Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software Giants Seek Friends Among Hackers

Posted by ryuzaki0 on from the friends-in-low-places dept.

Carl Bialik from WSJ writes "Big tech companies are engaging in a full charm offensive at the Black Hat hacker conference as they seek to convince hackers and security researchers to work with, not against, them, the Wall Street Journal reports. Among those being courted: HD Moore. The suitor is his erstwhile foe, Microsoft. From the article: 'Microsoft plans to wine and dine Mr. Moore at a party at the fancy Palms Hotel. A Microsoft security executive wants to meet with him to discuss his latest work. And earlier this year, the Redmond, Wash., company invited him to speak at a Microsoft-sponsored conference on security. "There were a few tense silences," says Mr. Moore, 24 years old, who lives in Austin, Texas. But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

28 of 95 comments (clear)

  1. how it went down by MrSquirrel · · Score: 5, Funny

    Microsoft: "Welcome Mr. Moore -- it's a pleasure to meet you in person. What's that? You want a hug?"
    *they hug* Moore: "Well, I must be going"
    *he leaves*
    Microsoft: "...wait a minute... HE STOLE OUR WALLETS!"

    --
    A computer once beat me at chess, but it was no match for me at kick boxing.
    1. Re:how it went down by AuMatar · · Score: 2, Funny

      Too risky- MS might use the hug to knife him in the back.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    2. Re:how it went down by fobbman · · Score: 3, Funny

      Judging by Microsoft's past penchant for back doors, I don't think they're going for his back...

    3. Re:how it went down by MrSquirrel · · Score: 3, Insightful

      well, it took place at the "fancy Palms Hotel" -- so maybe he'd at least get a reacharound out of the deal.

      --
      A computer once beat me at chess, but it was no match for me at kick boxing.
    4. Re:how it went down by GarryFre · · Score: 2, Insightful

      Yep, I totally agree. Common sense and the ability to determine who would truly become a friend, and who will end up being a paid vandel is important. At the college where I worked, I caught a person hacking into the system, and I turned him in. My boss hired him on the spot to be in charge of security. I told my boss that I did not get the feeling that this person could be "Converted" by hiring him. At the time I was not a particulary good judge of character, and I still have more to learn. My boss did not take my advice, and chaos resulted. The hacker stole hardware, He got the main security key and let himself in during christmas break and opened the macintosh servers and attached the high voltage line to the screen, to the motherboard and so smoke arose when we returned. The IBM server's hard drive was missing and replaced by a damaged hard drive. The hacker, having admin rights, lifted the security options on the network, allowing users to get copies of all software running on the system including the Office Suites. His final act, was to steal two state of the art PC's from the computer lab building in front of all teachers and load it into his car. His mistake was trying to sell them to a friend of the adminstrator of that computer lab and having stolen the only computers of that particular brand sold in the entire state of California so it wasn't hard to narrow it down. I only wish I was there when they caught him and dragged him to jail. It is said he looked like a hurt puppy. He's now out of jail and lives down the road, and he sends viruses to me and another friend in a futile attempt to infect our systems, but all his efforts come to nothing in the end. Yes, sometimes, a hacker can make a good guard, but they got to have integrity, otherwise, its just plain courting desaster.

      --
      www.Migrainesoft.com - Computer giving you a headache? We can fix that!
  2. I didn't meet them... by strazzere · · Score: 3, Funny

    "You're less willing to publicly humiliate someone you know in real life,"

    Does that mean I should try harder until they buy me dinner?

    1. Re:I didn't meet them... by diersing · · Score: 2, Funny

      Dinner? PaShaw! My source tell me if you forward this message to ten friends and they forward to ten friends that MS can track it, and when it hits a thousand we call get a case of beer. Yay Beer!

  3. What??? by fullphaser · · Score: 4, Insightful

    I don't think he just went soft like that, you don't go from black hat to employee in only a few months flat (or if you did you pish poor example of a black hat.) I think they payed him out the tail to promote their own agenda

    --
    Did someone say cake?
    1. Re:What??? by Reverend528 · · Score: 3, Funny
      I don't think he just went soft like that

      Courtship from microsoft would certainly cause me to go soft pretty quickly.

      --
      Badass Resumes
    2. Re:What??? by ResidntGeek · · Score: 4, Funny

      you pish poor example of a black hat.

      Not true. Black hats do anything they want to entertain themselves, with no regard to the law. They'd gladly take jobs doing what they do for fun. They're not like evil villains in the movies, who do bad things because they're bad people deep down inside, and need a good-looking hero to go kill them.

      --
      ResidntGeek
    3. Re:What??? by Reverend528 · · Score: 3, Funny

      Actually, I was making a joke about my penis.

      --
      Badass Resumes
    4. Re:What??? by ResidntGeek · · Score: 3, Interesting

      Nope. That was spread by mass media during all their OMG HAXXX0RZZ!!!! binges. About the only thing that would stop a hacker helping the enemy is hurting one of his friends, and that's not likely to be a problem.

      --
      ResidntGeek
  4. Public Humiliation? by quokkapox · · Score: 4, Funny

    Microsoft is quite capable of this all by themselves.

    sigh...

    --
    it's a blue bright blue Saturday hey hey
  5. Just like Brutus was less likely to hurt Caesar by 192939495969798999 · · Score: 2, Insightful

    Good job, Microsoft, just give the enemy more info on your employees and practices, that's a great idea. Why don't you just slap up an FTP site with a binary of Windows and hand him the URL? I'm sure he'll feel real bad about using what he learns for evil for a few days, until he decides it would be cooler to use it and be the undefeated champion of the black hat universe.

    --
    stuff |
    1. Re:Just like Brutus was less likely to hurt Caesar by stnf · · Score: 2, Funny

      Is that what you think black hats are after when they try to hack microsoft, compiled versions of Windows?

  6. They finally did this by Klaidas · · Score: 2, Informative
    But they are not the first ones to do this...
    Do you remember Mitnic?
    He offers security consulting services through his company Mitnick Security Consulting, LLC and has co-authored two books on computer security.

    (Source: Wikipedia)
    1. Re:They finally did this by tomstdenis · · Score: 2, Insightful

      Mitnick is a shithead. He broke the law, then got screwed in prison, now he milks it all he can. Cuz he's the notorious kevin mitnick. Oooh lala. He exploits the fact that people are lazy and incompetent. Not exactly news.

      That prick should go out and contribute something of meaning to society. I mean, other than his contempt for "the man."

      Tom

      --
      Someday, I'll have a real sig.
  7. Making a big deal out of it by tomstdenis · · Score: 5, Insightful

    I've been to dinner with people from Microsoft, Intel, AMD, Broadcom, Sandisk, the DoD, CRA (Canada), etc.

    It's fucking dinner.

    Wait till they offer him a grant, job or other swag to be impressed. If they gave him a grant to bash the shit out of Windows that'd be impressive. A $50 dinner on the strip is not (though free eats is good)

    Tom

    --
    Someday, I'll have a real sig.
    1. Re:Making a big deal out of it by Shaper_pmp · · Score: 2, Interesting
      The difference is, I doubt you're the kind of person Microsoft sincerely wishes would just disappear. Or at least shut up and sit down.

      Hey, even better, if you could get this guy on-side you could turn him around and point him at other peoples' products. Then he wouldn't even be a liability - he'd be an asset!

      Oh yes.

      On July 3, Mr. Moore got an email from Mike Reavey, a manager at Microsoft's security-response center. Mr. Reavey was concerned that Mr. Moore's latest project -- a high-profile effort to catalog the bugs in Microsoft's Internet Explorer browser -- could give ammunition to hackers. He offered to fly to Austin to talk about it. Mr. Moore, saying a visit wasn't necessary, offered to post vulnerabilities in non-Microsoft browsers for a few days instead.


      When political considerations like this start interfering with security work, you know MS's charm offensive is working. And that ain't a good thing. The Microsoft contact tried to haul him down to see them because they were worried about the details he released helping hackers, right?

      So why would going after their competitors for a few days negate that problem? The hackers will still get the info, just a few days later. This clearly has nothing to do with security, and everything to do with public perception and spin.

      Not, of course, that researchers shouldn't look for security holes in other browsers as well. However, when the most insecure browser on the market still holds 60-80% market-share and researchers are "persuaded" by its owners to delay or avoid research on it to go chasing minority competitors (whose bugs will affect proportionately less people, and people whose security knowledge is generally likely to be a bit better anyway) instead, well... how is that the most useful work they could be doing?

      Sounds like Microsoft's successfully pulling a Papa Lazarou on the independant security companies.
      --
      Everything in moderation, including moderation itself
  8. Time for a Quote by in2mind · · Score: 3, Interesting
    The best way to destroy an enemy is by making them a friend.

    Abraham Lincoln

    --
    Wincopy
  9. Part of the Microsoft mantra . . . by mmell · · Score: 5, Funny
    Embrace . . .

    Extend . . .

    (wait for it) . . .

    Extinguish!

    "Hi! I'm Clippy! I see you're exploiting loopholes in Windows. Would you like to:

    "* Tell your zombies to phone home for a head count

    "* Plant a malicious WMF at a popular web site to get more zombies

    "* Do some illegal file sharing (since all file sharers are black hats)

    "* I'm not a script kiddie and don't need any help

    " (CANCEL) (OKAY)"

  10. Never confuse a corporation with a human being by kcbrown · · Score: 5, Insightful
    But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

    The problem with this is that it's an illusion.

    Corporations are composed of not just a single person, but of many people, each of whom has an agenda. Most of those people tend to limit their thoughts about the decisions they make on behalf of the company to the benefits that decision may bring to the corporation and to themselves, and perhaps to the possible harm the benefits may bring to the corporation and to themselves. The last thing to enter their mind, in general, is the impact the decision may have on individuals outside the corporation. The more conscientious types may consider that, but such people appear to be rare, and such people in positions of great influence within a corporation appear to be especially rare.

    So while this person may being to believe that the corporation he's dealing with is somehow now more "human" as a result of his dealings with specific individuals, he's making quite a few bad assumptions, not the least of which is that the people he's dealing with have a large amount of influence over the actions of the corporation. That's almost certainly not the case, and yet the actual "humanity" of the corporation depends on it.

    The bottom line is that this guy (Moore) isn't nearly cynical enough, and is likely to get burned.

    The very purpose and nature of the corporation, to shield the corporation's stakeholders from the consequences of the corporation's actions, are exactly why the corporation can never be "human" in any meaningful way, except perhaps in a psychopathic sense. The numerous experiments (e.g., those involving simulated torture, imprisonment, etc.) that have been done in which the individual is shielded from the consequences of his actions are proof of how much of a person's humanity is lost from that. The corporation is a formal embodiment of that separation. In light of said experiments, the consequences should be obvious, and the typical behaviour of corporations is further proof.

    --
    Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
  11. Translation by overshoot · · Score: 4, Insightful
    they seek to convince hackers and security researchers to work with, not against, them

    In other words, "Shut the fuck up about all of the stuff you find until we quietly issue a patch. If we get around to it. Oh, and here's an NDA that gives us your nads if you talk in your sleep."

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  12. Re:Time for a Quote by Reverend528 · · Score: 5, Funny
    The best way to destroy an enemy is by making them a friend.
    Abraham Lincoln

    If that doesn't work, shoot them in the back of the head.
    J.W. Booth

    --
    Badass Resumes
  13. And then one day..... by Itninja · · Score: 4, Funny

    Mr. Moore sips a latte on his veranda on a brisk autumn morn. Some movement in his peripheral catches his attention. 'What the hell is that?' he wonders aloud. He tries to flick the small red dot from the front of his housecoat. Then with sudden horror, he realizes that that little dot is a projection. A laser projection. From a Microsoft sniper hidden in the shadows and fog. As he falls, dying, his last thoughts are of his recent dinner with Microsoft execs and what a naive fool he was to believe they loved him.

    The assassin approaches the body and Mr. Moore. With a small shoulder radio he signals the job is complete.

    "That's right. We got him. You shouldn't have to worry about Michael Moore any more" the assassin gloats.
    "What?!" the voice on the line exclaims.
    "I said I tagged that fat ass. He's dead. Let's see him make another inflamatory documentary now!"
    "You killed MICHAEL Moore? Aw, crap...."

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  14. It's about time by dave562 · · Score: 3, Interesting

    I have been saying this for a while and I'm glad that the executives in charge of things are one the same wavelength. The computer underground is full of brilliant people with the knowledge that will make products better. Microsoft doesn't even need to put people on the payroll. They can simply pay them as consultants. It's a great situation for everyone involved. Microsoft gets knowledge that the typical programmer who has gone the legit route through college and computer science will not have. The black hats get paid for their fresh sk33lz and the rest of the world gets a better, more secure product.

  15. In the words of Admiral Ackbar by Eudial · · Score: 2, Funny

    In the words of Admiral Ackbar: It's a trap! ;-)

    --
    GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
  16. Just wait for The Matrixoft by drmancini · · Score: 3, Funny

    Ms: As you can see Mr. Moore we've had our eye on you for some time now. It seems that you've been living two lives. In one life, you're H. D. Moore a 24-year old geek, you have a social security number, you pay your taxes, and you help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias H.D. and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not. I'm going to be as forthcoming as I can be, Mr. Anderson. You're here because we need your help. My colleagues believe that I am wasting my time with you but I believe that you wish to do the right thing. We're willing to wipe the slate clean, give you a fresh start and all that we're asking in return is your cooperation in bringing a known system to a functional state. Moore: Yeah. Wow, that sound like a really good deal. But I think I got a better one. How about I give you the finger... and you give me my phone call.

    --

    Never underestimate the power of idiots in large groups