker? by Xarius · · Score: 1

      A cracker is someone who breaks copy protection methods.

      A hacker (contrary to what all the geeks would like to think) is someone who unlawfully enters a computer system. For whatever reason.

      --
      C17H21NO4
  25. Re:Is it me? -- Hacker Color Codes by tsmithnj · · Score: 1, Funny

    Black Hat = Cool Hackers, mostly under age 18, can not be prosecuted as an adult.
    Grey Hat = Hackers transitioning from Black to White.
    White Hat = A hacker over the age of 18, who rattles door knobs and probes security, but has stopped defacing websites.
    Blue Hat = WTF? Blue hats? Are these smurfs?
    Red Hats = Hackers with an RHCE, very, very dangerous.

    You forgot brown hats = hackers with their heads up their asses.....

  26. Only two days? by Anonymous Coward · · Score: 0

    This "event" should be ongoing because in the real world it is ongoing.

  27. My thoughts, being there by Anonymous Coward · · Score: 0

    I was in town to do a privacy webcast, and was invited to hang around and see Blue Hat. My thoughts are at http://www.emergentchaos.com/archives/001822.html

  28. Re:Is it me? -- Hacker Color Codes by vicgolgo13 · · Score: 5, Funny
    You forgot a few:

    Lavender Hat = A hacker afraid to come out of the closet.
    Rainbow Hat = He's a hacker and he's proud! 2 Snaps and an @ symbol!
    Yellow Hat = A White Hat hacker who's just been pissed on.
    Green Hat = A novice who is just learning how to hack. (also known as a n00b, FNG, Script-Kiddie).

  29. Re:Is it me? -- Hacker Color Codes by Anonymous Coward · · Score: 0

    smurfs wear white hats.

  30. Related Story by Anonymous Coward · · Score: 2, Funny

    In related news, Playboy Inc. invited a small group of whackers to their office to check out next year's calendar girls.

    Afterwards everyone had lunch with Natalie Portman.

  31. Ned Flanders! by Anonymous Coward · · Score: 0

    somehow all these whitehat hackers would seem as timid as Ned Flanders...

    --Homer J. Simpson

    1. Re:Ned Flanders! by Anonymous Coward · · Score: 0

      pwn3d-didd7y, nheyb0r!!!

  32. Heresy by Agarax · · Score: 1

    They are aiding Microsoft, the Great Darkness which is called Abomination, Destroyer of the Earth, the Gates of Hell.

    Collaboration with the followers of Mammon results in eternal damnation!

    --
    Remember folks, slashdot doesn't have a -1 "disagree" moderation!
    1. Re:Heresy by Agarax · · Score: 1

      Blasphemer! Burn him at the stake!

      I only view this site from a fully concecrated Fedora Core box using the holy Firefox webbrowser.

      [/sarcasm]

      Actually, old boy, I got the first bit from the Gospel of Tux, one of the better Linux jokes/humor out there. The Mammon reference is obvious to anyone who knows the famous about:mozilla easteregg. And this is the first time I have posted it.

      Have a good day, remember to stay off the cough syrup.

      --
      Remember folks, slashdot doesn't have a -1 "disagree" moderation!
  33. Re:Is it me? -- Hacker Color Codes by joelleo · · Score: 5, Funny
    Red Hats = Hackers with an RHCE, very, very dangerous.
    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\administrator>ifconfig
    'ifconfig' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\administrator>man ifconfig
    'man' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\administrator>cd /

    C:\Documents and Settings\administrator>grep /etc/passwd
    'grep' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\administrator>man wtf
    'man' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\administrator>GAHH!
    'GAHH!' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Documents and Settings\administrator>

    RHCE flings pen-filled pocket protector at the lcd panel of the Windows Server 2003 box' monitor

    yup, dangerous :)

    --
    "In the end, there is simply no weapon more devastating than the truth, delivered in just the right way." - tnk1
  34. I guess that's good and all by RiotXIX · · Score: 2, Insightful

    But from the article I got the impression of 2 things:

    1. This is currently some sort of annual peepshow extravaganza: these ties should be kept all the time, pay them, it's important.

    2. More critically -
    they're proabably going to invest more on stuff like Digital Rights Management, because they're more wary of people hacking MS content. By that I mean they might see things like illegal tranfer of media as a bigger issue, because it affects their reputation/their content protection schemes/their standards. I hope it doesn't sideline what business company users are worried about (things that affect their company, like virii, trojans), and not Microsoft's business model/vision of more trivial things (like preventing media copying) - which is they've been investing a lot in recently. Home Windows != Business windows, or at least it shouldn't be.

    That was a dull post.

    --
    "You know you don't act like a scientist, you're more like a game show host." Dana Barret
  35. Re:Is it me? -- Hacker Color Codes by notasheep · · Score: 1

    That's freakin' hilarious! Mod funny!

    --
    Your mind looks a little cramped. Why don't you stretch it a little?
  36. MS does something interesting by Anonymous Coward · · Score: 1, Insightful

    and /. has 60 comments of flamebait for every 3 decent comments. Grow up linux zealots.

  37. So... by Liam+Slider · · Score: 2, Funny

    How many seconds into the conference did it take for them to get royally pwned?

    1. Re:So... by bazio · · Score: 1

      Actually, took about 20 minutes. 19 minutes trying to figure out why the PCs kept blue-screening on boot-up, 45 seconds to actually boot once they figured it out, 10 seconds to cancel the Internet Setup Wizard when they tried to get online, and 5 seconds of online time before the 0wnage began.

      Microsoft... If it can't boot, they can't hack it. Security through sheer crappiness.

      --
      Set the bar high, then bring a tall ladder.
  38. obligatory response by Viking+Coder · · Score: 3, Funny

    "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see."

    Admiral Ackbar sez...

    IT'S A TRAP!

    --
    Education is the silver bullet.
  39. Stupid by NullProg · · Score: 5, Interesting

    This does nothing towards Mom and Dad surfing the internet using IE. Getting owned is simple.

    XP/SP2 and 2003 Server are pretty much secure out of the box. When can we look forward to
    IE being moved to user space? Never? When can we look forward to an O/S that doesn't have a re-ocurring fee every three years? Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?

    If it weren't for Quicken, Mom and Dad would be using SuSE by now.

    Enjoy,

    --
    It's just the normal noises in here.
    1. Re:Stupid by ichin4 · · Score: 1

      Sigh... Microsoft bears some blame for their "IE is part of the OS" legal rhetoric, but for technicially competent people to still think that meant that IE ran in kernel space is really inexcusable.

      IE never ran in kernel space. Nowdays many parts of it don't even run with user privleges, but are hieved off to a process that runs with even fewer privleges than the user. When Microsoft said "IE is part of the OS", what they meant, in technical terms, is: it's important that we ship the HTML processing library on which IE is based in the Windows box, so that application writers can be sure of always having a consistant HTML processing library available on the machine.

    2. Re:Stupid by Anonymous Coward · · Score: 0

      OK, define "Getting owned/0wned/0wn3d/own3d/p0wned"/whatever fucking variation you like.

      What do *you* mean by 'getting owned'? Virus infection on an unpatched box? Spyware installs? Or complete Administrator-level privileges on a remote Windows machine? The latter is what I'd consider "owned". The others are definite security issues with serious ramifications, but to paraphrase, "I do not think that word means what you think it means."

    3. Re:Stupid by Tim+C · · Score: 5, Insightful

      When can we look forward to IE being moved to user space? Never?

      IE has never been anywhere but in user space. "Integrated into the OS" doesn't mean "runs in kernel space".

      When can we look forward to an O/S that doesn't have a re-ocurring fee every three years?

      Woah, thanks for letting me know - I'm well overdue on my payment!

      Seriously, what the hell is that supposed to mean? MS generally supports its OSes for about 10 years, which is a damn sight longer than any of the Linux distributions. It's also been longer than three years since XP was released. Finally, just because the OS is no longer supported doesn't mean that it spontaneously stops working. Sure, there are no more security patches for it, but you can still use it, if you feel you're sufficiently secure. A well-controlled PC or network behind a firewall used by savvy people is at almost no risk of being owned.

      Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?

      The same reason you have to agree to a licence to use the original software - because of the fiction that you need permission to install the software and load it into RAM, as that constitutes copying. In order to maintain the fiction, MS has to licence its patches, too. (In fact, I can't remember the last (commercial) patch that didn't require a licence click-through)

      For that matter, I installed some GPLed software yesterday (Squirrel SQL client) and it required me to agree to the LGPL on installation. MS aren't the only ones with crazy licence agreement requirements...

      --
      It's official. Most of you are morons.
    4. Re:Stupid by MoogMan · · Score: 1

      Why would moving IE to the user space help, when the default is Administrator?

    5. Re:Stupid by Anonymous Coward · · Score: 0

      Use CrossoverOffice with Quicken on Linux. I have been using it for well over a year.

    6. Re:Stupid by sgt+scrub · · Score: 1

      Quicken runs under Wine if you have a windows partition.

      --
      Having to work for a living is the root of all evil.
    7. Re:Stupid by NullProg · · Score: 1

      IE has never been anywhere but in user space. "Integrated into the OS" doesn't mean "runs in kernel space".

      User space under Windows and Linux is different. Perhaps I should have constructed my post better.

      From just last week A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.microsoft.com/technet/security/Bulletin /MS05-052.mspx

      I believe IE should not be allowed to provide/host any services under Windows.
      Just my opinion though.

      Enjoy,

      --
      It's just the normal noises in here.
    8. Re:Stupid by caudron · · Score: 1

      If it weren't for Quicken, Mom and Dad would be using SuSE by now.

      I and two others I know (the other two are not IT people) run Quicken in Linux under Crossover Office. Works beautifully in my experience. A couple very minor visual glitches on some dialog boxes, but that's basically it. If they really wanna move the Linux (in other words "not just becuase you or I may want them using linux") then I'd say they could do it today with Crossover Office.

      I suppose I should add that your mileage may vary.

      --
      -Tom
    9. Re:Stupid by SirPavlova · · Score: 1
      User space under Windows and Linux is different.

      Just out of interest, what is it that's different?

      --
      Yar.
  40. Rozhodli jsme se poohlédnout by Anonymous Coward · · Score: 0

    ak uz jsem ekl, design Mobil serveru v prvních msících neml se zpravodajským vzhledem nic do inní, titulní stránka byla odkazovníkem na samostatné, jednoduse vedené rubriky. Nebylo to samoúelné, pvodn jsme server chápali jako spojení nezávislých stránek, navíc jsme vbec nepoítali s njakým zpravodajstvím. Pouze jsme hodlali udrzovat seznamy telefon, pehled operátorských sluzeb a jejich ceníky, tedy vsechno to, co operátoi ani výrobci mobil na internetu v té dob nemli. Kazdý z nás tí tedy ml na starosti svoji sekci" a tam si ádil po libosti. Jenze uz krátce po neoficiálním startu v listopadu 96 a jest silnji po tom oficiálním v lednu 97 se ukázalo, ze tohle uspoádání není sastné. Lidem se nechtlo procházet nezávisle na sob aktualizované sekce a protoze si vsimli, ze kazdá z tch sekcí se aktualizuje minimáln jedou týdn, chtli, abychom odkazy na aktualizace centralizovali.

    Nejdíve jsme se to pokusili osulit a Petr nainstalova na server njaký script, který zjisoval, kdy byly které stránky upraveny a automaticky je adil podle data modifikace. Jenze ani to nebylo to pravé oechové, protoze kdyz jsme opravili njaký peklep nebo zaktualizovali malikost, ihned se to na výpisu tohoto scriptu projevilo.

    Rozhodli jsme se poohlédnout, jak to esí ve svt. Abychom pedesli podezení, ze jsme padlí na hlavu a pro jsme hned od poátku nepouzili klasický zpravodajský styl, rád bych pedeslal, ze na pelomu let 1996/7 nebylo vbec jasné, CO je to ten klasický zpravodajský styl. Rzné servery to esily rzn a to diametráln odlisn. Asi nejrozsíenjsí esení bylo pouzití sekce ve stylu Whats New" - tedy odkaz na titulní stránce, který vás navedl na posledn pidané lánky, tedy prakticky stejné esení, jaké jsme pouzili i my. Titulní stránka odkazovala tedy na nejrznjsí sekce a na novinky, sama ale pehled novinek a posledních lánk neobsahovala.

    Jiné servery novinky na webu vbec nepublikovaly a rozesílaly je výhradn emailem, takze web jim vlastn slouzil jen pro registraci k odbru emailových zpráv. V echách toto esení pouzíval L. Zajíek pro rozesílání News on Net - rozesílal je emailem a na bajt.cz se najít nedaly nebo jen nepravideln.

    Dalsí servery pro publikování pouzívaly PDF - a to a uz formou dokument stazitelných na webu, tak objednávaných emailem. Zde bylo hlavním motivem snaha o zachování grafické jednoty, ada publikací totiz nenávidla na internetu fakt, ze nebylo mozné pesn ovlivnit, jak dokument v tom kterém prohlízei a nastavení systému vypadal. Na tohle nebyli z novin zvyklí - lánek v novinách vypadal stejn v LA jako v NY.

    Nkteré nejmodernjsí servery pouzívaly poutání lánk pímo z titulní stránky - abych byl pesnjsí, slo zejména o News.com patící spolenosti CNET a také konkurenní ZD News. To byla v eském pojetí pímo hypermoderna, protoze to uz jste museli pedpokládat, ze kazdý týden ne-li kazdý den bude nco nového, aby se vyplatilo to poutat pímo z titulní stránky. Navíc to nabourávalo dosavadní vnímání internetu jako doplkového média k papírovým titulm. Podobný systém pouzil pro své Invexové vydání na podzim roku 1996 server Ziv, jenze ten pak prakticky odumel a byl aktualizován sporadicky.

  41. WTF are blue hats? by Chulo · · Score: 1

    So blue hats are hackers that actually admire Microsoft? Am I the only one who sees a contradictory here? Not a single architect appreciates a building that is built built from the top-down. Just like no true hacker appreciates M$ or their design and data structures. Adults are to good for "hats" or anything material of the sort anyways.

    1. Re:WTF are blue hats? by Anonymous Coward · · Score: 0

      Just like no true hacker appreciates M$ or their design and data structures

      Spoken like a true mindless twit. I'm sure you've really taken to time to appreciate Microsoft's "design and data structures". Or is it more likely that you are just spewing the same hate for which /. is known for world-wide. Keep up the tiny-brained posts... you amuse me. The only "contradictory" that I see is that, with apparently such a half-wit mind, you are able to form a coherent thought, let alone two in a row. You blithering id10t.

    2. Re:WTF are blue hats? by Redwin · · Score: 1

      Unless of course they are doing it in the hopes of being able to get something fixed. If you were that architect looking at the building built from the top down and the designer said to you "look we need help looking for flaws in this design" wouldn't you want to point them out?

      If your main grudge against Microsoft was their design, and you knew ways it could come crashing down, would you not want to try and improve things if they offered you money (or even if they didn't).

      --
      Warning, comments may not have been passed by the sanity department of my brain.
  42. Slashdot by Anonymous Coward · · Score: 0

    http://slashdot.org/comments.pl?sid=48776&threshol d=1&commentsort=0&tid=106&mode=thread&pid=4942964# 4943347 ], StarOffice 6.0 lashdot (nimi tulee merkeistä: /.) on suosittu teknologiaan suuntautunut www-sivusto. Sivun rungon muodostavat käyttäjien tekemät uutispoiminnot, kysymykset ja arvostelut. Slashdot käyttää Apache-webpalvelinta mod_perl laajennoksella ja MySQL-tietokantaa.

    Sivuston avasi syyskuussa 1997 Rob "CmdrTaco" Malda. Nykysin sivua pyrittävät hänen lisäkseen Jeff "Hemos" Bates ja Robin "Roblimo" Miller. Kesäkuussa 1999 sivuston osti Andover.net, joka helmikuussa 2000 fuusioitui VA Linux -yhtiön kanssa.

    Slashdot on myös kuulu siihen liittyvästä slashdot-efektistä, joka tarkoittaa sivustojen tukkiutumista (yleensä perin lyhyessä ajassa) useiden satojen käyttäjien pyrkiessä katsomaan uutisessa mainitun linkin sisältöä. Tämä voi johtaa jopa siihen, että sivusto ei enää vastaa palvelupyyntöihin.

    Rob Malda kosi nykyistä vaimoaan Kathleen Fentiä 14. helmikuuta 2002 Slashdotin etusivulla julkaisemallaan jutulla.

  43. Honeypots anybody? by betasam · · Score: 2, Insightful

    With so many security holes cropping up in the past, it would be more prudent for Microsoft to have a honeypot setup. This event (article) is closer to a marketing show (call in white hats, black hats, anybody) for a new release. Microsoft does have the resources to put up such a "Challenge" machine and try to keep it online by fixes, lure the real black hats to crack it. Fixing that would really help them work on their security (if they are truly concerned.) There are reports of independent Honeypot projects setup for assessing network security. It's high time Microsoft tried it at their expense for the benefit of their customers.

    --
    No Greater Friend, No Greater Enemy! (Lucius Cornelius Sulla)
    1. Re:Honeypots anybody? by atomic-penguin · · Score: 1

      Having target machines was included in the demonstration at the last event. Microsoft employees watched as the systems were compromised. This article did not give any technical details of the activities of this year's event.

      Article sounds like it was just a regular old trade show. The article mentions a social mixer, a meeting for executives, and a meeting for engineers. Surely there was something more interesting than this that happened, but it isn't in this article.

      --
      /^([Ss]ame [Bb]at (time, |channel.)){2}$/
    2. Re:Honeypots anybody? by Murgalon · · Score: 1

      I think the whole concept of a honeypot is not to tell anyone about it. So how do know Microsoft does not currently have a honeypot set up ?

  44. Skúlason á Slashdot by Anonymous Coward · · Score: 0

    Slashdot.org bendir á opið bréf Friðriks Skúlasonar ar sem hann gagnrýnir samkeppnisaðila sína í tölvupóstvírusa bransanum fyrir að auka bara á vandann af Sobig.F og álíka tölvuormum í stað ess að reyna að leysa hann. Ég frétti af essu bréfi á síðunni hans Bjarna.

    Gaman að sjá íslenskt fyrirtæki vera Slashdottað í tætlur, gaman sjá faglegt og málefnalegt diss milli fyrirtækja í samkeppni, og gaman að sjá frétt eftir sjálfan sig birtast á Slashdot í fyrsta skipti (eða er etta kannski annað skiptið...? helv. gullfiskaminni).

    Ég velti fyrir mér hvað ég sæi ef ég kynni að greppa kryptísku Apache loggana á Klaka... :-
    ss, etta sést varla á álagsgröfunum. Ég hélt í smá stund að að væri eitthvað spennó að gerast, en á var að bara essi venjulegi kl. 18:00 "allir að athuga hvort að urfi að uppfæra eitthvað" toppur.

    Gott að sjá að FRISK lifði af. Ég man síðast egar einhver sagði "að verður ekkert álag á essum vef" og á fór aðeins öðruvísi ;-) Reyndar virðist /.-un vera einnig tiltölulega algeng á litlum vefum sem eru hýstir hjá aðilum sem eru með bandvíddartakmarkanir, .e. egar búið er að sækja 100Mb á mánuði frá essum vef á lokast hann. Já og svo auðvitað silly silly Java-crapletvefir :-)
    Bjarni: jamm, eins algengt og að er að slashdotta síður í klessu, á eru etta hreint og beint illa uppsettir vefjónar/gagnagrunnar sem valda essu. Ég las einmitt grein á /. (nenni ekki að finna URL, sorrý) um að hvernig væri hægt að nota gamla vél með ekkert allt of mikið af resoursum sem mundi léttilega standast the /. effect.

    Bjarni: jamm, eins algengt og að er að slashdotta síður í klessu, á eru etta hreint og beint illa uppsettir vefjónar/gagnagrunnar sem valda essu. Ég las einmitt grein á /. (nenni ekki að finna URL, sorrý) um að hvernig væri hægt að nota gamla vél með ekkert allt of mikið af resoursum sem mundi léttilega standast the /. effect.

    ott að sjá að FRISK lifði af. Ég man síðast egar einhver sagði "að verður ekkert álag á essum vef" og á fór aðeins öðruvísi ;-) Reyndar virðist /.-un vera einnig tiltölulega algeng á litlum vefum sem eru hýstir hjá aðilum sem eru með bandvíddartakmarkanir, .e. egar búið er að sækja 100Mb á mánuði frá essum vef á lokast hann. Já og svo auðvitað silly silly Java-crapletvefir :-)

    Bjarni: jamm, eins algengt og að er að slashdotta síður í klessu, á eru etta hreint og beint illa uppsettir vefjónar/gagnagrunnar sem valda essu. Ég las einmitt grein á /. (nenni ekki að finna URL, sorrý) um að hvernig væri hægt að nota gamla vél með ekkert allt of mikið af resoursum sem mundi léttilega standast the /. effect.

    Gott að sjá að FRISK lifði af. Ég man síðast egar einhver sagði "að verður ekkert álag á essum

  45. Re:Is it me? -- Hacker Color Codes by DaFallus · · Score: 1

    I thought Smurfs have white hats. Except for Papa Smurf, who wears a red hat. Too bad it isn't a fedora.

    --
    No one cares what your captcha was

    Houston TX, USA
  46. hats conspiracy? by flazz · · Score: 0
    People will soon opt for blue hat or white hat because that might be their favorite color. Not everyone likes red, I know I don't.

    BAM! 2/3rds of the colored hat market cornered.

    Blue Hat, embrace?

    White Hat, extend?

    Red Hat, Destroy!

    Also there are reports of MS products named genthree, hustleware and ooboontoo. Windows Vista will be renamed at the last minute to Windows11, that's right its Solaris10 and OSX +1

    You can't out-market MS son!

  47. Smurfs had white hats by PickyH3D · · Score: 1

    Not blue hats.

  48. In other news... by Anonymous Coward · · Score: 0

    Anglers have been invited to this year's "Fish in a Barrel - with Shotguns" conference.

  49. Hacking? by Jack+Earl · · Score: 1

    Hackers? Or Feature Finders?

  50. Microsoft cannot be trusted.. by Anonymous Coward · · Score: 0

    With all of the lies Microsoft has told, and the fact that they were caught faking evidence in a court of law, do you seriously think you can believe a word that comes out of their mouth now? Microsoft has shown that they cannot be trusted.

    Only a complete idiot would trust Microsoft and I love that fact that they will never have 100% of the desktop or server markets.

    Long Live Linux!

  51. Re:Is it me? -- Hacker Color Codes by Psychochild · · Score: 1

    No, no, you have to go to the authoritative source to understand the colors:

    Black = Destructive, mostly damage-causing.
    White = Healing and protective.
    Red = A combination of Black and White.
    Blue = Learns from watching others.

    Blue would also be known as a "Script Kiddie". It's appropriate that Microsoft is focusing on Blue Hats.

    --
    Brian "Psychochild" Green
    MMO developer's blog
  52. perfect timing by recharged95 · · Score: 1
    Goes to show that Micrsoft is now a typical mature business. It's future as an innovative company will likely sink further. That's considering they used to toot loudly how they could solve everything internally and with internal means. Hopefully this will make customers more comfortable with OSS, that even Microsoft needs outside (out of their control) help to figure out their products.

    Obviously they're learning from the OSS movement, which is good.

    Will they still make money... of course. This doubles as a great PR stunt.

    1. Re:perfect timing by CaptainTux · · Score: 1
      Hopefully this will make customers more comfortable with OSS, that even Microsoft needs outside (out of their control) help to figure out their products.

      Why would this make customers more comfortable OSS? If anything, this will strengthen MS's reputation in customers minds because it shows that they are, finally, starting to take the security of their products more seriously. It shows maturation and growth that they can say "Hey, we aren't up to speed on all of the attacks that will be launched against our products but we want to be prepared for when they are launched and we want to discover and fix what will be attacked before it actually is. Teach us".

      While I'm definately not a Microsoft fanboy, let's not sink to their level and skew the facts just to try to strengthen our stance. It's disingenious and people see right through it. Give MS credit where credit is due: this is a positive thing from MS.

      --
      Anthony Papillion
      Advanced Data Concepts, Inc.
      "Quality Custom Software and IT Services"
  53. A Bad Thing - Help test your own DRM chains by Anonymous Coward · · Score: 0

    Right, mister cool hacker. Find the hole so that it gets plugged before the release. Then enjoy the nice DRM. Remember the Xbox hack which only works because some 007ish game has a buffer overflow ?

  54. I'd have said more like... by caveat · · Score: 1

    ...putting a division of M1A2s up against the Brink's Armored Car man. But you're still apt. Apt!

    --

    Facts do not cease to exist because they are ignored. - Aldous Huxley
  55. The questions I have are by beforewisdom · · Score: 1

    The questions I have are

    1. Why don't they hire these guys to play around and do this all of the time?

    2. If they have people finding holes for them, why are there still holes?

  56. "things will have changed" by Anonymous Coward · · Score: 0

    "I would imagine that if we look into the future at the sixth Blue Hat ... there probably won't be anything like the topics discussed at the first and second one, because things will have changed,"

    Unless its Internet Explorer, at which point it will take 7 years and actual competition of some sort appears.

    Monopolies. Hurt. Us. All.

  57. The definition, people! by GotenXiao · · Score: 1

    CRACKERS, dammit! The hacker community is getting mighty pissed at being brought down to their level!

    Now, where'd I put those security codes...

    --
    Goten Xiao