Slashdot Mirror
Microsoft Consults Ethical Hackers at Blue Hat
linumax writes "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see.Blue Hat V2 was held on Thursday and Friday and teamed noted "white hat" hackers with Microsoft employees to break into and expose security weaknesses in the company's products. Over 1,000 Microsoft developers, managers and security experts attended, including Microsoft brass Jim Allchin and Kevin Johnson, co-presidents of the company's Platforms, Products & Services Division."
This is a good thing. It always is good to get someone to try and break your software, that way you know what you can do to fix it. Lets be honest here, Microsoft is number 1 in sales, so I hope they can make a better product, for the saftey of everyones computer.
Yay, I have a sig.
A sign of changing times, indeed. It seems pretty clear that Microsoft has needed to buddy up more with the people who can break their software, because it's going to happen anyways, at least now they might have a head start. I can't really commend the decision to start now, though, as it seems to be both forced by the current politics and belated in that they should have had the foresight to do it earlier.
If they wanted to have their boxes 0wned, they don't have to hold a conference and invite a bunch of hackers over. I know a better way.
Just plug the suckers straight into the net. And wait about three minutes. Done deal.
Weaselmancer
rediculous.
If you'd RTFA you'd understand that they were invited there to show techniques that hackers use so MS developers can have a better understanding of what to think about when they code. They weren't there to do a line-by-line security review.
Your mind looks a little cramped. Why don't you stretch it a little?
When can we look forward to IE being moved to user space? Never?
IE has never been anywhere but in user space. "Integrated into the OS" doesn't mean "runs in kernel space".
When can we look forward to an O/S that doesn't have a re-ocurring fee every three years?
Woah, thanks for letting me know - I'm well overdue on my payment!
Seriously, what the hell is that supposed to mean? MS generally supports its OSes for about 10 years, which is a damn sight longer than any of the Linux distributions. It's also been longer than three years since XP was released. Finally, just because the OS is no longer supported doesn't mean that it spontaneously stops working. Sure, there are no more security patches for it, but you can still use it, if you feel you're sufficiently secure. A well-controlled PC or network behind a firewall used by savvy people is at almost no risk of being owned.
Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?
The same reason you have to agree to a licence to use the original software - because of the fiction that you need permission to install the software and load it into RAM, as that constitutes copying. In order to maintain the fiction, MS has to licence its patches, too. (In fact, I can't remember the last (commercial) patch that didn't require a licence click-through)
For that matter, I installed some GPLed software yesterday (Squirrel SQL client) and it required me to agree to the LGPL on installation. MS aren't the only ones with crazy licence agreement requirements...
It's official. Most of you are morons.