Microsoft Consults Ethical Hackers at Blue Hat

linumax writes "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see.Blue Hat V2 was held on Thursday and Friday and teamed noted "white hat" hackers with Microsoft employees to break into and expose security weaknesses in the company's products. Over 1,000 Microsoft developers, managers and security experts attended, including Microsoft brass Jim Allchin and Kevin Johnson, co-presidents of the company's Platforms, Products & Services Division."

Good thing

[Sinryc]

This is a good thing. It always is good to get someone to try and break your software, that way you know what you can do to fix it. Lets be honest here, Microsoft is number 1 in sales, so I hope they can make a better product, for the saftey of everyones computer.

Re:Good thing

[geekoid]

Except this way they can keep the vulnerabilities to the selves and fix them with less PR issues.

Hiring outside security people to break a system is not uncommon.

Re:Is it me? -- Hacker Color Codes

Black Hat = Cool Hackers, mostly under age 18, can not be prosecuted as an adult.
Grey Hat = Hackers transitioning from Black to White.
White Hat = A hacker over the age of 18, who rattles door knobs and probes security, but has stopped defacing websites.
Blue Hat = WTF? Blue hats? Are these smurfs?
Red Hats = Hackers with an RHCE, very, very dangerous.

Re:Yawn, nothing to see here -- move along...

[pookemon]

I'm sure "(white|blue)-hat hacker" in this case is redefined to mean "anyone who cooperates with Microsoft when finding security vulnerabilities".

Yes, the rest of the world would call them Testers.

Re:Ethical Hackers.. White Hat Hackers..

[neonstz]

Whackers

Re:Is it me? -- Hacker Color Codes

[vicgolgo13]

You forgot a few:

Lavender Hat = A hacker afraid to come out of the closet.
Rainbow Hat = He's a hacker and he's proud! 2 Snaps and an @ symbol!
Yellow Hat = A White Hat hacker who's just been pissed on.
Green Hat = A novice who is just learning how to hack. (also known as a n00b, FNG, Script-Kiddie).

Re:Is it me? -- Hacker Color Codes

[joelleo]

Red Hats = Hackers with an RHCE, very, very dangerous.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\administrator>ifconfig
'ifconfig' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator>man ifconfig
'man' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator>cd /

C:\Documents and Settings\administrator>grep /etc/passwd
'grep' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator>man wtf
'man' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator>GAHH!
'GAHH!' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\administrator>

RHCE flings pen-filled pocket protector at the lcd panel of the Windows Server 2003 box' monitor

yup, dangerous :)

Re:Typical /. response

[notasheep]

If you'd RTFA you'd understand that they were invited there to show techniques that hackers use so MS developers can have a better understanding of what to think about when they code. They weren't there to do a line-by-line security review.

Stupid

[NullProg]

This does nothing towards Mom and Dad surfing the internet using IE. Getting owned is simple.

XP/SP2 and 2003 Server are pretty much secure out of the box. When can we look forward to
IE being moved to user space? Never? When can we look forward to an O/S that doesn't have a re-ocurring fee every three years? Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?

If it weren't for Quicken, Mom and Dad would be using SuSE by now.

Enjoy,

Re:Stupid

[Tim+C]

When can we look forward to IE being moved to user space? Never?

IE has never been anywhere but in user space. "Integrated into the OS" doesn't mean "runs in kernel space".

When can we look forward to an O/S that doesn't have a re-ocurring fee every three years?

Woah, thanks for letting me know - I'm well overdue on my payment!

Seriously, what the hell is that supposed to mean? MS generally supports its OSes for about 10 years, which is a damn sight longer than any of the Linux distributions. It's also been longer than three years since XP was released. Finally, just because the OS is no longer supported doesn't mean that it spontaneously stops working. Sure, there are no more security patches for it, but you can still use it, if you feel you're sufficiently secure. A well-controlled PC or network behind a firewall used by savvy people is at almost no risk of being owned.

Why do I have to agree to license a patch (MS05-51) for software I bought that was defective in the first place?

The same reason you have to agree to a licence to use the original software - because of the fiction that you need permission to install the software and load it into RAM, as that constitutes copying. In order to maintain the fiction, MS has to licence its patches, too. (In fact, I can't remember the last (commercial) patch that didn't require a licence click-through)

For that matter, I installed some GPLed software yesterday (Squirrel SQL client) and it required me to agree to the LGPL on installation. MS aren't the only ones with crazy licence agreement requirements...