Software Giants Seek Friends Among Hackers

Carl Bialik from WSJ writes "Big tech companies are engaging in a full charm offensive at the Black Hat hacker conference as they seek to convince hackers and security researchers to work with, not against, them, the Wall Street Journal reports. Among those being courted: HD Moore. The suitor is his erstwhile foe, Microsoft. From the article: 'Microsoft plans to wine and dine Mr. Moore at a party at the fancy Palms Hotel. A Microsoft security executive wants to meet with him to discuss his latest work. And earlier this year, the Redmond, Wash., company invited him to speak at a Microsoft-sponsored conference on security. "There were a few tense silences," says Mr. Moore, 24 years old, who lives in Austin, Texas. But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

how it went down

[MrSquirrel]

Microsoft: "Welcome Mr. Moore -- it's a pleasure to meet you in person. What's that? You want a hug?"
*they hug* Moore: "Well, I must be going"
*he leaves*
Microsoft: "...wait a minute... HE STOLE OUR WALLETS!"

Re:how it went down

[AuMatar]

Too risky- MS might use the hug to knife him in the back.

Re:how it went down

[fobbman]

Judging by Microsoft's past penchant for back doors, I don't think they're going for his back...

Re:how it went down

[Prof.Phreak]

Too risky- MS might use the hug to knife him in the back.

Or implant nanoprobes.

Re:how it went down

[MrSquirrel]

well, it took place at the "fancy Palms Hotel" -- so maybe he'd at least get a reacharound out of the deal.

Re:how it went down

[GarryFre]

Yep, I totally agree. Common sense and the ability to determine who would truly become a friend, and who will end up being a paid vandel is important. At the college where I worked, I caught a person hacking into the system, and I turned him in. My boss hired him on the spot to be in charge of security. I told my boss that I did not get the feeling that this person could be "Converted" by hiring him. At the time I was not a particulary good judge of character, and I still have more to learn. My boss did not take my advice, and chaos resulted. The hacker stole hardware, He got the main security key and let himself in during christmas break and opened the macintosh servers and attached the high voltage line to the screen, to the motherboard and so smoke arose when we returned. The IBM server's hard drive was missing and replaced by a damaged hard drive. The hacker, having admin rights, lifted the security options on the network, allowing users to get copies of all software running on the system including the Office Suites. His final act, was to steal two state of the art PC's from the computer lab building in front of all teachers and load it into his car. His mistake was trying to sell them to a friend of the adminstrator of that computer lab and having stolen the only computers of that particular brand sold in the entire state of California so it wasn't hard to narrow it down. I only wish I was there when they caught him and dragged him to jail. It is said he looked like a hurt puppy. He's now out of jail and lives down the road, and he sends viruses to me and another friend in a futile attempt to infect our systems, but all his efforts come to nothing in the end. Yes, sometimes, a hacker can make a good guard, but they got to have integrity, otherwise, its just plain courting desaster.

Re:how it went down

[davidsyes]

Such a good feeling, it thinks.

What dog drives across the fish turtle pond, you say?

Friends among Hackers or Hens among FRACKERS? (that was a Spoonerism...)

They don't deserve HACKERS until the asshole businesses and advertiser learn to distinguish between HACKERS and CRACKERS and get over the "hidden" dislike of the second term. I'm sure if MOOKERS were the good guys and ROOKERS were the bad buys, the marketers and tech media would have NO problem whatsoever using "ROOKERS", despite the sexual connotation. But, the color connotation is too much for those marketing cowards to swallow. I only think race when I see the word shunned, but feel good when it is used in it's tech context.

If only the vapid reporters would try some social engineering: HACKERS hack apart to LEARN and to come up with GOOD things. CRACKERS are not Ritz Saltines, nor are they necessarily ALL Caucasian; rather, CRACKERS are the BAD HACKERS who want to CRACK and TRASH your boxen...

There, see, you spinless marketers/news reporters? Is THAT SO FRACKIN' PAINFUL??? The TECH reporters should be ostracized and lose marketing dollars for this egregious oversight in print.

Re:how it went down

[tehcyder]

What dog drives across the fish turtle pond, you say?

Er, is this some sort of secret hacker spy code?

The halibut bathes at noon except on Tuesdays.

I didn't meet them...

[strazzere]

"You're less willing to publicly humiliate someone you know in real life,"

Does that mean I should try harder until they buy me dinner?

Re:I didn't meet them...

[justsomebody]

Naaah, it just means you're usual nobody. But no need to be dissapointed, every linux instalation has one.

Re:I didn't meet them...

[diersing]

Dinner? PaShaw! My source tell me if you forward this message to ten friends and they forward to ten friends that MS can track it, and when it hits a thousand we call get a case of beer. Yay Beer!

Re:I didn't meet them...

[ZeebaNeighba]

Mr. Moore has obviously never been married

Re:I didn't meet them...

[Yvanhoe]

I have yet to learn how someone gets to know a multinational company personaly in real life

Sellout

Don't they call this Grey Hat?

They know our weakness

[technoextreme]

Now the company has surpassed other software vendors when it comes to currying favor with researchers, says Jon Ellch, a 24-year-old researcher in Monterey, Calif. -- "at least in terms of the number of beers (it) bought for me."

Ha!

"You're less willing to publicly humiliate someone you know in real life," he says.'"

That's only true until they piss you off and let's face it, Microsoft piss every one off eventually.

After all these years

after all these years of being overly agressive towards hackers microsoft expects to play nice at a few conferences and everything just be fine and dandy?

What???

[fullphaser]

I don't think he just went soft like that, you don't go from black hat to employee in only a few months flat (or if you did you pish poor example of a black hat.) I think they payed him out the tail to promote their own agenda

Re:What???

[Reverend528]

I don't think he just went soft like that

Courtship from microsoft would certainly cause me to go soft pretty quickly.

Re:What???

[Goblez]

Funny how the anti-M$ sentiment that you typicall see on ./ quickly diminshes at the prospect of being favored or treated well. Funny how some's 'hard-core' ideals quickly diminish for mere money.

Then again, that's why they can uphold their monopoly, isn't it?

I'm not saying I wouldn't consider it either, but I've never claimed a hard core stance against M$, just a general distaste

Re:What???

[ResidntGeek]

you pish poor example of a black hat.

Not true. Black hats do anything they want to entertain themselves, with no regard to the law. They'd gladly take jobs doing what they do for fun. They're not like evil villains in the movies, who do bad things because they're bad people deep down inside, and need a good-looking hero to go kill them.

Re:What???

[Reverend528]

Actually, I was making a joke about my penis.

Re:What???

[fullphaser]

I'm not saying there bad people, just that I thought part of the hacker credo was never help the enemy

Re:What???

[ResidntGeek]

Nope. That was spread by mass media during all their OMG HAXXX0RZZ!!!! binges. About the only thing that would stop a hacker helping the enemy is hurting one of his friends, and that's not likely to be a problem.

Re:What???

[Goblez]

Well, you'll be happy to know they've extending into the Viagra market as well. It doesn't always work, and it might cause things to backfire on occasion, crash, or allow other people to control the stiffness thereof, but hey, it will net bill a few more bucks.

Re:What???

[lewp]

I'm just tickled you got modded "Informative" for clarifying that you were, in fact, talking about your wang.

Re:What???

His response about his erectile difficulty may have been a statement of fact to most, but it seems that the kneejerk poster to whom he was responding certainly needed to be informed.

Re:What???

[aldousd666]

I'm pretty sure crackers don't have to sign a license agreement before taking up the craft and joining the union.

Re:What???

[Goblez]

You get modded up for talking about you dick (which was a poor joke that wasn't clear), and I get modded down for talking shit on M$ . . . hmmmm. Yeeeeeaaaaaaah.

Public Humiliation?

[quokkapox]

Microsoft is quite capable of this all by themselves.

sigh...

Re:Public Humiliation?

I find this retake on Ballmer particularly amusing :).

Just like Brutus was less likely to hurt Caesar

[192939495969798999]

Good job, Microsoft, just give the enemy more info on your employees and practices, that's a great idea. Why don't you just slap up an FTP site with a binary of Windows and hand him the URL? I'm sure he'll feel real bad about using what he learns for evil for a few days, until he decides it would be cooler to use it and be the undefeated champion of the black hat universe.

Re:Just like Brutus was less likely to hurt Caesar

[stnf]

Is that what you think black hats are after when they try to hack microsoft, compiled versions of Windows?

Re:Just like Brutus was less likely to hurt Caesar

[192939495969798999]

I meant "something valuable to hackers", my bad! We all know you can get compiled versions of Windows at a Chinese 7-11 for $2.50.

They finally did this

[Klaidas]

But they are not the first ones to do this...
Do you remember Mitnic?

He offers security consulting services through his company Mitnick Security Consulting, LLC and has co-authored two books on computer security.

(Source: Wikipedia)

Re:They finally did this

[tomstdenis]

Mitnick is a shithead. He broke the law, then got screwed in prison, now he milks it all he can. Cuz he's the notorious kevin mitnick. Oooh lala. He exploits the fact that people are lazy and incompetent. Not exactly news.

That prick should go out and contribute something of meaning to society. I mean, other than his contempt for "the man."

Tom

Re:They finally did this

[justsomebody]

Do you remember Mitnic?

        He offers security consulting services

Mitnick was hacker, now offering security...???!

Translating it into MS case....???!
They screwed everybody, now they are offering screwing-on-demand?

Does that sound right?

Re:They finally did this

[rs232]

"Mitnick is a shithead. He broke the law, then got screwed in prison

Mitnick was held in prison with murders and psychopaths for four years eight months in solitary until he 'confessed'. The only people doing the screwing were journalist John Markoff and Tsutomu Shimomura. It was Markoffs sensationalist articles that caused Mitnick much noterity. What Markoff never told him was he was both working with Shimomura and also feeding information to the FBI. At the same time cultivating a friendship with Mitnick to write a book. The only crime Mitnick was guilty of was trusting people.

"I could be moved out of solitary on the condition that I waived my fundamental rights and agreed to: a) no bail hearing; b) no preliminary hearing"

Re:They finally did this

Another facet of his being screwed was they made him a 'public figure' with their press coverage, then used that as a defense again slander and as a way to make a shitty movie about him and not pay him for it.

The retarded FBI told his judge he could launch ICBMs by hacking a payphone in prison -- so he was restricted from making calls.

Kevin never gave the FBI his DES keys to his data and they couldn't build a case without it.

He was a repeat offender, but people who beat their wives spend less time in prison than he did, and they don't do solitary either.

Making a big deal out of it

[tomstdenis]

I've been to dinner with people from Microsoft, Intel, AMD, Broadcom, Sandisk, the DoD, CRA (Canada), etc.

It's fucking dinner.

Wait till they offer him a grant, job or other swag to be impressed. If they gave him a grant to bash the shit out of Windows that'd be impressive. A $50 dinner on the strip is not (though free eats is good)

Tom

Re:Making a big deal out of it

[thePowerOfGrayskull]

I'm not sure how offering a SWAG (Scientific Wild-Assed Guess) or swag (fabric that is gathered at the top of a window treatment into loose scallops) would make this more newsworthy, but hey... whatever does it for you.

Re:Making a big deal out of it

[Trepalium]

Wait a minute. You mean to tell us that you went out to dinner with folks from Canada Revenue Agency (tax collectors) and THEY paid? Something's fishy...

Re:Making a big deal out of it

[tomstdenis]

They were at a security conference (don't ask, I didn't) and we went out for supper after one of the sessions.

The point is, not all dinners are formal meetings. I seriously doubt the CRA or DoD or the other half dozen groups I've gone out with for dinner or whatever were on official business. Hell, I work at AMD. Doesn't mean everyone I go out to dinner with is taking part in an official AMD sanctioned meeting. Means I work at AMD and I decided to buy dinner for a friend. Big deal.

My point was that while free eats with MSFT may be fun and exciting [*], until they actually make an OFFICIAL offer or deal it doesn't really matter.

Tom

[*] Personally I'd try and make them apologize for Windows first before we sat down to eat.

Re:Making a big deal out of it

Fun and exciting, sounds nice! I only feel that one thing is missing though...hmm

Ah, /me cues some accompanying music =D

"Tom's dinner" by Suzanne Vega

I am sitting in the morning at the diner on the corner
I am waiting at the counter for the man to pour the coffee
and he fills it only halfway and before I even argue he is looking
out the window at somebody coming in.

It is always nice to see you says the man behind the counter to the woman
who has come in she is shaking her umbrella and I look the other way
as they are kissing their hellos.

I'm pretending not to see them and instead I pour the milk.
I open up the paper there's a story of an actor who had died
while he was drinking, it was no one I had heard of and I'm turning
to the horoscope and looking for the funnies.

When I'm feeling someone watching me and so I raise my head there's a woman
on the outside looking inside does she see me?

No she does not really see me cause she sees her own reflection and I'm trying
not to notice that she's hitching up her skirt and while she's straightening
her stockings her hair has gotten wet.

Oh, this rain it will continue through the morning as I'm listening to the bells
of the cathedral I am thinking of your voice and of the midnight picnic
once upon a time before the rain began.

I finish up my coffee it's time to catch the train.

Re:Making a big deal out of it

It's fucking dinner.

Yeah, Microsoft does a reputation of fucking its partners.

Re:Making a big deal out of it

[cdep_illabout]

He was offered a job at Microsoft, but he turned it down because he thought it would limit him.

Re:Making a big deal out of it

[tomstdenis]

Yeah, selling your soul usually has some strings attached. :-)

Tom

Re:Making a big deal out of it

[Shaper_pmp]

The difference is, I doubt you're the kind of person Microsoft sincerely wishes would just disappear. Or at least shut up and sit down.

Hey, even better, if you could get this guy on-side you could turn him around and point him at other peoples' products. Then he wouldn't even be a liability - he'd be an asset!

Oh yes.

On July 3, Mr. Moore got an email from Mike Reavey, a manager at Microsoft's security-response center. Mr. Reavey was concerned that Mr. Moore's latest project -- a high-profile effort to catalog the bugs in Microsoft's Internet Explorer browser -- could give ammunition to hackers. He offered to fly to Austin to talk about it. Mr. Moore, saying a visit wasn't necessary, offered to post vulnerabilities in non-Microsoft browsers for a few days instead.

When political considerations like this start interfering with security work, you know MS's charm offensive is working. And that ain't a good thing. The Microsoft contact tried to haul him down to see them because they were worried about the details he released helping hackers, right?

So why would going after their competitors for a few days negate that problem? The hackers will still get the info, just a few days later. This clearly has nothing to do with security, and everything to do with public perception and spin.

Not, of course, that researchers shouldn't look for security holes in other browsers as well. However, when the most insecure browser on the market still holds 60-80% market-share and researchers are "persuaded" by its owners to delay or avoid research on it to go chasing minority competitors (whose bugs will affect proportionately less people, and people whose security knowledge is generally likely to be a bit better anyway) instead, well... how is that the most useful work they could be doing?

Sounds like Microsoft's successfully pulling a Papa Lazarou on the independant security companies.

black hat turncoats

Heh heh heh - remember the age old saying, "Follow the money."

Or in this case beer.

Still, a rose by any other name would smell as sweet.

It's going to take more than just dinner

[Reverend528]

I need scotch, and lots of it, before I'll put out for microsoft.

Re:It's going to take more than just dinner

I hope you're not wasting the good stuff on this.

Re:It's going to take more than just dinner

[roguenine19]

You, sir, are one atypical reverend.

Re:It's going to take more than just dinner

[mr_death]

Don't forget lube -- gallons of lube.

Time for a Quote

[in2mind]

The best way to destroy an enemy is by making them a friend.

Abraham Lincoln

Part of the Microsoft mantra . . .

[mmell]

Embrace . . .

Extend . . .

(wait for it) . . .

Extinguish!

"Hi! I'm Clippy! I see you're exploiting loopholes in Windows. Would you like to:

"* Tell your zombies to phone home for a head count

"* Plant a malicious WMF at a popular web site to get more zombies

"* Do some illegal file sharing (since all file sharers are black hats)

"* I'm not a script kiddie and don't need any help

" (CANCEL) (OKAY)"

You are?

[drinkypoo]

"You're less willing to publicly humiliate someone you know in real life," he says.

Unless they're someone who really deserves it, in which case, I find it easier.

Never confuse a corporation with a human being

[kcbrown]

But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

The problem with this is that it's an illusion.

Corporations are composed of not just a single person, but of many people, each of whom has an agenda. Most of those people tend to limit their thoughts about the decisions they make on behalf of the company to the benefits that decision may bring to the corporation and to themselves, and perhaps to the possible harm the benefits may bring to the corporation and to themselves. The last thing to enter their mind, in general, is the impact the decision may have on individuals outside the corporation. The more conscientious types may consider that, but such people appear to be rare, and such people in positions of great influence within a corporation appear to be especially rare.

So while this person may being to believe that the corporation he's dealing with is somehow now more "human" as a result of his dealings with specific individuals, he's making quite a few bad assumptions, not the least of which is that the people he's dealing with have a large amount of influence over the actions of the corporation. That's almost certainly not the case, and yet the actual "humanity" of the corporation depends on it.

The bottom line is that this guy (Moore) isn't nearly cynical enough, and is likely to get burned.

The very purpose and nature of the corporation, to shield the corporation's stakeholders from the consequences of the corporation's actions, are exactly why the corporation can never be "human" in any meaningful way, except perhaps in a psychopathic sense. The numerous experiments (e.g., those involving simulated torture, imprisonment, etc.) that have been done in which the individual is shielded from the consequences of his actions are proof of how much of a person's humanity is lost from that. The corporation is a formal embodiment of that separation. In light of said experiments, the consequences should be obvious, and the typical behaviour of corporations is further proof.

Re:Never confuse a corporation with a human being

[Piquan]

The bottom line is that this guy (Moore) isn't nearly cynical enough, and is likely to get burned.

You assume the writeup is Moore's actual thoughts on the matter. It very well could simply be the facade he wishes to present to Microsoft.

Re:Never confuse a corporation with a human being

[kcbrown]

Possibly. But then, I wouldn't be very cynical if I thought that it was just his facade, would I? :-)

Re:Never confuse a corporation with a human being

Except, the share holders are after money. Most of the bad things that corperation does will hurt them in at least one of 2 ways: a fine, harm your image. the second one is what really gets the share holders paniking. There are ways of reducing the harm to a companies image, but likely a company like Microsoft will be able to with stand several blows due to it's monopoly status. still, too many bad things will cause a company to loose money and share holders.

FBI

[AlienSlav]

Is this the same Blackhat convention that the FBI asked for hacker help in fighting the internet mob with the bullshit line of better relationships? They could build better relationships by releasing the hackers they have in the cage who tried to help them in the past. It seems when you cross the path of rodents from other countries and turn them in instead of the FBI investigating the rodents you become the focus of their attention. There is no innocent until proven guilty with those bastards, no thank you American Patriot. It's just kick the door down at 3am. AlienSlave

Translation

[overshoot]

they seek to convince hackers and security researchers to work with, not against, them

In other words, "Shut the fuck up about all of the stuff you find until we quietly issue a patch. If we get around to it. Oh, and here's an NDA that gives us your nads if you talk in your sleep."

Re:Translation

[TubeSteak]

A few days later, Mr. Moore sent Mr. Reavey [a manager at Microsoft's security-response center] a wish list of changes he hoped for from Microsoft. Among them: Give researchers more information about vulnerabilities and tone down the bulletins blaming researchers for disclosing flaws.

Mr. Reavey responded in an email that "change is a bit slower than you might think." But as a final point, he added, "I really appreciate the dialogue."

So... tell us first, STFU & we're going to blame you if you open your trap.

Re:Time for a Quote

[Reverend528]

The best way to destroy an enemy is by making them a friend.
Abraham Lincoln

If that doesn't work, shoot them in the back of the head.
J.W. Booth

And then one day.....

[Itninja]

Mr. Moore sips a latte on his veranda on a brisk autumn morn. Some movement in his peripheral catches his attention. 'What the hell is that?' he wonders aloud. He tries to flick the small red dot from the front of his housecoat. Then with sudden horror, he realizes that that little dot is a projection. A laser projection. From a Microsoft sniper hidden in the shadows and fog. As he falls, dying, his last thoughts are of his recent dinner with Microsoft execs and what a naive fool he was to believe they loved him.

The assassin approaches the body and Mr. Moore. With a small shoulder radio he signals the job is complete.

"That's right. We got him. You shouldn't have to worry about Michael Moore any more" the assassin gloats.
"What?!" the voice on the line exclaims.
"I said I tagged that fat ass. He's dead. Let's see him make another inflamatory documentary now!"
"You killed MICHAEL Moore? Aw, crap...."

Re:And then one day.....

Mr. Moore sips a latte on his veranda on a brisk autumn morn. Some movement in his peripheral catches his attention. 'What the hell is that?' he wonders aloud. He tries to flick the small red dot from the front of his housecoat. Then with sudden horror, he realizes that that little dot is a projection. A laser projection. From a Microsoft sniper hidden in the shadows and fog. As he falls, dying, his last thoughts are of his recent dinner with Microsoft execs and what a naive fool he was to believe they loved him. The assassin approaches the body and Mr. Moore. With a small shoulder radio he signals the job is complete. "That's right. We got him. You shouldn't have to worry about Michael Moore any more" the assassin gloats. "What?!" the voice on the line exclaims. "I said I tagged that fat ass. He's dead. Let's see him make another inflamatory documentary now!" "You killed MICHAEL Moore? Aw, crap...."

Mr. Itninja, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent post were you even close to anything that could be considered funny. Everyone in this room is now dumber for having listened to it. I award you no mod points, and may God have mercy on your soul.

Re:And then one day.....

[Itninja]

(Score:4, Funny)
Well, how's that taste, coward?

It's about time

[dave562]

I have been saying this for a while and I'm glad that the executives in charge of things are one the same wavelength. The computer underground is full of brilliant people with the knowledge that will make products better. Microsoft doesn't even need to put people on the payroll. They can simply pay them as consultants. It's a great situation for everyone involved. Microsoft gets knowledge that the typical programmer who has gone the legit route through college and computer science will not have. The black hats get paid for their fresh sk33lz and the rest of the world gets a better, more secure product.

Re:It's about time

[GeffDE]

It would be cheaper to put him on the payroll.

Too bad your headtop set wasn't set to receive the from the executives on the same wavelength.*

*Unless said executives include Rob Glaser, Larry Ellison, or Jonathan Schwartz

Re:It's about time

sk33lz eh? Go back to k-9 farmboy!

Re:It's about time

[dave562]

sk33lz eh? Go back to k-9 farmboy!

I was swapping the 0-day at 2400 baud. I think that I'm entitled to a regression to l4m3n3ss phr0m tym3 t3w tym3. =)~

Moral of the story - work against MSFT.

Seems all Microsoft's recent friends are their former enemies.

They bought all the Linux anti-virus companies out there. Groove used BDB (from sleepycat now Oracle), and they bought them. Sun's their best buddy in the SCO affair.

And in our company, they pay us to port our stuff from competing platforms to theirs.

If only they treated their partners as well as their enemies, perhaps Micrsoft partner companies would be doing better. Instead they like competing with partners and befriending their enemies. Cool straegy :-).

This is bound to happen

[whoisvaibhav]

It makes perfect sense to have an alliance going between the two. I am glad that Microsoft is taking all these initiatives to try and improve their software. They took over Sysinternals some time ago, which gives me a hope that I may not have to go googling to find tools for Windows and will in future find them in Windows.

Re:This is bound to happen

[Elminst]

More likely you'll have to google more to find good windows tools, as they'll take the good ones, strip out the good stuff and then add them to Windows, where they'll be only slightly better than useless.
If you can't make something better, buy out the opposition and bury their product.

Trustworthy?

Is this a wise idea? If he is willing to hack once, he might do it again. And with inside information, he can do it better, and possibly cover his tracks. It is a huge gamble to invite a hacker in.

A bad match...

[Kazoo+the+Clown]

The problem with a collaboration such as this is Microsoft won't really be serious about it. If Moore tells Microsoft the real facts about Microsoft security and what they will likely need to do about it, in that truth are mostly things Microsoft really doesn't want to hear and they will just go into denial about it. Moore will end up frustrated, his contributions falling on deaf ears...

On the other hand, in the meantime Microsoft will have distracted a potential foe, and Moore will have made some $$$, but anyone thinking the result will be any more than that is unrealistically optimistic...

In the words of Admiral Ackbar

[Eudial]

In the words of Admiral Ackbar: It's a trap! ;-)

Re:In the words of Admiral Ackbar

[Black-Six]

To continue the Star Wars motife, here's what Moore and Microsoft are probably thinking about each other right now:

Lando: "Yes I said closer! Get as close as you can, and engage those Star Destroyers at point-blank range!!"
Ackbar: "At that close range we won't last long against those Star Destroyers."
Lando: "We'll last longer than we will against that Death Star, and we might just take a few of them with us!"

Ash, Housewares

It's a trap!

Get an axe

Ethanol

[cyberfunk2]

Ah beer, the great greaser of wheels:

Last year, Microsoft also invited researchers to give presentations to its employees at its own security conference. Now the company has surpassed other software vendors when it comes to currying favor with researchers, says Jon Ellch, a 24-year-old researcher in Monterey, Calif. -- "at least in terms of the number of beers (it) bought for me."

Re:Ethanol

[Shadyman]

Now the company has surpassed other software vendors when it comes to currying favor with researchers, says Jon Ellch

But what if you'd rather not have Indian food?

That's Why They Do This

[Master+of+Transhuman]

"You're less willing to publicly humiliate someone you know in real life," he says.'"

Sucker.

Try me. I'd happily humiliate Microsoft at every opportunity even if I was sleeping with Melinda.

Re:That's Why They Do This

[mankey+wanker]

Dude! That's a twofer...!

Public humiliation

[eclectro]

Does that mean I should try harder until they buy me dinner?

What it means is Dear Aunt, let's set so double the killer delete select all.

If this guy really is a black hat ...

[Infernal+Device]

I got no problem with Microsoft taking him out.

Permanently.

Unlimited free porn accounts..

[Frightening]

..and you've got us on your side ;)

Which companies?

[dcam]

Note the inclusion of Oracle and Cisco in this list.

Oracle has one of the worst records on fixing vulnerabilities, running up to a year. I'm too lazy to google up the specific vulnerabilities.

Cisco's record is worse. I coudn't find the article I was looking for, but there was a recent case (in the last year IIRC) where an security researcher in a South American country notified cisco of an issue. After a period of time, he decided to go public (hazy on the details) and cisco did everything they could to shut him down. He had followed best practices guidelines on reporting security issues. Found it. Choice quote:
"Then they accused me of working with terrorists, and even still tried to patent my work!"

May be then, they should treat him better

[timbrown]

Rather than be disappointed he discloses the vulnerabilities he is working on.

Mental image

[Mantrid42]

I'm picturing that scene in The Matrix where the agents are talking to Neo and he just gives them the finger.

Re:Making a big deal out of it - OT

[thePowerOfGrayskull]

OT: haha. Did you really just waste a mod point to mod this 'overrated' when it was only "+1" because I'm a registered user? ... meaning that nobody 'rated' it +1 in the first place? That's special.

Public humiliation

...unless you're working at Msoft, and then, humiliation is a matter of corporate policy.

I guess it's only a matter of time before the other shoe drops and the company decides to return to villifying these folks again. After all, as long as they are enemies, they'll continue to be motivated to test the OS security (?) for free. :/

Just wait for The Matrixoft

[drmancini]

Ms: As you can see Mr. Moore we've had our eye on you for some time now. It seems that you've been living two lives. In one life, you're H. D. Moore a 24-year old geek, you have a social security number, you pay your taxes, and you help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias H.D. and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not. I'm going to be as forthcoming as I can be, Mr. Anderson. You're here because we need your help. My colleagues believe that I am wasting my time with you but I believe that you wish to do the right thing. We're willing to wipe the slate clean, give you a fresh start and all that we're asking in return is your cooperation in bringing a known system to a functional state. Moore: Yeah. Wow, that sound like a really good deal. But I think I got a better one. How about I give you the finger... and you give me my phone call.

Re:Making a big deal out of it - OT

[Ginger+Unicorn]

that's really funny, also the "by thePowerOfGrayskull" thing is the funniest nick related thing i've seen on slashdot since the guy called Haxx0r Jim Duggan.

:)