Microsoft Consults Ethical Hackers at Blue Hat

← Back to Stories (view on slashdot.org)

Microsoft Consults Ethical Hackers at Blue Hat

Posted by samzenpus on Wednesday October 19, 2005 @11:48AM from the dare-you-to-break-it dept.

linumax writes "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see.Blue Hat V2 was held on Thursday and Friday and teamed noted "white hat" hackers with Microsoft employees to break into and expose security weaknesses in the company's products. Over 1,000 Microsoft developers, managers and security experts attended, including Microsoft brass Jim Allchin and Kevin Johnson, co-presidents of the company's Platforms, Products & Services Division."

4 of 162 comments (clear)

Min score:

Reason:

Sort:

Good thing by Sinryc · 2005-10-19 11:51 · Score: 5, Insightful

This is a good thing. It always is good to get someone to try and break your software, that way you know what you can do to fix it. Lets be honest here, Microsoft is number 1 in sales, so I hope they can make a better product, for the saftey of everyones computer.

--
Yay, I have a sig.
1. Re:Good thing by geekoid · 2005-10-19 12:04 · Score: 5, Insightful
  
  Except this way they can keep the vulnerabilities to the selves and fix them with less PR issues.
  
  Hiring outside security people to break a system is not uncommon.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Re:Typical /. response by notasheep · 2005-10-19 13:12 · Score: 5, Insightful

If you'd RTFA you'd understand that they were invited there to show techniques that hackers use so MS developers can have a better understanding of what to think about when they code. They weren't there to do a line-by-line security review.

--
Your mind looks a little cramped. Why don't you stretch it a little?
Re:Stupid by Tim+C · 2005-10-19 18:27 · Score: 5, Insightful

When can we look forward to IE being moved to user space? Never?

IE has never been anywhere but in user space. "Integrated into the OS" doesn't mean "runs in kernel space".

When can we look forward to an O/S that doesn't have a re-ocurring fee every three years?

Woah, thanks for letting me know - I'm well overdue on my payment!

Seriously, what the hell is that supposed to mean? MS generally supports its OSes for about 10 years, which is a damn sight longer than any of the Linux distributions. It's also been longer than three years since XP was released. Finally, just because the OS is no longer supported doesn't mean that it spontaneously stops working. Sure, there are no more security patches for it, but you can still use it, if you feel you're sufficiently secure. A well-controlled PC or network behind a firewall used by savvy people is at almost no risk of being owned.

Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?

The same reason you have to agree to a licence to use the original software - because of the fiction that you need permission to install the software and load it into RAM, as that constitutes copying. In order to maintain the fiction, MS has to licence its patches, too. (In fact, I can't remember the last (commercial) patch that didn't require a licence click-through)

For that matter, I installed some GPLed software yesterday (Squirrel SQL client) and it required me to agree to the LGPL on installation. MS aren't the only ones with crazy licence agreement requirements...

--
It's official. Most of you are morons.