Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software Giants Seek Friends Among Hackers

Posted by ryuzaki0 on from the friends-in-low-places dept.

Carl Bialik from WSJ writes "Big tech companies are engaging in a full charm offensive at the Black Hat hacker conference as they seek to convince hackers and security researchers to work with, not against, them, the Wall Street Journal reports. Among those being courted: HD Moore. The suitor is his erstwhile foe, Microsoft. From the article: 'Microsoft plans to wine and dine Mr. Moore at a party at the fancy Palms Hotel. A Microsoft security executive wants to meet with him to discuss his latest work. And earlier this year, the Redmond, Wash., company invited him to speak at a Microsoft-sponsored conference on security. "There were a few tense silences," says Mr. Moore, 24 years old, who lives in Austin, Texas. But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

6 of 95 comments (clear)

  1. Sellout by Anonymous Coward · · Score: 0, Interesting

    Don't they call this Grey Hat?

  2. Time for a Quote by in2mind · · Score: 3, Interesting
    The best way to destroy an enemy is by making them a friend.

    Abraham Lincoln

    --
    Wincopy
  3. It's about time by dave562 · · Score: 3, Interesting

    I have been saying this for a while and I'm glad that the executives in charge of things are one the same wavelength. The computer underground is full of brilliant people with the knowledge that will make products better. Microsoft doesn't even need to put people on the payroll. They can simply pay them as consultants. It's a great situation for everyone involved. Microsoft gets knowledge that the typical programmer who has gone the legit route through college and computer science will not have. The black hats get paid for their fresh sk33lz and the rest of the world gets a better, more secure product.

  4. Moral of the story - work against MSFT. by Anonymous Coward · · Score: 1, Interesting
    Seems all Microsoft's recent friends are their former enemies.


    They bought all the Linux anti-virus companies out there. Groove used BDB (from sleepycat now Oracle), and they bought them. Sun's their best buddy in the SCO affair.


    And in our company, they pay us to port our stuff from competing platforms to theirs.


    If only they treated their partners as well as their enemies, perhaps Micrsoft partner companies would be doing better. Instead they like competing with partners and befriending their enemies. Cool straegy :-).

  5. Re:What??? by ResidntGeek · · Score: 3, Interesting

    Nope. That was spread by mass media during all their OMG HAXXX0RZZ!!!! binges. About the only thing that would stop a hacker helping the enemy is hurting one of his friends, and that's not likely to be a problem.

    --
    ResidntGeek
  6. Re:Making a big deal out of it by Shaper_pmp · · Score: 2, Interesting
    The difference is, I doubt you're the kind of person Microsoft sincerely wishes would just disappear. Or at least shut up and sit down.

    Hey, even better, if you could get this guy on-side you could turn him around and point him at other peoples' products. Then he wouldn't even be a liability - he'd be an asset!

    Oh yes.

    On July 3, Mr. Moore got an email from Mike Reavey, a manager at Microsoft's security-response center. Mr. Reavey was concerned that Mr. Moore's latest project -- a high-profile effort to catalog the bugs in Microsoft's Internet Explorer browser -- could give ammunition to hackers. He offered to fly to Austin to talk about it. Mr. Moore, saying a visit wasn't necessary, offered to post vulnerabilities in non-Microsoft browsers for a few days instead.


    When political considerations like this start interfering with security work, you know MS's charm offensive is working. And that ain't a good thing. The Microsoft contact tried to haul him down to see them because they were worried about the details he released helping hackers, right?

    So why would going after their competitors for a few days negate that problem? The hackers will still get the info, just a few days later. This clearly has nothing to do with security, and everything to do with public perception and spin.

    Not, of course, that researchers shouldn't look for security holes in other browsers as well. However, when the most insecure browser on the market still holds 60-80% market-share and researchers are "persuaded" by its owners to delay or avoid research on it to go chasing minority competitors (whose bugs will affect proportionately less people, and people whose security knowledge is generally likely to be a bit better anyway) instead, well... how is that the most useful work they could be doing?

    Sounds like Microsoft's successfully pulling a Papa Lazarou on the independant security companies.
    --
    Everything in moderation, including moderation itself