Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many Hackers Accidentally Send Their Code To Microsoft

Posted by Soulskill on from the not-the-brightest-cookie-in-the-shed dept.

joshgnosis writes "When hackers crash Windows in the course of developing malware, they'll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman. 'It's amazing how much stuff we get.' Heckman also said Microsoft was a common target for people testing their attacks. 'The first thing [script kiddies] do is fire off all these attacks at Microsoft.com. On average we get attacked between 7000 and 9000 times per second.'"

7 of 220 comments (clear)

  1. Yes... sure... by xtracto · · Score: 0, Troll

    'The first thing [script kiddies] do is fire off all these attacks at Microsoft.com.

    Ahem.. yes... sure... I attack Microsoft machines only by accident... sorry, didn't see what I was writing in the uRL... not that I *want* to fsck with my beloved MS servers... no way, ahem...

    kk, now I'm gonna go back to try installing sub-seven to wga.microsoft.com

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  2. Hilarious by assertation · · Score: 0, Troll

    "When hackers crash Windows in the course of developing malware, they'll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman.

    So, even if someone steals a copy of the exam for them, Microsoft still can't pass the test? :)

  3. Re:So then what's with the wait? by damn_registrars · · Score: 0, Troll

    On average we get attacked between 7000 and 9000 times per second

    If they get attacked that often, it shouldn't take long for them to find and confirm security holes in Windows. Yet they have been noticeably slow in patching some of those holes; why don't they respond quicker?

    In what possible way does an attack across the internet at Microsoft.com translate to exposing a flaw in the Windows operating system?

    If you read the start of the summary:

    When hackers crash Windows in the course of developing malware, they'll often accidentally agree to send the virus code straight to Microsoft

    So the attack they are describing is actually the malware crap that is being sent in after windows crashes. Hence we aren't actually talking about www.microsoft.com being attacked - although one might expect that to be running windows server anyways - rather we're talking about random workstations around the world being attacked or used as guinea pigs.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  4. Re:So now crackers have a new way to attack Micros by SilverEyes · · Score: 0, Troll

    I don't know. They are supposed to use their own products, which means they have to use Hyper-V and Virtual PC instead of VMware. I doubt anyone's ability to get those working :P

    --
    Interesting.
  5. Re:How Does It Encapsulate the Source Code? by internewt · · Score: 0, Troll

    Yeap, the integrated spyware in many applications, mostly proprietary ones, is one of the worst things about current software.

    The spyware is usually presented to the user as some hand-holding feature, like update checks, or crash reporting. This article does demonstrate though that at least 1 proprietary vendor does get and look at data that could be potentially private. What if IE crashes on a private website, like an intranet or password protected www site for a few friends? MS will get at least some of that data, it looks like.

    The article presents the story in the context of nasty hackers (but I think they took out the bit about the hackers being paedo-terr'ist hackers), which is exploiting most users' naivete. The users don't realise that if the baddies can have their privacy violated, the goodies can too. Proper journalism would have addressed this, but ZDNet is just another example of an industry rag trying to promote the industry as wonderful.

    The possible extra info leaked when things like crash reporting and update checks are performed has always been enough for me to turn off features like those, or even avoid products with those features. eg MP3Tag gained an update check mechanism, I removed the application and installed the oldest version without the spyware.

    --
    Car analogies break down.
  6. Re:How Does It Encapsulate the Source Code? by Runaway1956 · · Score: 0, Troll

    The standard Linux OS ships with at least one window manager. It also ships with hundreds of applications that I generally find no use for. In a real OS, you can CHOOSE which, if any, window manager you want to run. The window manager is not the OS.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  7. Re:How Does It Encapsulate the Source Code? by Blakey+Rat · · Score: 0, Troll

    The standard Linux OS ships with at least one window manager.

    Ok, so you're confirming my point.

    The window manager is not the OS.

    No, it's not the OS. But it's part of the OS.

    Look, we all know what you're doing here. You're trying to create some stupid artificial distinction between Windows and other OSes so that you can feel justified in calling Windows a "fake" OS. (Or whatever opposes "real" in your little worldview.) Fine, you hate Microsoft, we get it.

    You're trying to redefine OS to mean "the kernel and maybe some CLI utilities." That's not what the term means, that's not what it's ever meant.

    So if you're going to hate Microsoft, do so in a way that makes sense and doesn't require redefining terms everybody knows. Hey, you could even *gasp* come up with *actual reasons* to hate them, instead of making up some stupid shit like "Windows is inferior because it ships with a window manager, hur hur!!"

    --
    Comment of the year