Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many Hackers Accidentally Send Their Code To Microsoft

Posted by Soulskill on from the not-the-brightest-cookie-in-the-shed dept.

joshgnosis writes "When hackers crash Windows in the course of developing malware, they'll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman. 'It's amazing how much stuff we get.' Heckman also said Microsoft was a common target for people testing their attacks. 'The first thing [script kiddies] do is fire off all these attacks at Microsoft.com. On average we get attacked between 7000 and 9000 times per second.'"

12 of 220 comments (clear)

  1. To Be Fair by sonicmerlin · · Score: 2, Insightful

    They're not necessarily all trying to be malicious. For a lot of people learning code requires hands-on experience, and if hacking is their interest and primary motivator to improve their coding skills, what better target to experiment on than one of the most hated software companies in all the lands?

    1. Re:To Be Fair by pnewhook · · Score: 2, Insightful

      Yes thats a great idea. And I want to improve my marksmanship so I'm going to go shoot up some banks and a few police stations. I'm sure they will understand I'm only trying to improve my skills.

      --
      Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
  2. Re:How Does It Encapsulate the Source Code? by kyrio · · Score: 2, Insightful

    RTFA

  3. Re:So then what's with the wait? by ScentCone · · Score: 4, Insightful

    why don't they respond quicker?

    What makes you think that any of those 7k script kiddie attacks on MS's public-facing web presence actually show with anything the least bit new?

    --
    Don't disappoint your bird dog. Go to the range.
  4. Re:So then what's with the wait? by nmoog · · Score: 4, Insightful

    I'm guessing it's because the real "hackers" don't accidentally click the send button.

  5. Re:So then what's with the wait? by DIplomatic · · Score: 4, Insightful

    From the summary

    On average we get attacked between 7000 and 9000 times per second

    If they get attacked that often, it shouldn't take long for them to find and confirm security holes in Windows. Yet they have been noticeably slow in patching some of those holes; why don't they respond quicker?

    In what possible way does an attack across the internet at Microsoft.com translate to exposing a flaw in the Windows operating system? That's like saying submitting an angry letter to the editor of your newspaper exposes the fact that one of the side windows on your house doesn't close properly.

  6. Re:How Does It Encapsulate the Source Code? by Sir_Sri · · Score: 2, Insightful

    The visual studio thing is actually an interesting question. If, in the process of writing code you crash visual studio, or the whole OS and then send an error report to MS will it contain your source code? To some degree the same applies to any application, if you crash notepad++ and send a crash report to MS it would make sense that it contain well, whatever was being typed in notepad++. if you crash your copy of Mafia 2 does it send the savegame?

    It's somewhat outside the scope of the article, but really, all those crash reports you can send to MS have to contain a lot of stuff for them to be useful.

  7. Very confusing article by microbee · · Score: 5, Insightful

    The article is talking about two things: developing virus (and sending crashdump to Microsoft) and attacking Microsoft.com. These are not the same thing.

    And a crashdump containing virus does not mean it's the hacker that sent it. It could well be the victim. So while the speaker wants to say something entertaining, I wonder how truthful it actually is.

  8. Re:So now crackers have a new way to attack Micros by LifesABeach · · Score: 1, Insightful

    You wrote, "...will be looking..."

    Wouldn't a corporate policy change that major require a filing with the SEC?

  9. Re:So then what's with the wait? by Anonymous Coward · · Score: 3, Insightful

    You're incorrect, though the summary is confusing so I see how you could get lost.

    The summary is talking about 2 things

    1. "Hackers" who are testing malware that crashes systems often unintentionally send the report of the crash and what caused it to Microsoft.

    2. Microsoft.com is often attacked via the web, to the tune of 7000-9000 times per second.

    These two things are largely unrelated. Go back and re-read TFS.

  10. Re:So then what's with the wait? by interval1066 · · Score: 2, Insightful

    No, real hackers turn off that stupid "Help" background process.

    --
    Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  11. Re:How Does It Encapsulate the Source Code? by Anonymous Coward · · Score: 1, Insightful

    That anal-retentive pedantry isn't really relevant at all. If you're debugging the window manager, or anything else the GUI debugger depends on, whether or not it's part of what you want to call the OS, then you can't use the GUI debugger.

    A window manager is part of every Windows OS distribution SKU for ages. So if you're debugging a part of a Windows distribution, THEN you can't use a GUI debugger. Happy?