Microsoft Programming Contest Hacked and Defaced

← Back to Stories (view on slashdot.org)

Microsoft Programming Contest Hacked and Defaced

Posted by kdawson on Monday October 6, 2008 @02:16PM from the star-developers dept.

davidmwilliams writes "Microsoft followed their major annual Tech-Ed event in Australia with a week-long programming contest called 'DevSta,' to find 'star developers.' While the quantity and quality of submissions suggest a poor turnout, it certainly caught the attention of at least two hackers who left their mark. Here is the low-down on the contest, what happened, by whom, and screen shots for posterity in case it's been fixed by the time you read this. And unless the volume of submissions increase dramatically within the next few hours, someone may be awarded an Xbox for doing nothing more than rewriting the Windows calculator as a .NET app."

50 of 151 comments (clear)

Microsoft catching the attention of hackers? by duckInferno · 2008-10-06 14:22 · Score: 5, Funny

Nooo.

This isn't news. If it were, it'd carry a headline like "Microsoft Programming Contest Security Thwarts Hackers" and be about how Microsoft employed some effective security measures without subjecting all applicants to activity-monitoring rootkit DRM and attendees to cavity-searches.

--
Fool me once, shame on you. Fool me twice, watch it -- I'm huge!
1. Re:Microsoft catching the attention of hackers? by Anonymous Coward · 2008-10-06 14:48 · Score: 5, Funny
  
  This isn't news. If it were, it'd carry a headline like "Microsoft Programming Contest Security Thwarts Hackers" and be about how Microsoft employed some effective security measures without subjecting all applicants to activity-monitoring rootkit DRM and attendees to cavity-searches.
  Cavity search is news to me. Where do I sign up?
2. Re:Microsoft catching the attention of hackers? by nmb3000 · 2008-10-06 14:55 · Score: 5, Informative
  
  This isn't news.
  Well, you're right about that at least. The whole thing is a joke. Here is the evidence (consider yourself saved from 3 pages of ads):
  Exhibit A
  Exhibit B
  So somebody found (probably) a SQL injection vulnerability in an obscure Microsoft-hosted site and changed a few submission titles and comments? This is news? It's not like they defaced microsoft.com or anything else even slightly significant.
  They couldn't even do something creative with the hole they found. Kids these days...
  
  --
  "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
  /)
3. Re:Microsoft catching the attention of hackers? by fuzzyfuzzyfungus · 2008-10-06 15:10 · Score: 5, Insightful
  
  The scale of the hack is pretty pathetic. Unfortunately, so is the quality of the entries. A bunch of calculator apps, a couple of twitter frontends, and a few old school arcade clones(and don't forget the cellphone stalker app. I will charitably extend the hope that all the good ideas are going to be submitted in the last few minutes, out of concern that they would be ripped off.
  
  "All y'all penguins put your flippers on your heads, this abacus has the power of Windows Presentation Foundation!"
4. Re:Microsoft catching the attention of hackers? by sveard · 2008-10-06 15:23 · Score: 4, Funny
  
  where is the +1 disturbing moderation??
5. Re:Microsoft catching the attention of hackers? by cjb658 · 2008-10-06 15:54 · Score: 4, Funny
  
  Someone is trying to hack your contest (Cancel/Allow)?
  I guess even Microsoft employees are just used to clicking 'Allow' now.
6. Re:Microsoft catching the attention of hackers? by fuzzyfuzzyfungus · 2008-10-06 15:59 · Score: 2, Interesting
  
  Meh, this hack is probably even worse, both for its general stupidity as an idea and its felonious misuse of metric prefixes:
  http://desktop.google.com/plugins/i/metricclock_2853.html?hl=en
  FFS(aimed at author of linked app, not parent), if you are going to stick it to the man and boldly challenge the stodgy conventions of horology, at least do it the clock mod(10), not 1 through 10. Seriously, you could lose your geek card for that kind of thing.
7. Re:Microsoft catching the attention of hackers? by spintriae · 2008-10-06 16:00 · Score: 5, Informative
  
  Okay guys, what do you expect from a week-long contest for an Xbox? The next killer web browser?
8. Re:Microsoft catching the attention of hackers? by Bozzio · 2008-10-06 16:01 · Score: 2, Funny
  
  Wow, that is a terrible Gadget.
  Who the hell writes a metric clock without understanding the metric system?
  This must be written by that 13 year old who painted "Anarchy Rules" on my garage door.
  
  --
  I just pooped your party.
XBox for rewriting calc by Finallyjoined!!! · 2008-10-06 14:24 · Score: 5, Funny

Nobody wants an XBox that badly do they? :-)

--
If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
1. Re:XBox for rewriting calc by zappepcs · 2008-10-06 14:33 · Score: 4, Funny
  
  I was going to say that :)
  XBox is hardly enough to motivate me to load windows on any machine I own. Up next, US mint authorized silver certificate reproduction copies of the hundreds of pages of the bail out bill. This authentically signed reproduction can be yours for the small price of $850 Billion US Dollars, paid in three easy payments of (damn, where's a .net calculator when you need one).
  Why don't they get a little more real... say MSDN subscription for life? Yeah, I suppose that is too much to give to a MS developer... sheesh
  
  --
  Support NYCountryLawyer RIAA vs People
2. Re:XBox for rewriting calc by RuBLed · 2008-10-06 14:44 · Score: 4, Funny
  
  Microsoft said they're going to award lamerdir and ov3rlord each an elite xbox 360 as an appropriate punishment.
Microsoft Programming Contest Hacked and Defaced by $RANDOMLUSER · 2008-10-06 14:24 · Score: 5, Funny

So it's like all their other software then?

--
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Hacked or just a blog post? by The_Fire_Horse · 2008-10-06 14:26 · Score: 2, Informative

Screenshots dont look too spectacular - how do we know they didnt just create a bunch of accounts and post shit on their website.

Or is that what passes off as hacking these days?
Was SELinux enabled? by pembo13 · 2008-10-06 14:26 · Score: 4, Funny

They really shouldn't be running HTTP daemons without SELinux running. Such services are just too popular a target.

--
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
rewriting the windows calculator? by Punto · 2008-10-06 14:29 · Score: 5, Funny

What about the guy who found a security hole on IIS and wrote and exploit for it? that sounds way cooler than rewriting calc.

--
--
Stay tuned for some shock and awe coming right up after this messages!
1. Re:rewriting the windows calculator? by Anonymous Coward · 2008-10-06 14:45 · Score: 5, Funny
  
  What about the guy who found a security hole on IIS and wrote and exploit for it? that sounds way cooler than rewriting calc.
  
  Easier too.
Hardly hacked by NeumannCons · 2008-10-06 14:32 · Score: 4, Insightful

To me it would appear that someone submitted entries with an bogus title and accompanying description. Hacked? Hardly. What surprises me is that no one submitted Viagra programs with accompanying links in the description.
These aren't the droids you're looking for. Move along.
1. Re:Hardly hacked by Anonymous Coward · 2008-10-06 14:40 · Score: 3, Informative
  
  Existing entries were overwritten with the bogus data. That sounds like it was hacked to me.
2. Re:Hardly hacked by thatskinnyguy · 2008-10-06 16:41 · Score: 3, Insightful
  
  My thoughts exactly. News? no. Waste of time to look at? Definitely. NEXT!
  
  --
  The game.
Google: $10M in prizes, MS: an XBox by EmbeddedJanitor · 2008-10-06 14:43 · Score: 5, Insightful

http://code.google.com/android/adc.html
Anyone wonder why only some pissed off script kiddies are playing?

--
Engineering is the art of compromise.
1. Re:Google: $10M in prizes, MS: an XBox by spintriae · 2008-10-06 16:19 · Score: 5, Interesting
  
  Google is counting on participants to develop killer apps for their Android platform. Android's success depends on the results of that contest. I've contributed to it and I know people who have spent months and lots of money developing apps for that contest.
  
  The Microsoft thing seems to be a week-long "speed hack" aimed at a small audience just for fun. Hardly the same thing. Oh, but this is /. and the subject is M$, so let's all foam at the mouths and spew venom all over ourselves.
2. Re:Google: $10M in prizes, MS: an XBox by narcberry · 2008-10-06 18:02 · Score: 2, Funny
  
  Google doesn't have an IDE with a built in application creator wizard.
  An Xbox sounds pretty cool if all I have to do is
  Project -> New
  Select "calculator" from list, next
  Select radial button "scientific", next
  Checkbox a few skins and an include contentless help-pages, next
  Hit Create
  Run it, accept the EULA
  Hello Xbox.
  
  --
  Modding me -1 troll doesn't make me wrong.
Re:How about this one... by Bill,+Shooter+of+Bul · 2008-10-06 14:45 · Score: 3, Informative

Maybe because Mono 2.0 was released, but not by microsoft.

--
Well.. maybe. Or Maybe not. But Definitely not sort of.
Lame by Anonymous Coward · 2008-10-06 14:49 · Score: 4, Insightful

If you want a prize, why not come up with a hack that releases OEMs from their contractual obligation to pre-load Windows? Or maybe a hack that dis-allows Microsoft from counting the sale of a Dell server with Linux installed as a sale of a Windows license. How about a hack that gives the ISO people a spine and some cojones?
Now, those would be worth a prize.
Let's See... by DougF · 2008-10-06 14:59 · Score: 3, Funny

If I write an app for Apple's iPhone, I run the chance of being denied, but I could make lots of $$$. If I write an app for MS, I could get some lovely departing gifts. Tough choice.

--
Impetuous! Homeric!
Microsoft programmers....stars? Too funny... by subnomine · 2008-10-06 15:10 · Score: 5, Informative

I speak from about 15 years experience at multiple companies and not bias that the more "Microsofty" the programmer is, the worse they are.
The current project I am on is full of the Microsoft way of doing things. And get this:
We have a Linux server and Windows client, and they designed a Windows Registry as an interface to the database on Linux. They are having piss-poor performance due to many design issues related to this thing. I should probably post it to Daily WTF. I mean WTF indeed.
Who wants to be a Microsoft Star!! Wooohoo!
1. Re:Microsoft programmers....stars? Too funny... by Seakip18 · 2008-10-06 15:27 · Score: 3, Informative
  
  Please do! As a young programmer starting out, I keep an eye on Daily WTF for what NOT to do. Well, most of the time anyways.
  The fact they use the registry as the interface makes my eye twitch.
  
  --
  import system.cool.Sig;
2. Re:Microsoft programmers....stars? Too funny... by cjb658 · 2008-10-06 15:59 · Score: 2, Funny
  
  I speak from about 15 years experience at multiple companies and not bias that the more "Microsofty" the programmer is, the worse they are.
  Works the same for users, too.
3. Re:Microsoft programmers....stars? Too funny... by Liquidrage · 2008-10-06 16:11 · Score: 2, Insightful
  
  So what about the /. poster that spends post after post in meaningless MS stories, that if they actually ready them, aren't even stories?
  
  What I don't get is, as intelligent people (which is relative), don't some of you feel the least bit ashamed at the quality of the anti-MS stories here? There is plenty of legit bashing to do. But /. has fallen to the level of posting stuff like this.
  
  /. consistently has misleading headlines on MS stories, not to mention sensationalism. I just don't understand how people that are throwing stones can tolerate the childish posts, and poor and misleading stories that are the sign of any /. related MS article.
4. Re:Microsoft programmers....stars? Too funny... by RulerOf · 2008-10-06 16:24 · Score: 2, Funny
  
  they designed a Windows Registry as an interface to the database on Linux.
  So wait, let me get this straight... these people know both Windows *and* Linux so well that they wrote a Windows Registry for Linux, rather than cutting the bullshit and using SQL?
  
  That sounds very... irresponsible.
  
  --
  Boot Windows, Linux, and ESX over the network for free.
5. Re:Microsoft programmers....stars? Too funny... by Bodrius · 2008-10-06 18:06 · Score: 2, Interesting
  
  I'm sure you have other reasons to dislike it - but that sounds like a design mistake that has little to do with the 'registry-like' interface.
  I've seen the same 'feature' (commit on-change) on a lot of other naive user interfaces for remote database storage - web forms, spreadsheets, desktop clients... Typically the product of good intentions, and very optimistic assumptions about the usage.
  There's nothing magical about a 'registry-like' tree that makes explicit batch updates impossible - or on other interfaces that make them auto-magically implemented.
  Unless your 'user interface' is to force the user to type a SQL update statement - then you can't go wrong on that (the user, on the other hand...).
  
  --
  Freedom is the freedom to say 2+2=4, everything else follows...
Obligatory by zooblethorpe · 2008-10-06 15:36 · Score: 4, Funny

Not even Microsoft is that cruel and unusual, surely?
They are. And don't call me Shirley.
Cheers,

--
"What in the name of Fats Waller is that?"
"A four-foot prune."
1. Re:Obligatory by Rayban · 2008-10-06 16:53 · Score: 4, Funny
  
  Looks like I picked the wrong week to ditch C#.
  
  --
  æeee!
2. Re:Obligatory by Anonymous Coward · 2008-10-06 18:27 · Score: 2, Funny
  
  Just wanted to let you both know...we're all counting on you back here.
3. Re:Obligatory by tangent3 · 2008-10-06 21:04 · Score: 2, Funny
  
  Oh, right. It's Oveur at System.Collections.Generic.List
Re: Disturbing? Nah. by TaoPhoenix · 2008-10-06 16:07 · Score: 4, Funny

He clearly means Dentistry software. Manage the patient's records, search cavities...

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Re:Let me be the first to say by dhalgren · 2008-10-06 16:41 · Score: 5, Funny

In other news, Alanis Morissette is found posting on Slashdot under the name 'db32'.
Re:Looks like bunch of nonsense posts by Anonymous Coward · 2008-10-06 17:14 · Score: 2, Informative

Well, if you read the article, you'll see that it's not just bogus posts, they've apparently actually managed to alter existing submissions, which is how they became the top submissions. Not nearly as significant as actually defacing the site entirely, but certainly more impressive than just making fake posts.
HACKED BY BENJYMOUSE by benjymouse · 2008-10-06 17:37 · Score: 4, Insightful

HACKED BY BENJYMOUSE HACKED BY BENJYMOUSE HACKED BY BENJYMOUSE There, now I "hacked" slashdot the very same way. The "hacked" and "defaced" site is nothing more than submissions (like comments on slashdot) with "HACKED BY OVERLORD" text. No JavaScript injection, no SQL injection, no nothing. Some medias will go to any length to capture traffic. sheesh.

--
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
1. Re:HACKED BY BENJYMOUSE by Patrik_AKA_RedX · 2008-10-06 18:22 · Score: 3, Funny
  
  The Headlines:
  A hacker known by the name BENJYMOUSE has today been arrested for defacing a popular news site. The 2 SWAT teams were deemed necessary as hackers are known to be armed and dangerouse and usualy in company of muslim terrorists. Only 2400 rounds were fired and a mere 25 bystanders were killed. Rumors that the terrorist-hacker was playing a loud videogame instead of firing his as yet undiscovered arsenal of weapons show that these terrorists are not just evil, but also lazy.
  
  The hacker will be put on trail for possesion of illegal invisible weapons of mass destruction.
2. Re:HACKED BY BENJYMOUSE by I.M.O.G. · 2008-10-06 18:30 · Score: 3, Informative
  
  "F-" ...I'm concerned, please see me after class!
  Just kidding... But actually, its slightly more impressive than you noticed. They modified existing submissions thereby appearing as the top submission. While not groundbreaking, its more than simply posting garbled messages to a public board.
  
  --
  Overclockers
Re:mhm by narcberry · 2008-10-06 17:48 · Score: 3

The screenshots look like these "hackers" defaced the site by ...
*drum roll* ... posting to a forum!!!
OMG /. HACKED BY NARCBERRYHACKED BY NARCBERRYHACKED BY NARCBERRYHACKED BY NARCBERRY

--
Modding me -1 troll doesn't make me wrong.
Swatch Internet Time by tepples · 2008-10-06 17:51 · Score: 2, Informative

Who the hell writes a metric clock without understanding the metric system?
Swatch, for one. And the Chinese before them.
1. Re:Swatch Internet Time by Bozzio · 2008-10-07 04:04 · Score: 2, Informative
  
  There doesn't seem to be any abuse of the metric system there.
  Look at the description of the Google Gadget. The author has no idea how metric prefixes work.
  
  --
  I just pooped your party.
just submitted to the slashdot story queue by commodoresloat · 2008-10-06 18:26 · Score: 3, Funny

commodoresloat writes "Slashdot followed their major annual asteroid-collision article with an article called 'Microsoft Programming Contest Hacked and Defaced.' While the quantity and quality of posts suggest a poor turnout, it certainly caught the attention of a hacker named 'BENJYMOUSE' who left his mark. Here is the low-down on the slashdot post, what happened, by whom, and screen shots for posterity in case it's been fixed by the time you read this. And unless the quality of posts increase dramatically within the next few hours, someone may be awarded mod points for doing nothing more than rewriting the *BSD troll as an anti-M$ post."
DevSta? Seriously? by paniq · 2008-10-06 21:11 · Score: 3, Insightful

This is what we need in the programming world, more developers with an ego complex. "Star developers", way to go, when a part of skill lies deeply in being able to communicate and organize oneself in a community or company.
"Star developers" sounds like these people need three flatscreen monitors, a massage chair and a personal makeup assistant to be happy.
The reason why no serious programmers will turn up at this event is the same reason, why I'm not at this event: I am busy doing serious, real life code. I have no time for marketing shams.

--
Do not trust this signature.
1. Re:DevSta? Seriously? by Jesus_666 · 2008-10-06 23:19 · Score: 2, Funny
  
  Now that's just mean. I happen to be a star developer and I tell you it's hard work. If you don't balance mass vs. density, hydrogen vs. deuterium vs. tritium vs. helium etc. just right you end up with something that blows up or goes brown dwarf in a couple dozen myriads alredy. Developing a solid (ha!) star that keeps burning for millions of years (without the spectral lines creeping out of spec, to boot) is pretty difficult, really.
  
  Star development really should become an engineering job and I don't think that Microsoft will be happy with talent they just pick up from the street. That's just going to lead to mediocrity at best.
  
  --
  USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Re:mhm by Reece400 · 2008-10-07 01:02 · Score: 2, Insightful

Lame hack, but much more lame trying to pass this as news......
!hacked by DarkTitan_X · 2008-10-07 02:11 · Score: 2, Funny

I had my organization's site "hacked" the same way three weeks ago.
Had I known it were news, I'd have contacted local news media rather than the modest response of contacting my web hosting provider and asking that they patch the vulnerability in their SQL server.

--
~Mike (Titan_X)