Slashdot Mirror
Microsoft Consults Ethical Hackers at Blue Hat
linumax writes "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see.Blue Hat V2 was held on Thursday and Friday and teamed noted "white hat" hackers with Microsoft employees to break into and expose security weaknesses in the company's products. Over 1,000 Microsoft developers, managers and security experts attended, including Microsoft brass Jim Allchin and Kevin Johnson, co-presidents of the company's Platforms, Products & Services Division."
This is a good thing. It always is good to get someone to try and break your software, that way you know what you can do to fix it. Lets be honest here, Microsoft is number 1 in sales, so I hope they can make a better product, for the saftey of everyones computer.
Yay, I have a sig.
I wonder how many items covered this year, were rehashes of last year, and "we told ya so!"
My cat's picked up a Hammer. HEY! Put down that Hammer. Put Down that Hamm...THUNK!
Every day is Blue Hack day.
A sign of changing times, indeed. It seems pretty clear that Microsoft has needed to buddy up more with the people who can break their software, because it's going to happen anyways, at least now they might have a head start. I can't really commend the decision to start now, though, as it seems to be both forced by the current politics and belated in that they should have had the foresight to do it earlier.
Okay I don't like either of these terms for hackers with morals.. Lets think of something new:
-Deeks (decent geeks?)
-Prerds (Principled Nerds?)
-Fairackers (fair hackers?)
Also remember that the term hacker is not always seen as negative in of itself: From: http://www.smoothwall.net/support/glossary.html "A highly proficient computer programmer who seeks to gain unauthorised access to systems without malicious intent."
~jennifer.k~
I'm sure "(white|blue)-hat hacker" in this case is redefined to mean "anyone who cooperates with Microsoft when finding security vulnerabilities". Of course there are always proper ethical ways of dealing with the discovery of serious security flaws in software--that doesn't mean they have always had Microsoft's business or PR interests in mind.
This is just a publicity stunt, a pretense that Microsoft is taking security research seriously.
If I'm wrong, then it would be interesting to know what security vulnerabilities were "uncovered" at their event. Are they going to be disclosing the details of such flaws? What do you, as a security researcher, have to "sign away" to participate?
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
If they are ethical, why are they working with Microsoft?
I'm an American. I love this country and the freedoms that we used to have.
Black Hat = Cool Hackers, mostly under age 18, can not be prosecuted as an adult.
Grey Hat = Hackers transitioning from Black to White.
White Hat = A hacker over the age of 18, who rattles door knobs and probes security, but has stopped defacing websites.
Blue Hat = WTF? Blue hats? Are these smurfs?
Red Hats = Hackers with an RHCE, very, very dangerous.
This type of this stuff happened upon the realese of XP, everyone thought it was secure and i remember geeks and business people alike preaching how great and secure XP is and how there arnet any problems. A year later the problems a rose, now its time for everyone to go out an by Vista so lets peddle how we as microsoft care about our users security to get them to by Vista, then we'll do what we did before... let it get out of control so when it comes to the next version after vista we can look like the heros again
Why on earth would they want to secure an OS, if it gets too secure there is less of a reason for people to spend hundreds of dallors on the next version..
Why do I feel this is nothing more than a marketting move to show MS in a brighter light. After all, they are releasing a new Windows, Office, etc next year...
If they wanted to have their boxes 0wned, they don't have to hold a conference and invite a bunch of hackers over. I know a better way.
Just plug the suckers straight into the net. And wait about three minutes. Done deal.
Weaselmancer
rediculous.
Microsoft is ok with "white hat" hackers, but when asked about the "Red Hat" crackers, Microsoft confirmed that these malicious coders only hurt Windows.
Heh, yeah, thats the point of Linux.
Just like with Windows 2000 (the unbreakable) this is just a publicity stunt. Real security comes from good design, not slap together crap and let 1000 monkeys throw random bits at it.
HTTP/1.1 400
Isn't the definiton of a hacker not a cracker?
------- In the end there are no begining
Lavender Hat = A hacker afraid to come out of the closet.
Rainbow Hat = He's a hacker and he's proud! 2 Snaps and an @ symbol!
Yellow Hat = A White Hat hacker who's just been pissed on.
Green Hat = A novice who is just learning how to hack. (also known as a n00b, FNG, Script-Kiddie).
RHCE flings pen-filled pocket protector at the lcd panel of the Windows Server 2003 box' monitor
yup, dangerous :)
"In the end, there is simply no weapon more devastating than the truth, delivered in just the right way." - tnk1
If you'd RTFA you'd understand that they were invited there to show techniques that hackers use so MS developers can have a better understanding of what to think about when they code. They weren't there to do a line-by-line security review.
Your mind looks a little cramped. Why don't you stretch it a little?
"For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see."
Admiral Ackbar sez...
IT'S A TRAP!
Education is the silver bullet.
This does nothing towards Mom and Dad surfing the internet using IE. Getting owned is simple.
XP/SP2 and 2003 Server are pretty much secure out of the box. When can we look forward to
IE being moved to user space? Never? When can we look forward to an O/S that doesn't have a re-ocurring fee every three years? Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?
If it weren't for Quicken, Mom and Dad would be using SuSE by now.
Enjoy,
It's just the normal noises in here.