Microsoft /asks/ "Crack this machine"

zealot writes "Apparently Microsoft wants people to try breaking the security on this site, which is running Win2k w/ IIS. There are some "rules" of engagement. " Basically, because it's not behind a firewall, it doesn't count to throw huge numbers of packets at it, but there are multiple users accounts-change stuff, look for hidden messages, or "get something you shouldn't have".

Re:I cant believe this

[cernnunous]

Perhaps this is a stupid question, but how many people who are planning to use w2k will be using it strictly for web hosting on port 80 with NO OTHER SERVICES RUNNING?

Every place that I've worked which runs NT uses it for more than just web hosting, it's also an FTP, mail, DNS, file server, and serveral other services as well.

In this case they're not testing the OS as it would be used in the real world. Many places can't afford the licenseing and software to split the services up on several machines.

This is not a Linux rules, MS sucks thing. I use both in my job, as well as Windows and MACs. All have their place. I'd like to know how W2K is going to standup in the real world. I don't care how many people are trying to break in at once or how many hits the server is getting, it shouldn't need a reboot, especially because the "logs are full". That should be true of any server OS. Perhaps that's just poor sys admining though, since a good admin would be setup to have those logs trimmed automatically before they got too large.

Personally I think it's just a PR thing for MS. Take a box and lock it down as tight as possible, to the point of being unusable in the real world, and see if somebody can break in. If nobody does they can say W2K is secure. If somebody does get in, they can blame it on a bug in IIS, not on W2K itself.

Re:Real security for 2000 and beyond?

Exactly the type of response I would expect from a braindead Microsoft proponent.

"Better to remain silent and be thought a fool, than to open your mouth and remove all doubt."

Re:What's this crap? Rob - limit the comment size.

[Chris+Johnson]

My guess is, it's an upset Microsoftie trying to get revenge by DoSing Slashdot.
Funny... we're still here...
The pathetic thing about all this is how clear it's becoming that NT+IIS, even in the most _relentlessly_ protected environments with a firewall cutting off everything but http, will still crash and burn in a matter of hours at the whims of teenaged script kiddies. Most of the damage wasn't done by the heavy guys. It's all the teens going, "Okay- I'll ask it for the page 'GHIGBDBWDBFJHJHWIGHFKJHbkjbKJGBihsdgifijfhfijhjif hidfijfijhhtmhtmhtm.htm.htm.htm.htm' which killed it. And no one particular garbage-request did it, either- the thing just started wobbling and went _down_. I don't think the MS people even _know_ what failed.
There is no joy in Redmond. Nobody won the contest according to their rules... but they surely expected a server _that_ shielded to stay _up_. And it just isn't.
Moral of the story? Don't bother trying to break MS stuff with cleverness. Just swamp it and it'll fall over...

Re:Anti-Microsoft for no good reason?

[hadron]

>No developers want to work on Mozilla because the code is not open source.

Are you on crack or something? Last time I checked, Mozilla was under an opensource licence.

Re:Smart move for Microsoft Excuse Me??!!

[GreyFauk]

3:22pm - Network connections down due to router failure, possibly related to thunderstorms
and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure



I uh... wouldn't post these kinds of statistics for MY server.
6:16am up 101 days, 17:50, 29 users, load average: 0.00, 0.00, 0.00
I did the installation and set up 32 days earlier than that.. but someone kicked the power plugs out.
Gee.. no re-boots... no problems.. nada... *shrug*

uhh.... ?

any particular reason the box is refusing connections? or has someone done the trick?

I cant believe this

[ArnieRimmer]

Christ!

All the time you moan aout microsoft opening stuff up to the community and here it is asking for your help and knowledge. Its a small step but it's still a start.

The router stuff is a bit suspicious.

Restarting the machine 'cause the log is full could be valid. If they are using the log to generate the "status" page they would need to clear it and then change it's settings so they didnt have to do it again.

Lighten up and quit the boring, tired and annoying bash/gloat stuff. As usual you continue
to shoot yourselves in the foot with these witless
remarks.

You all claim to be in this game for the good of the wider community - well doing this helps people
who (for whatever reason) are going to use win2k.
Do as you would be done by.

Status: UP?

[Dilly+Bar]

Well, let's see... If the server goes down I can't very well check the status page to see the message telling me that the server is down, now can I?

Re:It doesn't need our help

. at least put a decent router on the damn thing, you silly 100 billion dollar company!

Not USD 100e9, that's what Bill Gates owns alone.
The company's market capitalization AFAIK is at USD 500e9.

Keep It Simple Stupid

Before trying to "crack" a machine, maybe you should have first tried to connect to it via http or at least ping to insure it was actually up and connected to the network?

Earlier today, they apparently lost their internet connection, as I was unable to ping www.windows2000test.com, much less their nameservers at ns1.winisp.net and ns2.winisp.net.

Traceroutes to the site work fine right now.

C:\WINDOWS>tracert 207.46.171.196

Tracing route to 207.46.171.196 over a maximum of 30 hops
[snip]
13 182 ms 164 ms 159 ms 207.46.175.250
14 530 ms 1105 ms 558 ms 207.46.171.196

Trace complete.


Ohwell, I know for one I am truly impressed by your fantastic "cracking" skills. However I'm not terribly impressed with your mediocre troubleshooting skills. :)

Steve (MCSE - just cause I know that bugs you Linux guys)

No explanation

[just+someone]

No explanation for the failed user log in messages from the WEB SERVER.

Re:No explanation

Didn't their status page say that some of the services didn't restart after the first reboot this morning? Wouldn't that explain the failed login attempts?

Re:No explanation

[Mike+A.]

10:47am - Some services failed after reboot

That problem could conceivably have been responsible for the failed user log in messages. Though I would find it astonishing that anything worked if the logon service was hosed.

On the other hand, on such a clean box, why would services fail during startup?

Re:w3rd

hm...

schizophrenia and multiple personality disorder are two ENTIRELY different things....

:)

Average Win2kTest Uptime

[kspett]

The average uptime before reboot on www.windows2000test.com is 14.4 hours.

This does not even count the router failings due to poor star and astral body alignments.


Kspett

Re:Average Win2kTest Uptime

[thingy]

I have been reading a lot of press on this haven't done much with it but there are no real statistics here. The linuxppc chalenge gives you the memory usuage and uptime right to the minute why can't M$ do something like that?

Also with all the blunders with this project and this being their best of the crop why is their stock not going down. I have been hearing a lot of press about this. Do investors take this into account or just say since it is m$ they know what they are doing. I know nothing of stocks really but if your newest and best producted was tested in the 'real' world and broke ever 14 something hours I wouldn't want to invest in it.

Re:who cares?

"Let me get this straight. They expect met [sic] to crack their software ..."

No.

They do not expect YOU personally to do anything.

They are asking those interested in helping out to help out.

Jeez. Typical bloody SlashDot mentality you have there. Instantly assuming that EVERYTHING any company says or does is directed solely at SlashDot and the associated Linux "community".

How sad.

Re:BETTER STILL... an Open Source answer

Already done: crack.linuxppc.org

Have fun.

Trick?

[UnkyHerb]

Is this just a trick to get us to crack/hack into their server, so that they can get help from the "smarter" community? Think about it, we crack it, they find bugs, who's winning here? If they admit someone got to it ( not that router failure shit, if there was router failure how come their microsoft.com site is never down?....hmmmm ). Still would be cool to get into it and rub it in their face.

it must have been hacked

[toast0]

the page is actually loading correctly w/ netscape 4 now

Re:It's back, but still no telnet.

[sonoffreak]

Wow, it looks like every UDP port I scan is open!!!! (note: sarcasm)

Genius, have you thought that maybe none of these are open. Thats U-DP.

Re:Smart move for Microsoft

[MonkeyPaw]

I got this. Looks like a new IIS 5.0. Good, another product from our friends I don't have to use.

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Content-Location: http://windows2000test.com/Default.htm
Date: Wed, 04 Aug 1999 05:14:37 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 04 Aug 1999 01:58:16 GMT
ETag: "e0711dd11cdebe1:a4a"
Content-Length: 7103

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

dos attacks is consider a successful crack? are you on crack yourself? DoS is denial, nothing more, nothing less. just a script kiddie with his thumb up his ass that cant do anything else.

Slashdot Slashdotted?

[Microlith]

Has anyone considered spreading this talk load over to some other service (IRC, maybe?), because i think /. is, sadly, being squashed (it's been 6 hours since it's posted that SPAM article).

I invite everyone to #windows200test on EFNet (nt)

[Microlith]

.

Well spank the cow and call me Francis!

[toaster13]

1:13am and www.windows2000test.com is still refusing connections. It hasn't accepted one since about 2 or 3 this afternoon. Oddly enough i was going to the status page from the main page and it died. MY BAD!

Down again :-)

2:19 EDT. The box is down again. Pretty impressive
performance I must say... ;-)

Re:Down again :-)

[thingy]

has anyone tried this takeing an image and trying to go through https. It was on securityfocus and I am not sure if it has been fixed or what. They said that the iis people know about it but i am not sure if it is working?

Re:software firewalling??

[kennylives]

Yes, W2K has the ability to do packet filtering on its own as well as applying IPSec to the connections that it does allow.

It's not as comprehensive as a "true" firewall; not all the bits in the headers are available for filtering, but the standard stuff (IP addresses, protocols, UDP/TCP ports, etc) is trapable...

Apparentlyt they haven't figgured it out yet...

[ivan256]

It you go to the "status" page, you see this message

10:45am - Reboot because the System log was full

Why did they have to reboot for that? Why do they have to reboot for anything!?!

Re:Apparentlyt they haven't figgured it out yet...

[Bombcar]

YAA! Cmon' Rebooting 'cuz the log is full is the same as rebooting 'cuz /var is full. oh wait. We did have var fill up and we did NOT reboot. NOTNOTNOT! Didn't even bring it down to single user mode :)

Re:Smart move for Microsoft Excuse Me??!!

[GreyFauk]

No... admittedly the users aren't doing that much.
That also doesn't count the Icecast server (4/128kbit streams),
the active ftp site I run. Not to mention all the
folks connected to the other services I host like:
4 Mucks. 1 Mud. 1 XSW server and the quakeI
server for my lan.

I'd say that's not bad at all for a little p-100 (586)

Try running half that with M$... *sheesh*

Re:It's worse than that, it's dead Jim

[Pascal+Q.+Porcupine]

My bad. I was under the impression that most ethernet cards did their own ICMP handling for some packets, most notably ping. Guess not.
---
"'Is not a quine' is not a quine" is a quine.

Re:Muhahhahha

the machine is sitting at 207.46.171.196 (as of 8/6/99).

when did you scan?

-Primus

Re:javascript errors?

[An+Ominous+Cowherd]

Okay kids, it's real simple, and it makes your life much easier-- us old geezers from back in the Netscape 2.x days when Java was even more broken than now have had our browsers like this for quite awhile:

Click Edit.

Click Preferences.

Click Advanced.

Turn off Java.

Turn off JavaScript.

Problem solved. Also fixes the annoying pop-ups on pr0n sites and geocities.

Now quit whining and CRACK THIS SITE!!!!

Re:Javascript Dies in Netscape

[smof]

Not 100% true. In Europe typeface designs are protectable.
(Compuserve/AOL UK claims over 2 million users IIRC, Freeserve over 1 million, so it is getting harder to ignore the rest of the world and pretend the web is US only)

And (according to the comp.fonts FAQ) in the US
"scalable fonts are copyrightable" (though as in all law, this isn't necessarily absolute) True Type fonts are scalable fonts (last time I checked), but bitmapped fonts aren't (so you can use System!)
The FAQ can be seen at http://www.nwalsh.com/comp.fonts/FAQ/cf_13.htm#SEC 33

Of course the font *name* may be a trademark (and quite often is) and as such may only be used with permission (and so couldn't be applied to someone else's font even if it looked identical), but the whole area of trademarks is a different can of worms!

The Magician

Re:Muhahhahha

because linux=suffering, os/2's PM owns you.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

A denial-of-service attack is not a "crack" but it is still a serious security issue that needs to be prevented if possible.

For example, imagine a suitably formatted HTTP request that caused the NT machine's webserver to crash. Although the hacker didn't gain access to any logins or take away any private information, she or he can still deny others the use of the machine at will, by sending just a few packets.

The problem with NT servers, of course, is telling the difference between denial of service and ordinary machine performance!

linux rules by example how about microsloth;-)

hi, this is too much;-) seems to me this should be sent to the media like cnn and so on and all the print media so that they can inform the uninformed on the comedy of the situation. linux rules by example .. how about microsloth?

Re:Hmmm...

[Orion2o6]

Seattle had it's worst t-storms in 15 years yesterday. There were over 2000 lightning strikes recorded over a 6 hour period. We're (CIS Dept. of SPU) on UPS systems, but that doesn't neccesarily mean that all systems are good to go during a power outage/flicker.

Context Reading 101

[cswiii]

:As the notes state, there is a magic bullet.

No, the note does not say there is a specific "magic bullet".

Read this again, children....



"For this testing, we are intentionally not putting these machines behind a firewall. This means that you could slow these machines down by tossing millions of random packets at them if you have enough bandwidth on your end. If that happens, we will simply start filtering traffic. Instead, find the interesting "magic bullet" that will bring the machine down."


In other words "DoS attacks don't count. Perform a real security hack, not some little script kiddy prank"

Re:Anti-Microsoft for no good reason?

[jefe289]

Here's the thing: I have no desire to make Windows any better with MY brain... (not that I'm certain I could do it anyway, but that's not the point). See, I know that Windows is not the quality product that I support, and it never will be. I could elaborate, but briefly, it doesn't have the functionality, the stability, nor the open source background that Linux has, and it never will.

And since I feel that Linux and open source coding is the way to go because it is better and viable, then I feel I have no business supporting the wrong solution.

Microsoft is only using YOUR brain and your most dear ability (uncompensated honest help) so that they can turn around and market/ sell it on that shoddy system.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

I know nothing of hacking, but I do know that a strobe will show some available ports, and is a tool to check security on a site. After I read the article I went right to it and strobed it, after all they pretty much said I could right? Well what kind of slashdot effect would that be if everybody did it? Everyone strobing the site, would that cause a DoS?

Re:Nonsense.

[mischief]

The contest isn't as valuable to the community as it would be if w2k was open source, but it is nevertheless valuable. Yes, by attempting to crack the site, you are helping Microsoft, but you're also helping to produce a more secure operating system. Like it or not, w2k is going to be snapped up by millions of companies, and I for one would be much happier if all those millions of companies had a secure operating system instead of the bug ridden piece of bloatware they have right now.

One of the major criticisms against Microsoft is that they don't learn from their mistakes - as I remember someone saying once, you'd think that they would figure out that the scrollbar doesn't have to snap back to the top of the screen just because you've moved your mouse a certain distance from it - but they are actively saying here "hey, we want you to show us how we're doing things wrong".

By cracking the site, you are giving back to the community by providing the community with a more secure operating system, albeit one you have to pay for. Marketing departments are going to take advantage of the situation either way, but hey, that's what marketing departments do.

Just my 2Kc.

--

Down Times

[MonkeyPaw]

No, they won't admit to downtime because of software and OS problems OR a crack.

I just checked out the "status" page at the site and they are blaming downtimes on router failure, networking problems and thunder.

I want to know what the hell router they use that is SO affected by thunder. I live on the Oregon coast and our Cisco router has never even blinked, and we get some nasty storms around here.

I one would think they'd take more care on a test machine. Do you think they just plugged everything into a outlet with no UPS or surge even?

Odd if you ask me.

(from the website)
8/3/99 Events

3:22pm - Network connections down due to router failure, possibly related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure

Re:Down Times

[meej]

I want to know what the hell router they use that is SO affected by thunder. I live on the Oregon coast and our Cisco router has never even blinked, and we get some nasty storms around here.

Nobody's router is affected by thunder, silly. It didn't say 'thunder' anyways. Perhaps you should brush up on your reading comprehension skills....

The Puget Sound area had some pretty violent thunderstorms Tuesday afternoon. We had brownouts all afternoon, and something like 1000 lightning strikes in the area (that'd be air-to-ground strikes, with very little lighting remaining in the clouds), according to the news. Trees exploded from lightning strikes. Potential Darwin Award candidates were taken to the hospital. Alarm clocks were blinking when people got home from work. The W2K test machine was far from the only machine at MS affected by the storms, and MS was far from the only location in the region affected. So, the storm explanation on the status page isn't anything to get worked up about. Calm down and find something else to be picky about.

Re:Down Times

hmm...
doesn't this part of the log:
-----
11:02am - Services restarted
10:47am - Some services failed after reboot
10:45am - Reboot because the System log was full
-----
basically say win2000 shouldn't be used as a server?

MS expects us to crack a site that's mostly down?

Status

Current Status: UP

8/3/99 Events

3:22pm - Network connections down due to router failure, possibly related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure

© 1999 Microsoft Corporation. All rights reserved.

Re:That dosn't make any sense...

[andyschm]

It probably isn't real, but it is true that the website does not work correctly in Netscape. It looks like screwy CSS or something to me.

Re:A dreadful way .. Another reason

[Kwil]

Another problem this contest has it that it doesn't address one of the fundamental issues of keeping a system secure: having security conscious users.

After all, a large number of cracks are done through trojan horses. If you have a system who's users are given only the job "Make sure nobody breaks in", you're simply not going to be able to slip a trojan into it. They'll be alert and deleting any and all executable files without running them.

Put this in an office though where the people basically only know how to run their specific software and the email program and a whole world of opportunities open up. If it can stay secure under those conditions (say with lots of appropriate warning messages, auto-scanning incoming files, etc.) then you only have the problems that Mr. Spafford outlines.

Kwil

Re:Slashdot Slashdotted? Busted

[just+someone]

No, the custom user pages are just broken, over simplified.

I've got 174 comments showing. If you click on the item, you get the real count.

Muhahhahha

[miahrogers]

they better hope that site ain't networked to anyother microsoft sites... MUhahahahhahaha
/.firstpost if i get it!!

Re:Muhahhahha

[Synic]

why the hell is this "Score:1"?
I thought filters were for removing first post and flaming garbage.

Re:Muhahhahha

Posts made by people who aren't anonymous default to score:1.

*sigh*

Re:Muhahhahha

The site is already down...I can't access it from my machine.

...huh, Microsoft sucks

Re:Muhahhahha

[Steve+Bergman]

Hmmm... Both nameservers for that domain appear to be inaccessible. :-)

Can anyone post the ip address of the www host?

-Steve

Re:Muhahhahha

Hate leads to Linux???

This can be a force for good...

[Bill+the+Cat]

If MS provides detailed info about successful attacks, and uses the info to improve Win2K. Of course, can we trust the info that comes from their corporate mouthpieces?

Re:This can be a force for good...

[sraasch]

Does this sound a little "open source-y" to anybody else? I thought M$ didn't care for the concept!

Javascript Dies in Netscape

[ChiefArcher]

I guess that want to leave the UNIX crackers out of this... Javascript dies in Netscape for me..
=(

Anyone else experience this?

Chief Archer

Re:Javascript Dies in Netscape

Hey, it's not Microsoft's fault that Netscape is at least two years behind the times when it comes to DHTML/CSS/XML

Hey, yeah. Instead of struggling for life while being raped by Microsoft, they should have used their energy to improve DHTML, CSS, and XML support.

When godzilla is standing on your windpipe its hard to wory about how your hair looks.

Re:Javascript Dies in Netscape

[KevCo]

It dies for me in Communicator 4.6 under windows too. But if I scroll down past the screwed up crap, the content is still visible.

Re:Javascript Dies in Netscape

[Syslevel]

They can't fire the guy who wrote Netscape.

Re:Javascript Dies in Netscape

Sad thing is, I'm not quite sure if this was intentional. Look at this tag:

FONT face="Verdana, Arial, Helvetica" size=1

Isn't Arial what Windows calls Helvetica? I'm starting to wonder if the "poor" saps just don't know any better...

Re:Javascript Dies in Netscape

[flieghund]

I use a Mac at work, and it has both Arial and Helvetica. I don't know if it is just my Mac, but there are subtle differences between the two (kerning, letter shape, etc.). However, the two are close enough to be used interchangeably across platform. (Of course, since I have Arial on my Mac and most PCs don't have Helvetica, I tend to avoid Helvetica like the plague and stick with Arial.)

A larger issue here is the use of . I was skeptical at first, but the advantages of CSS over the FACE attribute far outweigh the drawbacks. I seem to remember it was M$ that had a hand in developing the tag, though I know Netscape was no less responsible.

Re:Javascript Dies in Netscape

It's called 'cross-platform'. It's so Macs will recognize the font. (still known there as Helvetica)

Major fonts have been ripped off by every major foundry and been renamed. Some have over 10 iterations.

Re:Javascript Dies in Netscape

[theCoder]

I don't have a copy of Netscape here (I'm at work), so I can't confirm this, but in looking at the source code I would suspect that Netscape is dying in the function "done()" at line 89. That function tries to access the object "Windows" which seems to be a DIV declared on line 96. This function is being executed from the "onload" attribute of the BODY tag on line 55.

It seems that netscape is trying to execute this function before loading the DIV, while IE (and Mozilla) has either loaded it already or scanned the file to find that object.

As for what is correct in this situation, it would have to depend on when the "onload" function should be called -- before the page is fully loaded or after. IMHO, I'd probably have to say that IE and Mozilla are probably doing it right (no error vs. error).

I don't know why there is a spacing problem in Netscape (but I wouldn't be too surprised if it's intentional). Anybody know if Netscape or IE is interpreting the HTML "wrong" (please don't define "right" as what netscape does -- define it as you'd expect a browser to behave)?

Re:Javascript Dies in Netscape

[ZenBoy]

When I open it, Javascript dies, and when I do get it to open (IN IE 5) when I click on the guest book, I'm magically whisked to freebsd.org. I think somebuddy may have phuct it already.

Re:Javascript Dies in Netscape

[Bob9113]

yup, is not Netscape compatible.

Funny $hit.

Re:Javascript Dies in Netscape

I run linux and I'm gonna hack it. And when the interview me for the article, I will use the word hack just to piss you off.

Re:Javascript Dies in Netscape

I use a Mac at work, and it has both Arial and Helvetica. I don't know if it is just my Mac, but there are subtle differences between the two (kerning, letter shape, etc.).

Helvetica is owned by Adobe (or someone) so a replacement for it has to be different.

Re:Javascript Dies in Netscape

Confirmed.
I'm using Njetscape 4.61 on a Slowlaris. Died on
me too. The guy who wrote that piece of crap
should be shot or at least get fired.

Re:Javascript Dies in Netscape

Yes. It's almost funny, but not quite.

Re:Javascript Dies in Netscape

When you crack it, please do everyone a favor and make the damn think Lynx/Netscape compliant.

many thanks

Re:Javascript Dies in Netscape

Bleh.... don't worry about viewing the pages in a fancy browser/html format. Just go to the page. Get the error. Hit Ok. Then view the page source. Then you can read the entire page, and begin your cracking.

Re:Javascript Dies in Netscape

[The+Silicon+Sorceror]

I got a Javascript error for Win32 Netscape, too. Interestingly enough, the site works perfectly under Internet Explorer.

Get a frigging STANDARD!!!

Re:Javascript Dies in Netscape

[Romen]

I'm currently running Windows (I hate my job) and it still gives me Javascript errors. The most humorous one was "Windows not recognized."

Romen

Re:Javascript Dies in Netscape

[flieghund]

I use a Mac at work (please don't hurt me). For what its worth:

Netscape 4.08 (Mac) -- garbled mess

Explorer 4.5 (Mac) -- "as intended" (though not really much better 8^)

lynx -- as good as one can expect (at least it loads)

I spend a lot of time reworking sites so that they will at least load in both major browsers... and I know I don't get paid nearly what the "genius" who put this site up gets. I know I should get around to learning the "new" DOM better, but my initial perusal leads me to suspect that is the problem.

Re:Javascript Dies in Netscape

[javac]

Well, as much as I hate to admit it, it works with IE4

geach

Re:Javascript Dies in Netscape

[mistabobdobalina]

heh...i think he meant the guy who wrote the ms page. funny comment anyway...

Re:Javascript Dies in Netscape

It has a lot of CSS too which is probably confusing netscape 4.x a lot.

Re:Javascript Dies in Netscape

Unso. You can't copyright fonts in this way (though you can copyright the code which produces fonts, as a computer program)

jsm

Re:Javascript Dies in Netscape

[sql*kitten]

Hmm.. MSHTML , I can't find that any where on W3C.

Look under CSS, XML and DOM.

What, Mozilla doesn't support these standards? ooops.

Re:Javascript Dies in Netscape

[llzackll]

Hmm, Netscape 4.08 Navigator standalone doesnt die on this page, but the text does appear in the wrong place, I have to scroll down a bit to read it.

Re:Javascript Dies in Netscape

[dattaway]

I won! Where's my prize? I broke its Java! I couldn't even see the rules, now what were they? Microsoft can't seem to write HTML worth a damn.

Re:Javascript Dies in Netscape

[panZ]

>Get a frigging STANDARD!!!

This is hardly an accident or problem with standards. Its not even breaking news for that matter. Micro$ft is notorious for making all of their web pages do quirky things to non-IE browsers. If I break this thing, I'll post a simple html with links to d/l alternative browsers and a heartfelt message to the micro$ofties. This server is /. fodder. Maybe we can load it up with a copy of Stampede and issue Winblows the autoboot & config command remotely. =)

Re:Javascript Dies in Netscape

[Laner]

Hey, it's not Microsoft's fault that Netscape is at least two years behind the times when it comes to DHTML/CSS/XML.

Re:Javascript Dies in Netscape

[aidoneus]

And yet another wrinkle...
Just for kicks (and to see the type of damage it would do to my system here at work... tee hee) I decided to try it in Mozilla, specifically build 1999071417 and guess what...
It works, flawlessly at that. Funny when I rebooted and tried it in NT using IE4.0 it couldn't even do that.
Any ideas as to what the devil is going on?

Now I just need to see if I can break into it, play with some bios settings, and hoping the machine has a softbios, just adjust the voltage to the cpu...

consider it payback for my monitor exploding.
(and yes, I am just kidding around about the voltage settings to the CPU. the monitor is a whole other story though...)

-j

Re:Javascript Dies in Netscape

[zaw]

Hmm.. MSHTML , I can't find that any where on W3C.

Re:Javascript Dies in Netscape

I define right as what is agreed to by the standards commitees. Microsoft is notorious for doing things their own proprietary way and trying to push out the competition by pushing their own standards. I would guess that MS is handleing this incorrectly and the programmer is an idiot, but that's just an educated guess. BTW Mozilla is/was Netscape and was paramount in instituting most of the standards B4 MS started screwing everything up.

Re:Javascript Dies in Netscape

[felixmeister]

• 1. Its not, neither is Opera for that matter.
• 2. It is microsofts fault that 90% of their html editor produce 'broken' html. Like using character entities that are reserved for control characters etc.

Re:Javascript Dies in Netscape

[Matt-69]

Netscape 4.6 displays the page flawlessly in Win98... so does IE5 for that matter. Odd

bfs

bfs

Re:bfs

as in Be File System? wtf?

Netscape

[Roofus]

Great, they can't even create a site that works with Navigator 4.0

Re:Netscape

[snow+dog]

I get a javascript error on communicator 4.6....

Re:Netscape

[cemerson]

It works for me in Netscape 4.08 and Mozilla M8.

Of course I keep Java and Javascript disabled. Solves more problems than it creates.

Chris

heh

[galore]

i get a javascript error when i try to view this site... when i look at the javascript console in netscape, all it tells me is "Windows is not defined." how true it is.

later,
ian

Re:heh

yeah, me too. Mebbe somebody already cracked it & they just never 'fixed' it :)

Real security for 2000 and beyond?

[Pauly]

If it can withstand /. effect, I'll be impressed.

//Pauly

Re:Real security for 2000 and beyond?

It seems to be cruising right along for me.
Are you impressed yet ?

Re:Real security for 2000 and beyond?

[BuBu_]

The Slashdot effect? What are you planning to do? get a bunch of your friends around then go and flame the hell out of them? By saying something like "YOUR 0S SUCKS! USE LINUX WOOOOOOO!" Yeah, great idea.

Re:Real security for 2000 and beyond?

[MindStalker]

Obviously your a new user here, or just haven't been paying attention. The slashdot effect, is a semi-natural phenomenon, in which a article/url is posted on slashdot that everyone wants to checkout/read. The server holding that article is generally not prepared for an increase in hits of several thousand people within an hours time, crashing the server. The server is then known as being slashdotted. Every once in a while even slashdot gets slashdotted, when other news agencies link to slashdot, but in general the effect is named after slashdot as we tend to create such an effect more often than most other news sites.

Machine messed up already?

[elvum]

Is it just me, or have hackers* already messed up the javascript front-end? Neither Netscape 4 nor IE3 seem to like it. Or is it just that the only hackers Microsoft want to attract are those that use the latest version of IE ?!?!?

*or incompetent Microsoft employees

Re:Machine messed up already?

[cswiii]

:is it just me, or have hackers* already messed up
:
:*or incompetent Microsoft employees

hey, we already have enough problems with people equating hackers == crackers. let's not start equating M$ Employees with hackers, as well... :)

Re:Machine messed up already?

or equating hackers with wanna-be SLASHDOTTERS who don't know shit about code, but love to use the M$ acronym for Microsoft.

y0r c00l d00d

I feel ashamed

[ochinko]

I regret that I lack the skills to hack their site in order to hide all those stupid 'M$ sux, Linux rulez' messages from their guest book. There's no other site I could think of that could make Linux users look more imature than this one.

Re:I feel ashamed

[Wedman]

I'd be more ashamed to be a Windows user that posts something to the same effect:

"Windows RuLZ! LInUx SuCKS!"

The Intel BEAST to run IIS

[Wedman]

I wonder what kind of intel beast is required to run the bloated OS?

Check out the Status link in the site:
----
8/3/99 Events


3:22pm - Network connections down due to router failure, possibly related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure
----

Heh. Power failure?! Router problems? Are they SURE?

Re:The Intel BEAST to run IIS

[spectecjr]

Kinda cool... destroyed the elevators in my apartment building...

http://www.msnbc.com/local/KING/340593.asp

1,000 lightning strikes in 4 hours

SEATTLE, August 4 - Two men were hit by lightning and nearly 20,000 utility customers lost electricity in thunderstorms around the Puget Sound area Tuesday afternoon and evening.






THE NATIONAL WEATHER SERVICE reported 1,000 lightning strikes in 4 hours Tuesday afternoon and evening.
Authorities said 44-year-old David Smith of Renton was treated and released from Auburn General Hospital after being hit by a thunderbolt next to a snack bar at Lake Tapps.
A 32-year-old man is listed in Satisfactory condition at Harborview Medical Center in Seattle after being hit near the Husky Union Building at the University of Washington.
One strike apparently hit the Space Needle, but employees there said they were not aware of it.
Meanwhile, a lightning strike in Auburn sparked an explosive barn fire. A propane tank and an acetylene tank inside the southeast Auburn two-story barn exploded in the fire. Half the barn was destroyed, but no people or animals were injured.
Officials at the National Weather Service said the storm was active, but not necessarily severe or rare. The National Weather Service said lightning strikes numbered up to 84 in one 15-minute span.
Across the Cascades, lightning also was suspected to be the cause of a brush fire that burned about 150 acres a few miles north of the town of Chelan on Tuesday night, a Chelan County fire dispatcher said. No homes were threatened.
The dispatcher had no estimate on when the blaze might be contained.
The storm was caused by a warm, unstable air mass floating up from northern California, sitting on Seattle and continuing toward Canada before dissipating in the early evening.
Power outages affected 8,200 customers of Puget Sound Energy, 10,000 customers of Seattle City Light, 1,100 customers of Tacoma City Light and 400 customers of the Snohomish County Public Utility District.
Utilities crews worked throughout the night to restore power.

Re:Hmmm...

Power outages are one thing, but if your link goes down, then you are screwed.

RTFM

http://support.microsoft.com/support/iis/moreinfo. asp

Re: HTTP must have been running

[just+someone]

It sent a response back. Must have been running.

Log in Response, or actual web page. Both came back.

It was just really really confused. Probably a big cache problem. Some sent a request with a password, bad password. send back reply. keep sending reply back until server realizes it is not the right one, cache new one... now someone sends a password...

There WERE thunderstorms in Redmond...

And the lights at MS /WERE/ flickering intermittently...
but not at 10:30 am

Thunder Storms

[sir_natas]

First off I hate MS. But there were wicked thunder storms in Seattle yesterday. So the router problems are probably correct. If you saw it on the news it was crazy lightning!

Re:"Rules of Engagement"?? WTF?

Hmm... I read through their grounds rules, and they were nothing at all like that... I'm assuming you actually read them, rather than to just randomly flame them.. That may be attributing far to much intellect to you though.

Here are the actual ground rules for those that can read.

1. Make it Interesting

Good safe computing practices on the Internet involve placing
critical systems behind firewall-type devices. For this testing, we
are intentionally not putting these machines behind a firewall. This
means that you could slow these machines down by tossing
millions of random packets at them if you have enough bandwidth
on your end. If that happens, we will simply start filtering traffic.
Instead, find the interesting "magic bullet" that will bring the
machine down.

2. Compromise an account

Windows 2000 computers can have multiple user accounts and
groups. See if you can find a way to logon with one of these
accounts.

3. Change something you shouldn't have access to

See if you can change any files or content on the server. If you
manage, no foul or rude statements please.

4. Get something you shouldn't have

There are hidden messages sprinkled around the computer. See if
you can find them.

5. Our goal is to configure the system to thwart your
attempts

The goal is to see how a properly secured machine will stand up
to attack. These machines are configured to prevent known
attacks.

6. This is a test site

You are welcome to attempt to compromise this site, and this site
only. This is your chance to do a practical test of Microsoft
Windows 2000's security.

7. Tell us about your exploits

If you find something, send us some email at
w2000its@microsoft.com.

Well, Neither does slashdot.

[Rocket+Boy]

Just to point a comparsion out, Slashdot doesn't pass that test either.

Neither do a lot of sites...

Re:Has anyone seen this?

[Kerg]

Well, it seems they also added code patches during those router failures in their guest book ASP. Things like not accepting escape codes, HTML redirects, etc etc.

Didn't get into their status report tho. So I'm not so sure, if someone actually would crack it, that they'd announce it in their status page.

free testing

hahahahaha microsoft just wants free testing from the best people in the world

Re:Smart move for Microsoft Excuse Me??!!

"I uh... wouldn't post these kinds of statistics for MY server.
6:16am up 101 days, 17:50, 29 users, load average: 0.00, 0.00, 0.00
I did the installation and set up 32 days earlier than that.. but someone kicked the power plugs out.
Gee.. no re-boots... no problems.. nada... *shrug*"

Big deal, it's not like your system is being used very much is it. Load average 0.00,0.00,0.00? Gee, how can it stand the strain? Those 29 uses must not be doing anything.

Its down again

[toaster13]

Well boys www.windows2000test.com is down again as far as i can tell. It doesn't even have a dns entry anymore...
some operating system, they can't even keep it up for 24 hours. Oh and what kind of logging system makes you reboot once the logs read a specified length?

Hahahaha...

Sure we'll labour for MS and provide them with all the testing and information that is usually recieved by the OS community for OSS so they can then slap a fat, MS typical, price tag on it without releasing anything as OSS.

Sure, when hell freezes over I might !!!

Status Down?

[just+someone]

9:46 PDT

Seems to have dissappeared.

Tried to see what the first messages in the guest book were (end>). Have not heard from it since.

WOW! It must be good

[PenguinII]

I'm verrry impressed so far.

Except for the obvious suspision of the
"Router failure"
,This server seems to be very nice.

I've gotta admit that if i put a linux machine up there it under those conditions it would break in 10 secs :) (the wonders of open source.. easy to find probs)

/me really loves playing starcraft behind his linux gateway and watching the occasional DoS come through. (but im getting a bit sick of starcraft.. dumb non-free software, great game though)

Re:WOW! It must be good

[Fr05t]

http://crack.linuxppc.org/ same config, but with telnet enabled. Hasnt gone down yet..

Fr05t - Why havent Hambuger McFlurries caught on?

Re:WOW! It must be good

[toaster13]

are you on crack dude? the server is running jack,didly and squat. I could put a win98 box up there and outside of normal DoS 's it'd be invulnerable. A server that has 3 pages (that render incorrectly anywayz) and no services open outside of port 80 is impossible to break into, however its hardly a test of security. They could also unplug it and ask us to crack it. It would be about as usefull to them and just as secure.

Re:Smart move for Microsoft

[Helge+Hafting]

Outcome 4:
Someone breaks in. He removes all evidence of this, so it isn't noticed. Then he writes a new version of backorifice or a win2000-virus...

Re:Not using linux according to HTTP header

[noosphere]

they may have ripped off the BSD TCP/IP stack

11:50 AM CST - SERVER down, not router.

[GeneralTao]

I don't know what their excuse is this time, but the server is down. NOT the router:

--- 207.46.171.196 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

Another box on the same subnet (assuming 207.46.171.0 is not further subnetted)

--- 207.46.171.10 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 75.8/78.0/80.2 ms

The router is NOT dead as evidenced by the fact that .10 is off the same router as .196:

...
13 207.46.175.250 73.138 ms 79.384 ms 91.985 ms
14 207.46.171.10 76.675 ms 77.239 ms 74.358 ms

linux users - i'm impressed!

this again shows what those linux zealots really can do - nothing! just filling guest books and message boards with their crap, as always.

if you really want people to "phear the penguins",
you'll have a lot to learn.

Re:linux users - i'm impressed!

Please don't post your Micro$oft loving, FUD spreading, crap here. Thanks. Have a great day.

BTW- At the time of this posting the site is really screwed up. So maybe "nothing!" is something, we'll see.

Re:linux users - i'm impressed!

[Fr05t]

Actually the saying is "Do not fear the penguins"... In the last 24 hours Windows 2000 has been down serveral times. So I think this means either MicroSoft is either:
(A)Lying. In that case it shows they have the most secure OS ever, but it is of no use because it crashes more than once a week (I would consider this a useless server OS), and to boot its crashing like mad while only running a Web Server that hosts a 4 page web site! I would have a better web server running Windows 3.11
or (B) It has ./'d which causes MS to resort to option (A) again. This just doesnt look good for them unless they invent some better fibs ;)

Fr05t - Do unto others, before they do unto you..

Re:linux users - i'm impressed!

same to you!

i guess your site would be screwed up, too, if thousands of wannabes would try to "crack" it at the same time, no matter what os you were running.

Re:linux users - i'm impressed!

[Black+Blade]

Well Mr. Coward, I think your comment would be more appropriate for the Guest book provided on the Windows test page. But you might not be able to get through. Gee I wonder why? Those pesky routers I guess - yeah sure.

It (may) be back up.

[Sangui5]

It appears to be back up (it responds to pings), but is refusing all connections to port 80. It may just be that they don't like me though :).

Can anybody get in on port 80?

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

[dirty]

Actually you can. Ever heard of IP spoofing? It's hard to do, and isn't anywhere near 100%. Also it's a one way connection, you can send packets, but you don't receive them. It could actually work quite well with this type of attack. Another thing that's difficult to block on the receiving end are UDP floods. Since UDP is wide open to spoofing you can flood someone's line and they'll never know where you are coming from. Something like this needs to be blocked on the sender's end.

Please read the post before you reply

[dirty]

For everyone who replied "DoS isn't a real crack" or something like that please read the post again. Especially the part where he says, "I mean if it causes the server to lock up or crash and stay that way when the DoS attack ceases." Sure flooding is one thing, and there isn't much you can do about that, but if the flood causes the machine to trip and stay down after the flood it's a problem with the machine.

Open the source and I'll debug it. Until then-bye.

Why should I beet myself to debug a closed source
system?? Me'eint crazi na, na.

It has been withdraw.

[Sangui5]

--SNIP--
The Windows 2000 Test Web site is currently unavailable.

For more information on Windows 2000 please click here.

We will have this site operational as soon as possible.
--SNIP

Looks like they're having trouble keeping the site up. Wonder why.

12:32 CST

Re:It has been withdraw.

[stuntpope]

yeah, I got that just now, and then when I tried again, I can't connect to the server at all! Pesky thunderstorms?

Hit it at 1:37pm EST

I hit the site at 1:37 EST and the guestbook, status, and rules pages either have been deleted or taken off line........

A moral dillema

[Sangui5]

I can't decide so it's up to /.

Should I tell M$ what I was doing to their machine right before it went down or not? What I was doing *probably* didn't take it down, but it may have. Should I bother telling them or keep it to myself?

No....

Yeah, I know I'm an anonymous coward. I'm really a lazy coward.

Anyway, if MS put something on YOUR computer that screwed it up (like say, their operating system) would they tell YOU? No. So don't tell them.

Site Down?

[atrus]

When I tried getting at it, no luck :) No response from the server, no ICMP ping reply, nothing :) I don't think we should exploit a pre-release version of Win2k, but crash it when it is released (if ever). Don't tell Microsoft about its weaknesses, let them release a buggy product :)

Re:Site Down?

so you have something to bash after all?

Re:Site Down?

[D.+Taylor]

Wow. They haven't disabled ping replies on this
machine, like every other *.microsoft.com site..

I can get to port 80 (only port open according to
nmap, but, it informs me:

Logon failure: user not allowed to log on to this computer.

Re:Site Down?

[Black+Blade]

I agree. Though it's fun to watch every one go at it. I don't see any reason to help Microsoft test their software. Let them test their own damn OS!

Ooh, went up for a minute or two...

[Digital_Quartz]

But now it's back down.

Did you hurt it

[Sangui5]

you mean nasty person you! Leave the poor thing alone. Kicking it when it's down. How could you?

Ahh... I get it (danger, severe sarcasm)

So it's proprietary because Microsoft adheres to the W3C standard, rather than Netscape's (horribly proprietary) standard?

Here's a dollar buy a clue.

While your at it, go visit www.m-w.com and look up proprietary.

Just because Microsoft didn't test it with Netscape's horrid 4.X browser doesn't mean it's proprietary - just that it wasn't tested. Get real. Who was it who is dumping their entire 4.x rendering architecture for the standard DOM (I'll give you a hint... IE 4 AND 5 both supported the DOM already).

The most secure M$ OS yet

[Supercoolin]

I think Bill has solved all the security holes is his lastest OS. Don't boot up the computer.

Re:Nonsense.

[jtgold]

The points you raise are reasonable, but none address the essential question: given a choice between improving the security of Linux and Win2K, which is more productive for the community? The answer depends on which community you believe that you belong to. I'll take the free software community myself, but those who prefer the Microsoft customer community are welcome to attack the Win2K test.

Dead and Buried...

[Axe]

Yesterday they carefully omitted extend of their downtime on the "status" page. It was dead for several hours. They lie about the router - a host on the same subnet was up.
What will they invent this time?

OO. Fixed..Clever Rob.

[Axe]

...or was it somebody else.. ;)

Doh ! The site is down !

[mazoo]

The M$ super W2K site is already down ! What a joke ! I guess it's going to be bad as Win98...

tell /.

tell /. Duh!

LOSE LOSE situation

this is a LOSE LOSE situation for us. Either we're successful and we help them fix their crappy OS, or we're unsuccsessful and they crow about how great their security is.

DON'T BE TRICKED. DON'T HELP MICROSOFT.

Re: Drat! Foiled Again!

[aressa]

Just tried the eEye iishax0r attack, tried to send BO2k over... no fun, didn't work...

A

m$ comments about javascript problem

[Numeric]

this was posted on their

message board

We have disabled the abilty of the Netscape browser to view our page for specific reasons. Please do not flame the messege board with comments pertaning to the inabilty to view the page in Netscape. Any comments relating to this should be directed at the Webmaster in charge of this page: jsmith@microsoft.com

Re:m$ comments about javascript problem

or an absolut crock of shit

Re:m$ comments about javascript problem

[dillon_rinker]

...specific reasons...

Sounds more like high specific gravity to me...

Re:m$ comments about javascript problem

[knuth]

Top Ten Specific Reasons Why Only MSIE Users Can View Microsoft Cracking Challenge

10. If you're doing lame browser detection, MSIE is fewer letters to type than Netscape, Mozilla, or even Opera.

9. Similarly, "JScript" is shorter than "JavaScript".

8. AOL^H^H^HMicrosoft is the Internet.

7. We left our copy of FrontPage at the default settings. But don't worry, it will all be fixed in FrontPage 2005.

6. We fear the mighty /. effect, and those fanatics wouldn't be caught dead using Exploder.

5. VisualBasic is more powerful and efficient than C++.* Likewise, Internet Explorer has that comforting familiar Microsoft Windows interface, so you don't have to learn that arcane, complicated Netscape setup.

4. You can't crack our powerful enterprise-level Microsoft(tm) Windows(tm) server if you can't read the rules we made up, nanny nanny boo boo.

3. We're weenies. We couldn't write "Hello world" in HTML, let alone use scripting languages.

2. 3l337 hAx0r d0oDz swear by MSIE.**

And the number one reason why only MSIE users are permitted to view the Microsoft cracking challenge is... drumroll, please...

1. Somehow the demo site was interfered with. Give me another chance, your honor.

*Editor's note: Microsoft actually says this on another page.

**Editor's note: swear at, more likely.

Re:m$ comments about javascript problem

[Elminst]

And if you believe that was a genuine Microsoft post, I have a bridge in brooklyn i can sell ya cheap.

All posts from microsoft are titled as the mcrosotf W2K team and there city, state and country are clearly listed under the message.
This message has no city, state or country.
And why, after initially presenting themselves as a team, would they give you a specific email address to send problems to. ESPECIALLY after giving the specific email to send problems to in several places throughout the site?
jsmith? yeesh at least try to be original in comnig up with an email address next time.

Re:They're asking the Internet to debug for them !

[Megaweapon]

Think before you speak. Do we really need to go over this again? MS sells proprietary softare. Having the net test their software only helps MS and Gate's pocketbook. This has nothing to do with "all that free and open jazz".

Re:And what does the Cracker get out of it?

Do crackers ever get anything out of cracking web sites? besides a mirror on attrition?

More FUD!

A quick scan of the standard ports
reveals that only port 80 is available.
No telnet,dns,ftp,smtp,pop3,imap,etc.

It may? be secure but is it of ANY USE!!!

Look like more FUD to me

Pathetic

This is one of the most pathetic things I've seen from MS in a long time. Try to get crackers to do your testing for you for free while MS profits off of their work in the long run. What incentive is there to find MS bugs and then tell them about it? Maybe if they offered some sort of reward program, based on the severity of the exploit? I think this is just another attempt by MS to exploit the whole "open source" movement for their own profit. Besides, unless you have access to the source code, you aren't going to find all the possible exploits right away, so the bug machine will just keep rolling along anyway.

If MS wants to reap the benefits of the "open source" way of doing things, they are going to have to open source their products in the first place.

Re:What an ugly site

[TheMeld]

And what's more, the javascript error message is:
Windows is not defined

HA HA HA HA!

Use Lynx

[Ded+Bob]

I see everyone failing to view the page using Netscape or IE. Just use Lynx. It works great for me.

Also, try turning off JavaScript before going there. It might help.

A fine use of Open Source Talent

[Scary]

All I see here is MS trying to have US find the flaws in There new OS. They don't want anything to do with open source or the community, but It's ok if we're FREE LABOR for them.

IMHO wait untill it's been relased to the public, don't give them the chance to fix the holes before it goes to golden master!

Re:javascript errors?

[Breakdown]

You are right, the function done seems to only be written for the way IE handles stylesheets. The Netscape code seems to be absent.

My guess is that the page was created in Frontpage...

GuestBook on the Site

[magnetx]

They put that up there so all you would make total idiots of yourselves. Read them, you *nix guys are making idiots of yourselves by the immature posts.

Re:GuestBook on the Site

Wow... The second I saw that I thought the same thing. They look like 13 year olds. Sure MS might suck sometimes but look how well this plan has worked so far...

Re:Broken guestbook

I assume they do this so people can't manipulate the SQL commands and do something bad. They probably use something like

SELECT * FROM TABLE WHERE ID='1';

so if they didn't remove all 's then you stick another command after the select statement (don't remember the SQL commands well anymore). Shouldn't be hard to bypass it though (I think there were articles on BugTraq about this a while back?)

Hmmmm....

As anybody going to try to *crack* the machine, or just sit around and whine about javascript? If MS is such a piece of crap, go ahead and crack their server.

Re:Hmmmm....

[gimpboy]

did you read what was said? port 80 is the only availabe port to crack on...


imagine this... i make houses and i say that my latest model is the most secure house on the market (tinshanty2000)... so i tell you to try to
break into it... i give you rules to follow... ie i give you a tooth pick and a dull tack. then i take you to the house to break into it... when you get there you see a house with on door on top that is composed of concrete walls 15 feet thick. and i say ok break into it... (oh yeah the door on top can only be reached by transporter from startrek...


and you ask why they break into the site... you are a moron.

Re:software firewalling??

[paul.dunne]

Looks like it:
dunne:# nmap -sS -O -v www.windows2000test.com

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host (207.46.171.196) appears to be up ... good.
Initiating SYN half-open stealth scan against (207.46.171.196)
Adding TCP port 80 (state Firewalled).

Re:Lynx still reigns supreme.

yaaaaaahhh!!!
lynx rules the world. one day.. one day....

A dreadful way to "prove" security

[davew]

Gene Spafford (co-author of the O'Reilly book on security, many seminal papers on Computer security, and minder of such tools as Tripwire - the man knows what he's talking about) had this to say some years ago on security challenges:

http://www.netsys.com/fire walls/firewalls-9511/0743.html

He lists so many good reasons (eight) to distrust this sort of challenge that it is difficult to summarise the message here. Best to click and read it yourself.

The point goes for every package where the author tries to "prove" security in this way - be it Sidewinder, Qmail or Microsoft. In many cases, the only result is to damage security by giving miscreants some "free time" to try and crack the system, for free, without fear of punishment.

Tiger teams have their place in a properly designed, properly managed security audit. Using unpaid tiger teams as the principal means is useless and dangerous. Will Microsoft move to assure its customers that this is simply a small part of a large, thorough security audit?

Dave

--

Re:A dreadful way to "prove" security

[Otterley]

While I completely agree with the above reference, I disagree that qmail belongs in the same class as Sidewinder or any Microsoft product. qmail is an open-source program--therefore it can be audited in an open-box fashion as Mr. Spafford claims is best.

Just wanted to clarify.

Re:Anti-Microsoft for no good reason?

Well said

Re:Anti-Microsoft for no good reason?

But will they acknowledge our help?

I'm surrounded by hypocrites.

[Wonko42]

You'd think, given the general nature of Linux development and the open-source community as a whole, that Slashdot readers would be open to this rather intriguing challenge. But, instead of praising Microsoft for "putting their code where their mouth is," so to speak, the general response to this (judging from Slashdot comments) seems to be "I don't want to crack Microsoft's site because I can't read it and they won't pay me. And besides, if I do crack it, Windows will get better as a result, and that's scary!"

Do you get paid to find and report holes in Linux? Huh? Unless you work for a company that sells their own distribution and therefore it's your actual job, then no, the majority of you don't. So just what is the source of this stuck-up, arrogant, anti-Microsoft attitude? So what if Netscape won't read the page? I'd think that would be Netscape's fault, but no, you insist that the blame is to be placed on Microsoft. My Microsoft web browser doesn't choke on Javascript. Netscape's browser does. Netscape is the obvious problem here.

The open-source community has been calling for Microsoft to do something like this for a long time now. Microsoft is begging for you guys to show them what you're talking about when you say "Windoze sux". If Windows sucks so much, it shouldn't be any trouble to knock out that IIS box, should it? Huh? Then why are you wasting time complaining? Get over there and kill that sucker! And while you're at it, if you want an even easier challenge, you're more than welcome to try and kill my own Windows 2000 beta 3 web server. I haven't optimized it for security, because I don't see any need to. It's on a tiny pipe, and it'd probably be a snap to wipe that sucker out. Go for it! Go kill http://wonko.com/ and then let me know about it! Tell me how lame my system was and how easy it was for you to crack it. Go on! I dare you. :)

--
Wonko the Sane

Re:I'm surrounded by hypocrites.

I don't know why I am responding to such flame bait, as no one else with half a brain will probably read this in the first place, but anyway...

instead of praising Microsoft for 'putting their code where their mouth is,' so to speak
...
The open-source community has been calling for Microsoft to do something like this for a long time now.

Please show me where I can download the source code for W2K for free.

Do you get paid to find and report holes in Linux?

Not monetarily, but you get rewarded in the long run with a stable and secure system. Also, since the source is free in the first place, you can think of finding/reporting a bug as your "payment" for the source code (we aren't all a bunch of freeloaders you know).

So just what is the source of this stuck-up, arrogant, anti-Microsoft attitude?

We are tired of MS on the one hand trying to discredit the open source movement and then on the other hand trying to take advantage of the benefits of open source for their own profit.

Microsoft is begging for you guys to show them what you're talking about when you say 'Windoze sux'.

I doubt that this is really the intention of this contest. Besides, showing that you can compromise IIS does not really prove that 'Windoze sux', yet I believe that MS will try to use this as proof that Windows does not suck.

There are far many more examples/reasons why Windows is inferior to Linux/Unix.

Re:I'm surrounded by hypocrites.

>My Microsoft web browser doesn't choke on Javascript. Netscape's browser does.
Netscape is the obvious problem here.

___

Sorry. I have a little problem with that statement. It just shows that the people who designed the site didn't bother to test the site w/ different browsers (that is, competing product). I mean, MS employees could have purposely broke it for netscape. Previous versions of IE actually had code in them to claim that a server is down if domain was netscape.com. Would that be netscape's fault?

Re:I'm surrounded by hypocrites.

[MrEd]

The points I'd like to bring up are pretty much what this comment says.

My main argument is with your "Netscape won't read the page, Netscape's at fault" statement. Netscape is at fault??? Then how come there are hundreds of thousands of pages, many of them more complicated in purpose and visual design than the Win2K test box's, which work perfectly fine with all browsers?? Microsoft is deliberately (or through incompetence) forcing users to use their web browser to see the page.

Re:I'm surrounded by hypocrites.

The comments of the loud and immature do not speak for everyone. A post on any site does not speak for the site itself. Need a few more qualifiers in you blanket statements.

Re:I'm surrounded by hypocrites.

[quonsar]

Interesting to me that there are actually people here who are surprised at this incompatibility! Do you think people are joking when they tell you that, as far as MS is concerned, there is no html, no javascript, but theirs? Did you find the remark by the MS webmaster that "the site isn't supposed to work with Netscape" arrogant? Why? That is the reality those people live in - there is no Netscape, there is no HTML, no javascript, those have been embraced, extended, and extinguished! Now there is simply web integration, brought to you by MS. People who use Netscape are not following the company line. They are not important, and eventually anyone using anything but MS stuff will simply not matter. Now, I'm saying that is THEIR reality, not mine! It just surprised me that there were people who were surprised by the Netscape problems. In their world, nobody uses Netscape! Why would they code for it?

Re:I'm surrounded by hypocrites.

[esh]

Preventing unauthorized access from the network is only part of securing a system. Moreover, since W2K is mostly new code it is indeed unlikely that a black box test will uncover a large fraction of the bugs that certainly exist. It is a good move of Microsoft and there will certainly be plenty of people trying to break into the machine. However, it may give a false sense of security, and given Microsoft's track record, they are planning to fall for it.

There is a clear difference in asking the public to do a free (gratis) beta test and opening up the code for public scrutiny. Those of us who have followed the Unix history for long enough know, that as system administrators we have been giving the Unix vendors as hard a time as Microsoft when they were withholding necessary information. That is why BSD and Linux are so highly regarded among the professionals. And that is why they are among the most secure operating systems around.

LinuxPPC asked crack this machine!

[jcarr]

Ok. Here is a stock LinuxPPC 1999 Installed machine: crack.linuxppc.org (aka micrsoft.is.lame.linuxppc.org)
It's running apache only. If no one gets in for awhile, we will start adding services( sendmail is first)
(You might have to wait for DNS to update in an hour - the IP is 169.207.154.108

I think I broke it.

[Sagev]

Hrm. I believe I may have broken it. The first thing I tried was to try and cause a buffer overflow. telnet windows2000test.com
Connected...
GET /home/home/home/home/home/home/home/home/home/home /home/home/home/home/home/home/home/home /home/home/home/home/home/home/home/home/home[.... ]

I didn't count the number of /home's I sent, but it eventually puked a bit on me, and disconnected me without saying much. After that, my connections were refused as if I'd broken the IIS. Ooops. :)
Still, it didn't give me any access, which is pretty decent, I suppose. The other possibility is that it blocks IPs for silly requests, which means there are some arbitrary limits on requests from an IIS. As far as I know, you can do the above to apache, and it just dumps a 404 page...

FIXME: I am a braindead moderator

Sorry for that 'Offtopic' setting. Stupid browser saved the form contents when I pressed 'Back'.

Would a *real* moderator please fix my stupid mistake?

Please excuse my stupidity.

Re:FIXME: I am a braindead moderator

[Dwonis]

You also didn't know that posting a message as yourself instead of an AC would have caused your moderations to be removed.

Now you do.
--------
"I already have all the latest software."

Re:A ploy to get crackers to use IE4-5!!!

i used opera 3.60 + java plugin to go there, seems to work fine...

Hilites from the hacked page source

[Kerg]

For those who don't want to be bothered to download MSIE...

Hahaha! I love the auto-load of www.redhat.com.
I used to like MS DOS, and you had to go mess it
up with this bulky bloatware called windows.
win2000 needs /dev device management. Youre
registry editor SUCKS! Whats with all the HEX
strings/keys? Cant you use english? I dunno
where to even start messing with that.

...

Is there a problem with Chardonnay That used to
get beeped by spell checkers a lot.?

...

Nice IE only site. Like anyone who interested in
bustn in would use a machine that could run ie
:-). YOu guysll probably put this little site up
for a week then claim its hack proof. Good luck
post-release.

...

Would someone please
crash this [beep] server already so that I can get
back to work...

...

And you cant even say S C R A P!

MS filtering at its finest :)

...

For what its worth, the site works just fine with Opera; if not with Netscape! And Kudos to whoever put the freebsd link in the guest book!

---ZahrGnosis

...




linux!
linux!
linux!


...

Is there a problem with [beep]?

...

No - we cracked the admins - not the OS :)

...

do[beep]ent.location=http://linux.org/

...

http-equiv=refresh
content=0;url=http://www.freebsd.org

...

Im having javascript errors running ie 4.02
(sp2) on nt4.5. does html work on this
window.location=http://www.microsoft.com

...

META HTTP-EQUIV=refresh CONTENT=1;
URL=http://www.menonthenet.com/

...

Maybe MS should have thought a bit more before
taking to doing something of this calibre...

S[beep] windows and start again at DOS. MSs only
stable OS...

...

It's just too funny! :)

It doesn't work with Netscape!

[weave]

What good is that windows2000test site? I simply tried viewing it with Netscape, got a javascript error, and the page was unreadable.

First impression (from a user viewpoint): Looks like IIS on w2k is a piece of shit. Guess you just have to upgrade to w2k client with IE5 to access an w2k IIS site! flock() the rest of the non-Microsoft world I guess...

Re:It doesn't work with Netscape!

Too bad the fact that it doesn't display in netscape has nothing to do with its running w2k or IIS.

Re:Are you anti-crappy software, or anti-Microsoft

[grandfenwick]

>Just for giggles, imagine that Microsoft were in
>the same position it is now. Now let's also
>imagine that the whole line of Windows OS's were
>the most secure, easiest to use, and
>best there was. Would you hate them as much?

No, but to paraphrase the great Willy Wonka, let's imagine that my beard is made of spinach and the moon is made of green cheese. That ain't gonna happen any time soon either.

>My feeling is that MS has finally seen that it's customers /want/ a stable, fast, and secure OS.

If this is true, this is wonderful news. But it's pretty clear (to me, at least) that a silly PR stunt like this is not the way to do it. What will happen if nobody can crack this box? All that will prove is that nobody chose to notify Microsoft of any vulnerabilities found in a Windows 2000 system running no services other than IIS 4.0 on port 80. Ideally, this box should have absolutely EVERY SERVICE available in W2000 running: after all, if the goal really is to test W2000 security, shouldn't all aspects of the operating system be examined? And that doesn't even begin to cover the issue raised above: if a vulnerability is found, and nobody reports it to Microsoft, does it make a sound? Or does it just lurk about until Back Orifice 2001 or something like it comes out next year?

As it stands now, this is simply standard operating procedure for Microsoft. It's a biased test, designed to give deceptive, free PR for the mothership. Sound familiar?

this is stupid

[Aenosi]

instead of taking down that machine, we should
take down the machines that have sniffers and other odd network watching programs that they have
logging there happy little piece of crap. then
see how they respond.

Is it a bonafide Microsoft site?

Has anyone guaranteed that this is a site that is setup by Microsoft and not by someone else? If so, how did you make sure?

Re:Is it a bonafide Microsoft site?

[technos]

We will all find out if/when Microsoft tries a lawsuit over copyright infringement..

Re:Is it a bonafide Microsoft site?

The whois info says it is MS.

Correction...

[Sagev]

Drat it all.... I meant for that to say 'telnet windows2000test.com 80'.

Ah well, I'm sure you could have figured it out.

don't tell...

this is exactly what microsoft wants; free beta testers. they grind out bad code in record time, and then ask people to spend their own time to find bugs.

people also gladly pay money for beta quality code. this is not good. microsoft is taking advantage of people too much. i think people who find bugs at this site should not report them to microsoft. only wait until after the product is released, and then try it out on microsoft's own servers.

Re:It is already borked.

[Dark+Fire]

www.windows2000test.com system configuration:

PIII 450 (remember the 386dx/40 min. for win95 ;)
512mb of ram (min. req. to run of course)
15" Monitor
56k modem + ISP service
cheap vga video card
40gb scsiIII hard drive (20gb for min install)

probably material stored on server:

(1) stupid home page
(2) bmp scanned images of documentation of all previous operating systems from dos 1.0 to win 3.1x.
(3) notepad document saying that you have successfully located a problem in win2000 if you are reading this message...

M$ = $$$ (for more staff & admins)

2 staff/admins per mainframe
3 staff/admins per NT server + good technical support contract ;)

Well, enought Bill bashing...later.

Re:Smart move for Microsoft

[IIH]

Couple of points, some exploits don't work against a debug build system, that do in release mode - ever tried to track down a bug that was unreproducable when built in debug?

For another off the wall point, what if this is not actually running w2k, but Linux, and MS use the Anti-Ms brigade, to poke hole in Linux's default security?

One of the rules of engagement is that you have to tell them how you did it, but it doesn't give a time limit on when you have to tell them.


--

Re:Comparison with Apple Contest

[nascent]

I disagree. It's always better to acknowledge your flaws to show you're not blind. Even if you only claim that you're working on them, it better than saying you don't see them.

Finding a bug or hole BEFORE the product is out is bad, but not nearly as bad as finding it while people are actually using it. At least this shows that they're making an effort at finding them (and allowing others) BEFORE they release another piece of buggy crap.

Re:Anti-Microsoft for no good reason?

[Rontudju]

You're right dude !

Re:They're asking the Internet to debug for them !

[ThePlague]

No, it improves a product that many of us will have to deal with, for good or ill. The idea is peer review, correct? Granted, MS is asking for black-box (i.e. not giving access to code) peer review, but it is still a request in tune with the ideals often espoused in this forum. But I guess since MS does it, it's evil by definition. How hypocritical.

Re:Anti-Microsoft for no good reason?

[rlm]

They'd probably acknowledge "the Internet community", but it doesn't really matter because we would know exactly who helped them fix their little program. I think that this is a good chance to show that we rally not behind a particular piece of software, but rather the concept of "good software". I mean, honestly, if W2K (or any software package) can be made better by the efforts of those who know how to make it better, then isn't it worth it?

ah. here's the problem..

[option8]

as you all have noted, there is a javascript error on the site. sigh. that's microsoft's QA for you..

while i'm no javascript hack, it probably doesn't help that the same function is defined in two separate instances, one in the header, in a 'jscript', the other in the body in 'javascript'.

that and there's no browser version filtering...

Are you anti-crappy software, or anti-Microsoft?

[BNL+Psycho]

Just for giggles, imagine that Microsoft were in the same position it is now. Now let's also imagine that the whole line of Windows OS's were the most secure, easiest to use, and best there was. Would you hate them as much?

My feeling is that MS has finally seen that it's customers /want/ a stable, fast, and secure OS. Why else would *nix be taking off so fast? If they were so good, they wouldn't have to worry about losing market share.

I don't like MS either, but what I dislike is the way they shove thier mediocre OS down our throats. If thier OS was sleek, stable and secure, then that would be a great thing.

Wouldn't it?

I'm a big beleiver in the right tool for the right job. That's why I use a Mac at home, all I do is surf, design web sites and watch TV. Windows is too clumsy for me, and there is no Freehand/Illustrator equivalent on Linux that can output to industry standards. Linux is fun, and I'm learing a /lot/ about how all this works, and what goes on behind the scenes, but it's just too much to deal with for me when I only have a couple of minutes to check my mail and slashdot :) (for now anyway)

-------------------------------------

Re:Anti-Microsoft for no good reason?

[Steve+Stock]

Microsoft's initial actions of putting a machine out there and letting people try to break it does fit with more open concepts like many minds make short work of finding bugs (to paraphrase ESR). But I don't think this is the main reason for the reaction you're seeing. I believe that most people here (especially here :-) just don't trust Microsoft's actions after this test. Are they likely to admit there was a problem? Maybe, maybe not. Certainly not if it was a major problem.

Why do I think this? Because Microsoft has a history of leaving out anything but the most rosy details about themselves or their products. While they may have changed attitudes suddenly, I won't believe it until I see it. To view this differently, Linus, from the start, worked honestly with other people, he has a history that I (and many others) consider to be forthright, Microsoft doesn't.

What might help change my mind? Well, if Microsoft published details about any (and all) successful attacks (or unsuccessful attacks that reveal problems), and in addition explained what part of w2k didn't work or didn't hold up, or was just broken. They would have to continue and detail how they planned on correcting the problem(s) or finding a better solution(s) so when w2k is finally released end-users really have benefited.

Re:Step into reality

[smkndrkn]

Who cares? I'm NOT from microsoft and I don't care for the company but he is right. Where I work I'm forced to use some NT servers because of the software we have to run on them. I for one would like to see the newest copy of NT Server a LOT more secure...whether I like the company or not. Will I love M$ with a more secure product...nope...it costs WAY too much and support is a joke and they still have to make the damn thing run for more than 7 days without crashing or doing weird shit but will I sleep a little better knowing that the product I DO have to use is a little more secure..hells yeah!

Already getting messed up!

Go to the comments and you will be sent to the
FreeBSD site...Cant complain now can you!

also got thrown to slashdot!!!

But you have to praise the Marketer who came up with this one. And where does i say that they will let the PUBLIC know who was able to do what ?

Great set up a thousand boxes that keep going down. try to fix things and claim there was never a problem!!! Hmm... maybe they have MINDCRAFT helping them with their stratergy!

Re:What an ugly site

[Kerg]

Or maybe somebody already cracked it, and they can't figure out how to fix it?!

HA!

Re:Hypocrite!!

[mdillon]

i hate MS because they're trying to cash in on anger. they know that people hate microsoft enough to want to take down their site and they want to use that to their advantage to get free auditing.

what use is this auditing to them? it will help them improve their products so that they can make more profit from uninformed consumers. it will not benefit the *users* of ms software to have to keep on paying microsoft to produce crap.

they expect free debugging in exchange for nothing. with free software, the time devoted to debugging bears returns many times over in continued evolution of something that noone can ever coerce you into paying for "upgrades" to.

The site has it's own DOS.

[Colin+Smith]

The reason the aren't counting Denial Of Service is that the site has it's own built in Denial Of Service for all Netscape and IE4- users.
God, what a bunch of twats.

Win2k Crack

[generic]

mail w2000its@microsoft.com with bo2k attached. Maybe the backwards compatible stuff will bite them in the arse. =)

Step into reality

[gatech]

Some of the comments about this challenge have really amazed me. People have said that we should not try to crack the server because of a lot of different reasons, but they have all been selfish.

For instance:
1)why should anyone want to help micro$oft audit the security of win2k? wait till we can get a copy of it, then we'll start looking for security holes.

2)why should anyone want to help micro$oft audit the security of win2k? wait till we can get a copy of it, then we'll start looking for security holes.

3)Maybe the crackers should avoid the site, or break it and NEVER tell Microsoft how they did it. We certainly do not want to help improve products of particular company.

What is it with you guys? You constantly complain about how unsecure Windows is and how much better Linux is. Then Microsoft gives you a chance to show them some of these security problems that Windows has and you say "Wait, don't help Microsoft then they might have a better product!!" Are you afraid that by showing them some of their security holes that Windows 2000 might actually, heaven forbid, be a good product and make Linux work keep its edge?

From most of the posts I read it seemed that people were afraid that they might actually help Microsoft release of good product and I don't understand how you can see the release of a more secure and better product as a bad thing regardless of who makes it.

Rich

Re:Step into reality

are you from microsoft?

Re:Step into reality

[gatech]

No I am not an employee of Microsoft. I am a CS student and a programmer\sys. admin assistant at a company in Atlanta.

But then does it really matter what company I work for? The point is that as a programmer you should work to help people release good code, not avoid helping someone just because you don't like their previous products.

That is only narrow minded and immature.

Rich

Re:Step into reality

[esh]

The (relevant) critique can be considered a reality check for Microsoft and anyone else running a "cracking contest".

Break-in scripts/recipes are designed and security holes fixed by looking at the code and protocols/specifications. E.g., take buffer overruns. Functions like gets in the C library are infamous for the security problems they create. So you can specifically search for those holes. Or take the crashme tests. They work because of the specification that no user process shall be able to take down any system task, let alone the kernel.

crashme type testing is incidentially the most promising type of attack for a new OS like W2K and Microsoft specifically rules out DoS types of attacks. Granted, there are good reasons to rule out DoS, but this only means, that a black box test like this one is rather pointless. Asking the public to crack a setup with entirely open source components on the other hand is more promising.

If any problem is found, so much better for all of us. But it won't improve the system very much and should not be mistaken for improved security.

Re:hehehe gotta love redirects

Nope, you're right. All the work is being done on the client side.

felon registration

[dark3r]

Sure..crack MS' machine and brag about your exploit to them. Sounds like commiting a felony, helping Microsoft out, and getting your own little file at the FBI all at the same time. The only reason I think anyone would attempt to hack it would be to completely "destroy" it, skipping the email brag of course.

If it smells like entrapment and looks like entrapment; then it probably is entrapment.

MS Uses Slashdot's hatred of MS for its own gain

I mean, this is like free testing for them. I agree with a previous poster, let them test their own shit. This is not a real-world situation, with people manning the computer 24/7.

What is it supposed to do?

[pb]

Are there any ports open besides port 80?

And why does queso identify it as a Cisco/HP/Baystack switch?

It says it's running IIS 5.0, now that I'll believe.

Re:What is it supposed to do?

[dangermouse]

And why does queso identify it as a Cisco/HP/Baystack switch?

Because QueSO is a big ball of snot. Adding TCP options checking (Fyodor's big contribution to fingerprinting) makes nmap a much better fingerprinter.

Re:What is it supposed to do?

[knarf]

> And why does queso identify it as Cisco/HP/Baystack switch?

Older versions of Queso mistook some Windows flavours for Cisco equipment. The tcp/ip stack in W-NT 2000 beta whatnot is probably another `victim' of this Queso misstep. Look for a newer version of Queso to correct these problems...

Cheers//Frank

What if they have more than one server there?

If they used IP round-robin or server clustering, a Windows 2000 server could crash but we would know. From the outside, the site windows2000test.com would look alive, but backstage the NT developers are frantically debugging BSODs..

Re:They're asking the Internet to debug for them !

[Megaweapon]

It is impractical for people to assist MS test their proprietary software if they have no say in how it is designed in the first place. This is not full peer-review, just a knock-around test. Peer review implies that you have a say in the design of the software. Do you actually think that you are going to get microsoft to *not* require IE4 or IE5 to install their web *server* (it is required, BTW).

Simply put, I don't care if you have to deal with IIS. If you want to assist them, go ahead and give your time to them (and later, your money). I choose not to help them because I get nothing in return, and microsoft contributes nothing to the open source community/philosophy. The cost (my time) far outweighs the benefit (Bill Gate's pocketbook).

Crackers

[Synic]

Microsoft is a bunch of racists now??!
(that's supposed to be amusing)

I hate the term "Cracker". it sounds like you're calling some person "whitey". :)

Re:Crackers

[Syslevel]

No, it's people like ESR who are insisting that we use the term 'cracker.'

Re:Crackers

[Q*bert]

Funny, I like it for the same reason. (Then again, I don't take race very seriously. It's hard to get all worked up over a few phenotypic traits. If you ask me--or any geneticist--the whole idea of race is a gross misnomer.)

Anyway, I like using the term "cracker" because it gives you lots of opportunities to imitate Chef while deriding script kiddies.

***********************
* This system is for authorized use only!
***********************
* How're my little crackers today?
***********************

Beer recipe: free! #Source
Cold pints: $2 #Product

It works with Mozilla - so netscape4 is at fault

I have a mozilla snapshot from Jul 26th, and the site displays fine, it even displays quickly. So the problem is with netscape, not with microsoft.

Go crack that site :)

Already hacked!!!

Someone already has fubar'd them - go to the guestbook - it will automagically reroute you to www.redhat.com!!! hahahahahaha

Re:l0pht...

Real-world security is not based on an MS-tuned, heavily scrutinized box like that. I'm sure MS has a 24-hour manned packet analyzer on it. At least. Why show MS the tricks of the trade?

Because most idiotic crackers claim they just want to help secure sites, and that they just crack for learning more about technology. If this is true, then with this site, it would make absolutly no sense to attack another one, would it ?

Real-world security is based on how easy it is for Admins to screw up the configuration. Or unwittingly add back doors (such as by installing Front Page Server Extensions).

This is not true. The most dangerous security holes are problems in the server software, because the sysadmin can't do anything about it (except hope to learn about it before crackers, disable software and later work around bugs).

If a bug is publicizied while the sysadmin is sleeping then he has no defense.

Re:Refresh hack

[Is0t0pe]

Actually, I did (but I had it refresh to the
same page)...

Someone else was slick enough to use javascript's
"location.replace" function to ship us to
debian I think... almost like you were never there. :)

But then they changed the code to check for "" ... :(

Re:Someone broke it (hehe)

[sinnergy]

That's not a hack, that's someone's rather childish attempt at inserting meta fresh tags inside their comment. Granted, MS should have filtered it out, but still. Lame lame lame lame. Can't you people do better than that?

However, I do think the content censorship is cute. ;)

Re:Don't bother

[Virtual_Raider]

I think that "don't help them because they're crap anyway" line of tought is one of the best ways to keep them being crappy.

I agree M$ IS an arrogant monopoy, and most of the time they market products aimed at a public for whose opinions they dont give a Mexican 5 cents coin (and being Mexican I know exactly how cheap that is!).

BUT if we people don't like their products because they suck, and given the oportunity to have them improved we don't take it, methinks we are giving up on our right to complain about how bad that garbage is.

Yeah, they might not credit you. They won't even admit there was a problem at all. But if they fix it, and it is not there in the final release, the world will be a little bit closer to being A Better Place (tm).

End_Of_Rant
- Raider of the lost Code

"Rules of Engagement"?? WTF?

[jabber]

You are free to break our system provided that:

0) You don't do anything unexpected.
1) You don't use a valid account to get in.
2) You only use ports 19, 24, 88 and 666.
3) You only use Microsoft products to do it.
4) You don't tell anyone.
5) You tell us (see rule #4)

Are they kidding?? The first thing a hacker/cracker would do is something unorthodox. Where do they get off thinking that you can test the security of a system by imposing rules of engagement.

That's what you get when you let your lawyers dictate procedure to your techies.

Re:Don't bother

[HarryTuttle]

It's a cunning plan to divert peoples' effort from improving Linux to improving Windoze.

This makes me sick.

[namgorf]

[rant]
I'm no huge fan of microsoft, but despite they're having coded the page JUST for IE, I don't think they deserve all the shit you slashdoters are giving them. So what if they're a big rich company that produces not-so-great software, is that incentive to act childish and call names? Why don't we just show them that *nix is better? Why sit and whine and complain when you can just stand up and prove that windows 2k is an inferior OS. I mean they're giving us the chance to show 'em what's wrong before they release it. Maybe this (rather than name calling) will prompt them to make windoez2k better. 'Cause I know most of you care, whether you use windows at home or not is irrelevant because most of you probably have to use it at work, wouldn't it be nice if it was decent this time 'round?
[/rant]

More importantly, they want the benefits. . .

[Salgak1]

. . . .of an "open source" -type solution, by having thousands of talented hackers hit the site, without the open-source responsibility of releasing source code and handing out the software for free.
This one is a new low for Microsoft hypocrisy. . .

No Kidding!

[powerlord]

This is part of the disclaimer from Microsoft's Copyright page, a link to which is included on the bottom of all MS web pages, including the test sites. Considering how broken the pages are (with JavaScript or NetScape) I guess when they say they arent kidding (emphesis added by me):

MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO
REPRESENTATIONS ABOUT THE SUITABILITY OF THE
INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED
GRAPHICS PUBLISHED ON THIS SERVER FOR ANY PURPOSE. ALL
SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS
IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS
RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND
CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING
ALL IMPLIED WARRANTIES AND CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE
AND NON-INFRINGEMENT. IN NO EVENT SHALL MICROSOFT
AND/OR ITS RESPECTIVE SUPPLIERS BE LIABLE FOR ANY
SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
IN CONNECTION WITH THE USE OR PERFORMANCE OF
INFORMATION AVAILABLE FROM THIS SERVER.

THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS
SERVER COULD INCLUDE TECHNICAL INACCURACIES OR
TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED
TO THE INFORMATION HEREIN. MICROSOFT AND/OR ITS
RESPECTIVE SUPPLIERS MAY MAKE IMPROVEMENTS AND/OR
CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S)
DESCRIBED HEREIN AT ANY TIME.

Javascript error "Windows is not defined" (!)

[Sun+Tzu]

Running Netscape from my Solaris 7 Sun 10, that is what I get. It turns out to be an error. And I thought it was a congratulatory message! ;)

Why would they do that?

Microsoft sucks, we all know that, and they're evil. But come on, why would they do that?

First off, there are many ways to detect if a machine is running Linux. Granted, they could change a few things, but then they'd likely break most all 'bugs' discovered.

Its relatively easy to setup a system which is statically configured and running limited services to be secure. Its another thing entirely building a production ready system, that can be installed and configured by Joe Idiot, and still be reasonably secure.

Re:Don't bother

All you are doing is allowing them to test their software using your efforts. Don't waste your time.

But please tell me, what else are the crackers and script kiddies doing ? At least they would be useful.

nmap scan

[gsaraber]

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host (207.46.171.196) appears to be up ... good.
Initiating SYN half-open stealth scan against (207.46.171.196)
Adding TCP port 80 (state Open).
The SYN scan took 1880 seconds to scan 1483 ports.
For OSScan assuming that port 80 is open and port 39912 is closed and neither are firewalled
For OSScan assuming that port 80 is open and port 36557 is closed and neither are firewalled
For OSScan assuming that port 80 is open and port 32409 is closed and neither are firewalled
Interesting ports on (207.46.171.196):
(Not showing ports in state: filtered)
Port State Protocol Service
80 open tcp http
88 unfiltered tcp kerberos-sec

TCP Sequence Prediction: Class=random positive increments
Difficulty=68381 (Worthy challenge)

Sequence numbers: CAF8E4C CB704F6 CB9BBB5 CC21F3F CAF8E4C CB704F6
No OS matches for host (see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=RI%gcd=1%SI=D834)
TSeq(Class=RI%gcd=1%SI=12B4B)
TSeq(Class=RI%gcd=5%SI=10B1D)
T1(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNN T)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=MNWNN T)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)


Nmap run completed -- 1 IP address (1 host up) scanned in 2011 seconds

Re:Identifying Criminals?

[Dwonis]

It wouldn't stand up in any court.
--------
"I already have all the latest software."

Why Bother?

I put it to you, fellow citizens, why test Windows software for them? Why not put that effort into developing Linux? It seems awfully silly to help debug a product that stands to be made obsolete by the collective efforts of the Linux community's teamwork.

microsoft.com is also using NT5 Beta. crack it!!

Hit 'em where it hurts!

http://www.netcraft.com/whats /?host=www.microsoft.com


oops.. microsoft.com appears to no longer be using NT5 Beta. I swear that it was about two weeks ago. According to Netcraft, microsoft.com is now running "NT3 or Windows 95". Do you think Microsoft would revert from NT5 Beta to NT 3.51??

Ha! It's been cracked!

[Kerg]

Clicked on Guestbook and it redirected me to redhat.com :)

Re:Anti-Microsoft for no good reason?

[tgd]

The difference is that the results are being used for their corporate benefit and no one else's. They patch their system, you better believe they're not going to give me the sources for that patch.

They're just grandstanding and posturing, trying to prove that Windows 2000 is secure. Its win-win for them -- free high-level security testing (which unlike Beta testing, is something that is generally VERY expensive to contract out for), if it gets cracked, then they get an early warning and time to fix the problem, and if they don't their marketroids will have that nugged to get their paid-off "independant" columnists to write about.

All while people are wasting time to save Microsoft money developing a product that they're going to charge exorbanant licensing fees for.

Seems kind of stupid for anyone to waste their time on it. Get your own copy of Windows 2000, crack THAT, and post THAT exploit all over the net. That puts Microsoft in their place, and doesn't help them screw people over even more.

Another error message

[livewirevoodoo]

Any body getting this?
Logon failure: user not allowed to log on to this computer.
Is the site already fubar?

broke guestbook app?

Well, I think I broke thier guestbook app.. tried to submit a really long comment..



Request object error 'ASP 0107 : 80004005'

Stack Overflow

/comment.asp, line 192

The data being processed is over the allowed limit.

Collective DoS effort

I have this funny feeling that MOST of us were trying something the very moment it went down. Myself for instance, I was trying:

www.windows2000test.com:3400000000000000000

It'd be nice if M$ tells us what did it.

Error 500, Internal Server Error, rock on!!!

[Phroggy]

Logon failure: user not allowed to log on to this computer.

Anybody know who did it?

Packet filtering

[generic]

Hmm. looks like they have packet filtering in place, it looks like at the router. That is cheating.

Re:Share cracks with Slashdot before MS

[Serk]

While in theory this would be a nice thing to do, I'd be willing to bet my mother-in-law's life that there are MS people scouring Slashdot, as well as any other discussion-type site that their test has been posted on. Wouldn't do much good to give the details here and not send it to 'em, they'd still have the information almost as quickly.....

Re:Scroll Down

Begging the question is not to be used this way... Begging the question means that you premise states the conclusion you hope to draw...

Re:Lynx still reigns supreme.

[Bombcar]

Ctrl-U to delete all text in field, [Backspace] to delete a character Need we say more? JavJav MUST DIE!!!!!!!!!!!!!!!!!

Guest Book

Just went to like at the site. (With Internet Explorer.) The guest book page sent me to Red Hat. Microsoft isn't usually this helpful.

Re:Don't bother

[Azul]

Why should I spend my time helping to improve prpietary software that I have to pay for and I can't share with my friends nor even modify it?

If they want us to help them make their software suck less, they should give it to us. Helping them improve their software is just working for them, getting nothing in exchange.

I would rather spend my time fixing software that, in a practical sense belongs to me; software I can really use.

Expecting me to pay for their crappy software is silly. Expecting me to help them improve it is extremely ridicolous.

Alejo.

Already hacked

If you go to "Guest Book" page, you will be being transferred to redhat.com.

P.S. The site works fine with IE 5.0.

Netscape on the MS site

[niseilaT]

Has anyone noticed how incompatible it is? Running
Communicator 4.6 I got Javascript errors. It doesn't like Irix either. (Crashed netscape completely)

It makes you wounder how intentional this is

Re:Netscape on the MS site

Works fine in IE and M8. This is why so many of us hate Netscape 4.x

CRACK THE SWITCH!!!

OK!

The end of the traceroute reads...
21 100 ms 90 ms 90 ms 207.46.175.250
21 100 ms 111 ms 95 ms 207.46.171.196

with 171.196 being the web server, which is down.

http://207.46.175.250

THIS IS AN EXTREME NETWORKS SWITCH'S MANAGEMENT CONSOLE!!!

Crack it!

Learn routes to internal Msft networks!

GO GO GO!!!!!

It runs a propietary Unix like os, it is telnetable! Nice switches, all in all...

GO TO IT!

Why this is BS

[Ex+Machina]

Here's what is going to happen. 1) People will try to get into site unsuccessfully, aside from discovering a few neat weird ports and services open that they can do nothing with. Maybe someone will be able to crash it but constructing a successful buffer overflow would be impossible. 2) MS claims win2k is secure and releases it. 3) People, with access to a real machine find tons of holes. 4) Script Children own the win2k machines. If they want a real fight they should give out copies of win2k to l0pht and other skilled peoples.
xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]

Re:Why this is BS

[IntlHarvester]

Of course, what you say is true for any product, whether it's Linux/Apache or Windows 2000. Holes are going to be found that no one bothered to think of before. Linux servers were exploit city about a year ago, despite all the open sourcey stuff.

For example, a serious IIS 4.0 exploit (in 'Remote Data Services') was just found a few weeks ago. This is after the product being out for more than a year.

Also, I'm sure L0pht and others have Windows2000 betas. You can buy it mailorder, if MS hasn't sent it to your company.

--

Just break the machine

[battery841]

I am sick of everyone saying that they have cracked it and they added a refresh tag. Why don't they spend their time trying to bring down the machine instead of trying to break the guestbook!

If you can't take the heat...

[MageWyn]

Stay out of the kitchen! It looks like Microsoft has started limiting the amount of comments from each IP address. What's the matter? Can't take the /. effect?

hehehe gotta love redirects

[tweek]

Now its going to freebsd.org. Who's gonna be first to redirect to a porn site? ;) hahahaha

Re:hehehe gotta love redirects

[_vapor]

Couldn't this be done by submitting the redirect info as a post in the guestbook? I was able to send some of the site's own html back to it as a guestbook entry, and IE5 displayed it (in my case, it showed a little next button where my post would go). So it seems like you could have just sent some 'proper' html/javascript as a post and voila. Am I wrong?

Let's just ignore it

[Christopher+Whitt]

How about we spend our time helping debug apps that we like and are really useful to us, rather than volunteer once again as beta testers for M$?

There are hundreds and thousands of people out there who will give their time to Bill for free. I am not one of them.

Christopher

Oops

[drwiii]

I accidently redirected the guestbook to freebsd.org. Sorry, Bill. Really.

Re:Oops

[Sam+Ruby]

Cool!

<meta http-equiv=refresh content=0;url=http://www.freebsd.org>

Illegal?

Isn't it illegal to crack machines? I really thought it was... I mean, people have, like, been put into jail for doing the stuff M$ is asking us to do. So, like, aren't they going to get into trouble for inciting people to crack stuff? Are they encouraging illegal activity? Isn't that a bad thing?

Re:Illegal?

[fishbowl]

Are you absolutely sure? I wonder how that would
sound in court...

"Nope, they own the site. It's the same as you cracking your own site. They gave you permission, so it's
legal. "


"Nope, they own the crack. It's the same as you smoking your own crack. They gave you permission, so it's legal."

Well? Just because you give someone permission to
do something does not make it legal... It does not seem like a silly question to me.

Looking at it another way, I wonder if this opens them up to attacks on their other sites. I did not see 32 pages of legalese explaining what one
could and could not do, just some friendly "ground rules". Makes one wonder if they ran this by the
lawyers at all. Could somebody claim that they were trying to participate in this contest when they brought down microsoft.com accidentally?

Re:Illegal?

[remande]

While you cannot kill (or perhaps injure) a person just because you give them permission, you can abuse or take someone's property if they give you permission. If I put widgets in a box saying "Free sample", I can't have you arrested for "stealing" one. Indeed, there was one case where a car dealership put up a billboard in the shape of a coupon, saying to bring it in for a free car. Somebody dismantled the billboard and trucked the whole thing into the dealership. Not only could they not be sued or arrested for dismantling the billboard (it asked them to, thus implying permission), the courts ruled that the dealership owed them a car!

In the same way, this sort of B&E by permission is legit. This has been done by private "tiger teams" numerous times, in the private biz and the military. Microsoft has simply given B&E permission (to that one site) to the world, using the entier net.population as one honkin' huge tiger team.

Re:Illegal?

[Dwonis]

Nope, they own the site. It's the same as you cracking your own site. They gave you permission, so it's legal.
--------
"I already have all the latest software."

Re:WTF?

It's really weird since the site returns my pings and that is not a standard IIS error message as far as I know. I wish MS would do this more often...it's really fun.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

>Like it says - it's not behind a firewall which is the only defense to that type of DoS attack.

Well, one could flood it with http requests which WOULD get through a firewall. An indefensable DoS attack. And if you play with the source IP addresses, the software won't know they're all coming from the same location. Come to think about. I'm describing the /. effect!

> Duh.

Indeed!

fingerprint

[sonoffreak]

Look at a scan I ran:
------------------------------------------------ -
# Log of: nmap -sS -P0 -O -n -o microshaft -g 53 -v -v www.windows2000test.com
Interesting ports on (207.46.171.196):
(Not showing ports in state: filtered)
Port State Protocol Service
21 open tcp ftp
80 open tcp http
88 unfiltered tcp kerberos-sec

TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)

Sequence numbers: 60EB3CDB C9E8D1FC D6DF092B FF0F73D 37440C99 3845DCD7
Remote operating system guess: Linux 2.0.32-34
OS Fingerprint:
TSeq(Class=TR)
T1(Resp=Y%DF=N%W=3FE0%ACK=S++%Flags=BAS%Ops=ME)
T2(Resp=N)
T3(Resp=Y%DF=N%W=3FE0%ACK=S++%Flags=ASF%Ops=ME)
T4(Resp=N)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)
------------------------------------------------ --

OS=Linux 2.0.32-34???????

Why is Win2K's IP stack working like Linux 2.0.32's (an admitted weak point)? Or is this really a Win 2K box? You conspiracy theorists know what I'm talking about. I may just be stupid, but I thought it was interesting.

Re:Smart move for Microsoft

[eponymous+cohort]

Outcome 2 - we break it. they fix it. This would be a GOOD THING. The more secure a system is, the better. It doesn't conflict with our goal of Total World Domincation....it just gives people a viable choice

But Microsoft doesn't believe in choice, oh wait, yes they do, "Workstation or Server edition?"

A Stronger W2K means that MS will be in a stronger position to push their "Windows Everywhere" agenda

Would you like fries with that toast?

At 1:12 CST, IIS 5.0 said Logon failure: user not allowed to log on to this computer. Hmmm, what do think that means :)

3, 2, 1 ... c:\

[earlytime]

i can't imagine they expect their box to stay unhacked for more than a day. maybe they're just puttig it out there to see what kind of attacks the l33t hakorz are usinbg these days.
-earl

Would you like fries with that toast?

At 1:12 CST, IIS 5.0 said Logon failure: user not allowed to log on to this computer. Hmmm, what do you think that means :)

Re:They're asking the Internet to debug for them !

[LordDartan]

I know Microsoft is the big evil empire, but for them, this is something good. If they do in fact take the feed back seriously, and it gets worked into Win2k, it might make it a better product (though, in my opinion, still seriously lacking). No, it's not open source, but it is a step in the right direction. And I for one, am for anything that is going to make better software out there, whether it's from Microsoft, or Linux developers.

It's dead in the water..

[rGauntlet]

I have to agree with the guy earlier, it's down. If you do a 'whois windows2000test.com', and then use nslookup with the DNS servers to get it's IP.. It won't respond. No ping, no telnet, nothing.

It's toast..

Hello? Are YOU THERE???

Proprietory indeed.

1:The word is proprietary.
2:Netscape, in this case, is the proprietary one. If Netscape had properly honored true DHTML, and the W3C approved DOM, your browser wouldn't have flinched at that page.

Why don't you just change your SIG to:

"Long Live Netscape and all their proprietary standards"

Re:Hello? Are YOU THERE???

YES, proprietary! MS does NOT ahere to set standards. In this case though, it is not the standard nor correct way to program that piece of code. The coder is wrong and MS may work because it incorrectly misses the error!

You MS dweeb!

port 80 only

[hatless]

So if you run a server with only port 80 open, you can't exactly do much with it. I guess content gets onto it via, um, HTTP PUT or WebDAV. Or in a production situation you'd have two NICs in it.

Either way, this is only testing the security of IIS's URI parser and of the request parser on the ASP engine. Granted, that makes for a safe webserver from the outside, but it doesn't speak for all the things happening on that assumed second NIC, like DCOM, NetBIOS, connections to databases and transaction monitors, Active Directory, any code running behid real-world ASPs more complex than a guestbook, DNS, WINS, SNMP, and so forth.

You can do the same thing on any OS, with the same near-invincibility on port 80. But you haven't really addressed the real-world vulnerabilities of a machine that would have other services running and conectivity to other hosts on other ports and interfaces.

neener neener, you can't touch me...

[Uberdog]

doing a quick port scan of this box i discovered that nothings running on it!!. all it is is a win box running a web server that delivers 2 (broken) web pages. no other services are running on it...not smtp, ftp, pop3, nothing but a shoddy web server.

that's like me saying "there's a box sitting in my house running scorched earth on top of dos. it has a ppp connection that is xxx.xxx.xxx.xxx. i bet you can't break into it. ha! dos is secure!!!"

bullshit i tell you.

this is what'll happen: no one will be able to crack it because there's nothing to crack and micros~1 will spew forth endless marketing hype about how secure win2k is...then admins all over the world will install actual services on it and win2k boxen will be cracked like it's goin' outta style.

it's pathetic. they are creating false security in the eyes of potential users of their product.

one interesting thing of note:

$ telnet windows2000test.com 25
Trying 207.46.171.196...
telnet: Unable to connect to remote host: Network is unreachable

now exactly what is the definition of a firewall again?

- Uberdog

Re:Fixed?

Since it was client side only I don't see how it could be breaking the rules. The server was in no way hacked.

*sigh8 EXPLANATION: Login Failure

[cswiii]

uh, d00dz and kiddi3z, they announced this earlier...around 9:55 Pacific time, a message was posted regarding something to the effect of "because of the obscene nature of this board, it will be shut down in one hour".

You didn't take anything down.

Re:*sigh8 EXPLANATION: Login Failure

[CountZer0]

uh, d00dz and kiddi3z, they announced this earlier...around 9:55 Pacific time, a message was posted regarding something to the effect of "because of the obscene nature of this board, it will be shut down in one hour".

If that is true, it would only imply that the Message Board would be taken down. (Unless they are admitting that their whole website was obscene, unlikely...)

But the fact of the matter is, the box is down. No ping response, no nothing. Gone. Even if MS took the site down themselves (doubtful) this still makes them look bad. They posted a challange, then when things got a little messy, they shutdown and go home? I doubt that even MS is that stupid.

Most likely, someone found an overflow that actually did crash the box. Now it is offline so that MS can fix the bug. Once the bug is fixed, they will bring it back most likely. Of course, this approach will make it very hard for us to continue to break this site, if it is down all the time, I can't try attacks.

I think it is a very one sided, non-real world test anyway. Much like the Mindcraft benchmarks. (Who runs quad processor, quad nick servers? I dunno, probably the same people who run HTTP only servers.) I mean, no wonder it's down, they have to upload any web-site modifications via floppy! (Or I guess they could have a second nic connected to their internal LAN, but it's still non-realworld) How does this help test Windows 2000 security? It does not. It only tests IIS 5 security, and despite what Microsoft would like to claim, IIS 5 is NOT Windows 2000. It is a seperate product shipped in a distribution along with Windows 2000. (Much like Apache shipped with your favorite Linux distro)

To test Windows2000 security, do a default install. This is how 90% of the NT server admins will set this product up. So many NT server's are vulnerable to well known exploits due to the fact that the majority of NT "Administrators" can't do more than point and click Next> Next> Next>

How many NT sites still have the AdvWorks demo database installed? That thing is FULL of holes. Read BugTraq.

Anyway, until Microsoft puts a Win2k default install server up for evaluation, they are not even helping themselves test security. (Forget the arguments about weather we should help MS or not, this test doesn't let us help MS as it is anyway, so it's a moot point.)

-Steve

P.S.
As of 1:57pm CST www.windows2000test.com is still not answering pings or connections on Port 80. So I would say it is DOWN.

Re:*sigh8 EXPLANATION: Login Failure

You're supposed to be the granddaddy CdC uberhacker. Can't you tell a down router from a downed machine? Hard to connect to the host when the router is toast...

Wrong

port 88, kerberos auth service

Re:Smart move for Microsoft

[Leapfrog]

Looks like someone broke it. I keep getting this message:
Logon failure: user not allowed to log on to this computer.
It happens no matter what page I try to hit, even some really obvious 404's. I guess we really showed 'em. Or something. Didn't last very long, now did it?

HTML in guestbook

[pyryd]

Someone either put some HTML in the guestbook, or it's already been cracked... it redirects to freebsd.org!

Should be

[Dwonis]

$ whois windows2000test.com

Registrant:
Microsoft Corporation (WINDOWS2000TEST-DOM)
One Microsoft Way
Redmond, WA 98052
US

Domain Name: WINDOWS2000TEST.COM

ARIN: Whois - 207.46.171.196
Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)
One Microsoft Way
Redmond, WA 98052-6399
US

Netname: MICROSOFT-GLOBAL-NET
Netblock: 207.46.0.0 - 207.46.255.255

Coordinator:
Whipple, David (DW727-ARIN) dwhipple@MICROSOFT.COM
206-703-3876

Domain System inverse mapping provided by:

DNS4.CP.MSFT.NET 207.46.138.11
DNS4.CP.MSFT.NET 207.46.138.11

Record last updated on 04-May-99.
Database last updated on 2-Aug-99 16:17:08 EDT.

Bottom line: Microsoft owns the domain and the IP address, so they will get in trouble if the computer is not theirs.
--------
"I already have all the latest software."

Re:What an ugly site

[eponymous+cohort]

It's nice to know that these people don't have the brains to make their web pages compliant for all browsers

Why would they? This is MS, to them there is only one browser. When they released IE for Unix, they proclaimed, "Finally, a graphical alternative to lynx!"

Well - looks like someones done it

[entrippy]

At least in a sense ... I'd call the ability to pop a refresh statement in the guestbook a bug, at least. Easily shored up mind you, and hardly a feature that will bring the system down - but certainly handy for rendering the guestbook useless.

It's not the kind of thing I'd say they had in mind - but hey, it's a nice bit of lateral thinking, at least - and the rules do say 'change something you shouldn't be able to' ...

JS error

[howardjp]

Does it count that the website contains Javsscript that Netscape 4.61 cannot handle?

Almost every port filtered

[Brian+Ristuccia]

$ nmap www.windows2000test.com

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on www.windows2000test.com (207.46.171.196):
(Not showing ports in state: filtered)
Port State Protocol Service
80 open tcp http
88 unfiltered tcp kerberos-sec

Nmap run completed -- 1 IP address (1 host up) scanned in 678 seconds

Any access you gain to this machine will have to be via the web server. Perhaps there is Front-Page Extensions or CGI/ASP stuff that uses unchecked/untrusted values that can be exploited.

Doh! shes down hard now

[Kancer]

$ ping www.windows2000test.com
PING www.windows2000test.com (207.46.171.197): 56 data bytes

--- www.windows2000test.com ping statistics ---
14 packets transmitted, 0 packets received, 100% packet loss

Re:Doh! shes down hard now

[Chris+Brewer]

Netscape is unable to locate the server www.windows2000test.com.

Please check the server name and try again.

Re:Doh! shes down hard now

I can't resolve it... could someone have hacked the nameservers?

The IP is 207.46.171.196, which still works (http and ping).

back

it is back up with javascript failing on ie 4.01

hehe

She's a gonner

[Lantheaume]

I don't even get the logon error. I'm using IE5 @ work and this is the error I get;

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

after the "try this section" is this.

Cannot find server or DNS Error
Internet Explorer

Re:She's a gonner

[ZuG]

It's now 2:34 EST and the page is still down... wonder what's happening...

Maybe half the NT5 development team is racing to get the server back up after being slashdotted with a billion randomized attacks *grins*

I think it puked 12:40 pm CST

Its a gonner, looks like

Re:It's broken (!)

[Is0t0pe]

There are a few possibilities:

1) Someone cracked it and disable/removed the IIS_USR account (anonymous webuser)
2) Someone cracked it and changed the permissions of the site itself
3) Microsoft (out of fear of the /. effect) disabled anonymous access- so they could say that the machine was never cracked

Personally, the way they had it configured, I don't see how it could've been cracked. I doubt that there was even any trusted machines to tunnel through on that server's network.

So I vote for 3. Anyone else have any ideas?

I prefer "Corporate Piehole"

Describes their function better.

oops

[Squash]

Well, do I get to say "FIRST CRASHER" baybee.

Can't ping it, can't get it's web page, guess that exploit still hasn't been fixed.

Squash

She's a gonner

[Lantheaume]

I don't even get the logon error. I'm using IE5 @ work and this is the error I get;

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

after the "try this section" is this.

Cannot find server or DNS Error
Internet Explorer

Schneier supports Security Through Obscurity!

[konstant]

This is not flamebait. I want to hear why I'm wrong, but please don't flame me about it.

From the article referenced above...

Most contests don't disclose the algorithm. And since most cryptanalysts don't have the skills for reverse-engineering (I find it tedious and boring), they never bother analyzing the systems. This is why COMP128, CMEA, ORYX, the Firewire cipher, the DVD cipher, and the Netscape PRNG were all broken within months of their disclosure (despite the fact that some of them have been widely deployed for many years); once the algorithm is revealed, it's easy to see the flaw, but it might take years before someone bothers to reverse-engineer the algorithm and publish it. Contests don't help.

There you have it, in the man's own words. Bruce Schneier has unwittingly produced excellent evidence that security through obscurity keeps systems solid, but disclosure opens them to cracking 'within months'.

Looks like real-world experience suggests that if you know your algorithm is going to be shaky, keeping it in the dark is the wisest course of action.

Responses?

-konstant

Re:Schneier supports Security Through Obscurity!

Bruce Schneier has unwittingly produced excellent evidence that security through obscurity keeps systems solid, but disclosure opens them to cracking 'within months'.

Looks like real-world experience suggests that if you know your algorithm is going to be shaky, keeping it in the dark is the wisest course of action.

Er, no. If you've ever read anything else Schneier has written, you'd know that in most cases, STO doesn't work. He points out instances in the crypto world where a proprietary, locked-up crypto algorithm fails because it wasn't opened to testing. Crypto algorithms that are open to the community for testing tend to be much stronger because people don't have to waste time trying to reverse-engineer the product; they know how it works and look for cases in which it'll break.

I'll admit that this may not be true for OSes and NOSes, but having a large pool of people who know how your product works and are looking for ways to break it can only make it stronger. STO doesn't last.

Re:Schneier supports Security Through Obscurity!

Agreed. Security through obscurity doesn't work in theory, but in the real world, it often does. This is simply because the real world doesn't hang on the ease of breaking a code, but whether anyone tries. Perhaps this is why M$ thought they could pull this off ;)

Anyone remember the Navajo "code" trick that frustrated German crypto-breaking teams in WWII?
If security-through-obscurity didn't have some real-life applications, we might all be speaking German right now. Nicht dass alles dabei schlect waere...

Re:Schneier supports Security Through Obscurity!

On das utter Hand, if das Securitheit von Obscuritische had verked vell enough, die Ubermenschen vould not haff just "assumed" that das Englische Schweinhunden could never get access to die Enigma-Coden-Machinen.

Re:Schneier supports Security Through Obscurity!

[KMSelf]

There you have it, in the man's own words. Bruce Schneier has unwittingly produced excellent evidence that security through obscurity keeps systems solid, but disclosure opens them to cracking 'within months'.

Looks like real-world experience suggests that if you know your algorithm is going to be shaky, keeping it in the dark is the wisest course of action.

And likewise, there you have it. If you know your algorithm is shaky, you'd better count on obscurity for security, because once the hole is known, cracking becomes trivial. Far better to use a known, tested, and secure algorithm which is only known to fall to brute-strength attacks.

The fallacy of your argument is this false syllogism:

• Poor algorithms are secure only when obscure.
• Algorithm X is not obscure.
• Algorithm X is not secure.

There are in fact algorithms which are quite well known -- DES, Blowfish, Twofish, RC4 -- but which provide security (at least with a sufficiently large key length). Schneier's book will provide you with much more information on this topic.

Security through obscurity -- whether a weak encryption method, Navajo scouts, or invisible ink -- work when there is a strong time-sensitivity to data. "Cracking" front-line reports from WWII scouts after hours or days would be of little value. Cracking personal, business, or government secrets after months or decades could be a serious threat. Do you really want to trust such information to a flaky algorithm and a fragile ability to keep it unknown?

Stupid!

It amazes me how you people react to this Microsoft test. You sit and bitch and whine about how their security completely sucks. Then when they turn around and ask for help you say screw them, test it themselves. Microsoft is here to stay just as the unix flavors are. Why don't we make it a little more bug free, or are you people afraid you'll have no jobs if Microsoft stuff worked 100%?

Re:Stupid!

[_Splat]

Obviously you don't understand what we're here for. We don't like Microsoft's products not only because they are bug riddled filth that crash all the time, but because using them makes you feel like a moron. I don't need a 'wizard' to help set up my web server for me, thank you very much.... ./configure ; make ; make install ; apachectl start ... In addition to that, why would we help debug a product that we will still be forced to pay an exorbitant amount for when it is obviously inferior as a server OS.

/.

[warmi]

It is gone ... Either cracked or slashdotted...
Whatever it is - there is no response from the server.

Services

[toaster13]

Umm am i the only one that port scanned www.windows2000test.com and came up with NOTHING?
I think its easy to keep a server secure when it can't do anything!

Re:Anti-Microsoft 'cause no reason to support 'em

[poopie]

Yeah, it's a step in the right direction, but... they *assume* that the linux hacker community is interested in helping to secure Windows.

To a certain extent, the participation of the Opensource community is driven by intangibles, and that force hasn't been able to be successfully co-opted by any corporation yet. Look at some examples:

- Netscape fails to engage thousands of kernel hackers in redevolping their browser
- Redhat starts becoming a "brick and mortar" business, and the linux community starts to diss them and fight for disto agnosticism
- For every major corporate announcement of plans for a Linux port, there's an effort underway to develop a free replacement.

I don't think that many hackers are really interested in helping Micros~1 make better products -- since we don't use 'em, we don't promote 'em, and we stand to gain *NOTHING* by improving IIS 5.0 or Windows2001 - A Wasted Disk Space Odyssey.

There's no portable code being release for peer review. There's no public API. There's nothing of interest for the linux hacker other than saying, "look, I hacked another Windows box!"

freebsd.org??

[endgame]

has anyone visited the guestbook and had the page refresh to freebsd.org in about 3 seconds?

Re:Anti-Microsoft for no good reason?

[Dark+Fire]

It is just like the netscape project in many respects. No developers want to work on Mozilla because the code is not open source. Now Microsoft wants "crackers" to attack their Windows200? & then tell them how to fix it. Maybe if they set it up on their productions servers or offered $$$ someone might try it. It doesn't even appeal to a cracker's ego. Whoopy-Ding I broke into an isolated server running Win200? & changed the wallpaper & snagged some word docs. What is Bill thinking? If he offers $$$, puts Win9x/200? source code on the site, or uses them as production servers at M$-then maybe they would get some attention. You know what-I have a 386sx/40 under my desk at work. I will setup Linux on it & secure it the best I can & then I will post to slashdot & ask everyone to try & break into it. How does that sound? It SUCKS! NO MONEY-NO GLORY-No reason to crack a box....

Thoughts from a grey-hat

[anticypher]

Microsoft has slapped a packet sniffer on the local network feeding the contest machine. Probably several sniffing machines, with different filter criteria. Gives them some idea of what the script kiddies consider useful for cracking an M$ site.

If any of the attacks succeed, they have a trace of the crack, and can build better security for the final release of NT2000. This is good, because I'll have those pieces of shit installed all over my networks soon enough.

They also get to harvest IP addresses of everyone stupid enough to try even looking at this machine. Even a simple traceroute will give them a source IP address. Toss them all into a big database at a later date, couple it in with some other data about the attack type, and wait to use it later to track crackers. Offline analysis is a powerful tool, couple it with automated lookups and a simple knowledge based system, and you could populate a DB with some dangerous data.

For the paranoid, perhaps there has been a nasty break-in by some sophisticated infocriminals (love that new word, see HNN), and the FBI are also sitting in the room with their own analyzers, waiting for someone to try a similar attack. Assuming the crackers are just some misguided wanna-be scripties, this could help the FBI to back track to them. The cracking contest is just a combination of marketing fiasco and FBI clue gathering mission. The FBI are probably not even looking for anything they could use in court, just some leads to track down.

Given the lack of any other services on the machine, and the simplicity of the web pages (no DB or useful cgi-bin), and the quickly hacked together javascript errors, I would say this is mostly a marketing exersize. No matter what the outcome, they can spin it into some hype and a FUD campaign.

the AC

Re:Thoughts from a grey-hat

I agree, I was attempting connects to illegal ports when the site went down, can't tell if that did anything or not.

Services

[toaster13]

Umm am i the only one that port scanned www.windows2000test.com and came up with NOTHING except port 80?
I think its easy to keep a server secure when it can't do anything!

Don't give them free QA.

[jordan]

This is an attempt by Micro$oft to get free QA. Unless you like doing work for monolithic, monopolistic companies and not getting paid for it, don't even look at the box.

You do more for yourself and for the community that Micro$oft oppresses by waiting until Windows 2000 goes Gold, publishing your sploit on BugTraq or some other full-disclosure security forum, and seeing it on the front page of the New York Times.

Cracking their box is helping them for free. See through the folly; they don't deserve anything.

--jordan

Hot shit its been /.'d!!!

And a quick by passing M$ fitering HOW-TO

Say with me:

1. f.u.c.k
2. s-h-i-t
3. compet-i-tion (oh wait, that's not a swear)

Someone broke it (hehe)

Looks like someone cracked it. The link to the guest book forwards you to the FreeBSD site. Hmmmmm, don't think it was hacked by a Windows box do you?

It's broken (!)

[Jim+Morash]

Wow, that didn't take long.

"Logon failure: user not allowed to log on to this computer."

I'm not too web-savvy... does this mean it's getting DOS'd/slashdotted, or is something more interesting happening?

Re:Identifying Criminals?

[Mike+A.]

Tell that to the fellow who allegedly wrote Melissa.

hahahah

[Rabbins]

now the guest book goes to /.

funny :)

Re:hahahah

[_vapor]

web site "cracking" is too easy if *i* can do it.. -->

Re:Anti-Microsoft for no good reason?

[rlm]

I agree that this is a win-win situation for them and they are getting free assistance, but your intentions seem almost hostile. I'm not thinking of them getting free testing for their product as much as I am thinking of their realization that internal testing isn't enough. And I think that it's very hostile of you to ask that companies and individuals get W2K installed and operating on all of their systems before we "put MS in their place" by finding an exploit after it's release.

Once again, I don't like MS more than anyone else, but I see this as an important change that will produce a better product. Forget the monetary implications, it shouldn't matter to us whether they lose money or make money as long as the OS gets fixed a bit.

MSIE required

[sOEMA]

I'll bet you any money that the reason they've disabled netscape is because netscape is secure and they can't do intrusive market research on people that hit the web. Hence this MSIE crap. What a bunch of bastards.

Re:It's dead as a door nail

[Sangui5]

Except that there were about 1000 other people/sec also trying to kill it.

Conspiracy Theory...

[Menneg]

Just a thought here, but looking at some of the scan data that was posted earlier on /., it would appear to be a Linux box!!! This leads to 3 posibilities;

1) They are tricking us into hosing a Linux box,
2) They have ported IIS to Linux and are testing that configuration, or
3) The scans are coming back incorrect.

I hope for the sake of the Linux comunity that it is (3) rather than the first 2. Man, think of the bad press for Linux!

Re:Conspiracy Theory...

[Kerg]

4) They couldn't implement a working protocol stack for W2K, broke the GPL and stole it from Linux instead. Except that someone forgot to wipe off the fingerprints :)


Ahh... conspiracies....

Re:Conspiracy Theory...

[Kerg]

4) They couldn't implement a stable protocol stack for W2K, broke the GPL and stole it from Linux instead. Except that someone forgot to wipe off the fingerprints :)


Ahh... conspiracies....

Re:Conspiracy Theory...

That would be plain stupid. I can setup a windoze
box that crashes right away, or a Linux box that is seriously malconfigured (you can even screw up the source code). So, what's the point of 1)?

2): who needs that anyway.

3): they took out the Linux TCP/IP stack, thereby violating the GPL...

Anyway, I can't wait to see the press make a fool out of micro$oft (once again)...

Re:Conspiracy Theory...

The scans are coming back incorrect. Try nmap on a recent build of NT (which I'm sure they are running), and you'll see that the signature is just different than previous versions. IIRC, nmap also uses TCP sequence pred info for OS ident.

Re:Smart move for Microsoft

[C.Lee]

4:21 pm on 8/3/1999...Microsoft's test WWW site seems to be deader than 3-day-old roadkill and all's well...

I don't think MS is playing fair here...

[mattkime]

What I see... Error
Logon failure: user not allowed to log on to this computer. I'm using Internet Explorer...is it my firewall? What good is a "Crack This Server" contest if the machine only serves to users running IE, no firewall, of Hispanic/Non-white descent, with a porno backround image and a melted candy bar in their pocket? Do not be discouraged! Download IE, get in front of the firewall, alter your genetic material, you already have the porn and a candy bar should be in reach! Watch out M$, here we come!

Why server is down

Sorry for the inconvenience. We had to reboot the server after debugging
a fault in KERNEL32.DLL. Keep up the good work!

from the guest book on the web page. looks like someone brought it down.

IP addy

[tweek]

YOu can looked up a cached response of the ip addy on the MS nameservers at 131.107.1.7. Earlier in looking around I had noticed that this redirects to another box known as ntbeta.microsoft.com I think or what not. This is all old info I think though.


The interesting point that everyone keeps reitterating is that the site has been constantly down all day. I keep wondering what spin MS is going to put on this. They put out this box to be cracked, which cant even stay online. They use a non real world example by not running any services. The sad part is due to all the lame posts, they will attribute this to the opensource community in some way and attempt to make us look bad. And all this when I was just remarking that Bill Gates has done something good for once by donating some of his fortune to a really good charitable cause. *sigh*

Smart move for Microsoft

[EngrBohn]

Two possible outcomes:
- Nothing breaks it, and this becomes a marketing high-point for Microsoft - It gets broken, and Microsoft engineers now have solid data (vice anecdotal) as to where the problems are. Especially if this was compiled with the debug option switched on.
Christopher A. Bohn

Re:Smart move for Microsoft

PING www.windows2000test.com (207.46.171.196): 56 data bytes
64 bytes from 207.46.171.196: icmp_seq=0 ttl=113 time=781.0 ms

The TTL doesn't look quite linux'ish (only really ancient versions of linux used 128 AFAIK).

But maybe I'm wrong.

Re:Smart move for Microsoft

[Suydam]

YEP

Outcome 1 - nothing breaks it. THis would be a bad thing. Arrogance and "we're unstoppable" would be their attitude.

Outcome 2 - we break it. they fix it. This would be a GOOD THING. The more secure a system is, the better. It doesn't conflict with our goal of Total World Domincation....it just gives people a viable choice.

You forgot Outcome 3 though - we break it. they deny it for 6 months and then release a Service Pack that fixes the problem that "doesn't exist". This seems the most likely to me.

Re:Smart move for Microsoft

Seems like network problem to me...
Tracerouting reveals that connection ends somewhere along iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136), that is for me atleast. Also other IPs belonging to same subnet are not responding.

Re:Smart move for Microsoft

[vt@office]

Yes, but what about the case when noone (flexibly defined) CARES to break it? Serious people have more important work to do rather than break the thing which is broken by design...

Re:Smart move for Microsoft

Broken by design? Uh...compelling argument.

Re:Smart move for Microsoft

[Amazing+Proton+Boy]

You are Rob Malda.

Re:Smart move for Microsoft

[delmoi]

Actualy, i've had situations where a weird bug would crop up, I'd go to debug mode, and then *more* crash bugs would show up! I was writing win32 code, and the code I had writen was exspecting somthign to be done (initalizing the windows, etc) before it was sure to be. In optimzed mode, it happend fast enough, and "out of order" or somthing, and it worked fine
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:Smart move for Microsoft

[Signal+11]

No, there is another outcome. Nobody takes the challenge. Challenges like this are generally dismissed in the security industry for a variety of reasons. Some of them are as follows...

- Real Crackers aren't going to spend their time trying to get caught on a high-profile site.
- Script kiddies don't have any scripts for the "new" OS yet.
- It's new - so of COURSE it's going to take time to find the vulnerabilities. You think "one stunt, and that's it" is going to fix all their problems? You're more naive than I thought.
- Past record. How long does Microsoft take to acknowledge, let alone fix, the problems they find? W2K *will* have bugs. All major programs have bugs. The question is - will they efficiently and quickly inform their customers, and provide comprehensive support to them - like the 4-color glossies they distribute say?
- Many vulnerabilities are discovered at the console - and by looking at the source. It could be wide open, but you'd never know that from a remote perspective. Breaking into a system you've never seen or used remotely has about as much of a chance of success as me getting away with being called Rob Malda in this post.

That's just what I can think of off the top of my head. Use your imagination. And most importantly: dismiss yet another one of Microsoft's tricks to get you to do their bidding. Clever Microsoft, but I thought you'd have learned by now that the 'net dispels FUD faster than a speeding salesman.

--

OT: Not BSOD anymore :-)

Because it is configurable, so I suppose it should instead be *SOD.

Re:OT: Not BSOD anymore :-)

[toast0]

Actually IIRC the configuration is located in the system.ini and is not available in NT....

so the poor saps running win2k don't get to make thier screen of death purple and green or some other horrendous combination :)

Wow! This server is BULLETPROOF!

[Redwire]

We're witnessing the ultimate in internet security! Not only is it impossible to hack/crack/smack this box, but they've tightened things up sooooo much that I can't even ping it! Heck, I can't even resolve the name to an IP address.

My next challenge is for all you /.'ers to hack into my old 486. It's sitting in the corner of my office unplugged and collecting dust. Now THAT's security!

Re:Wow! This server is BULLETPROOF!

[elvum]

Easy, I'll just dust off my old jedi mind tricks...

DoS attacks "don't count"? FU! ping -s 65000 -f...

What is this DoS attacks don't count bullshit. Dead servers is dead servers. And no I don't just mean while the DoS attack is happening, I mean if it causes the server to lock up or crash and stay that way when the DoS attack ceases, then that's a successful crack. But we can't test that unless we try! Or will MS sue me for cracking?

Not allowed indeed. Pffft!

Re:Don't bother

[quadong]

How the hell did this get moderated up to 3???
I mean, sure, it's true, but it's redundant and obvious. At least use your moderator points to bring out those who bothered to write more than 2 lines, people.

What an ugly site

[Gleef]

To "show off Windows 2000", I would think they could do with a better designed web page. I get about 250 pixels (vertically) of broken-looking header, followed by about 800 pixels of whitespace, followed by the actual text. I have to scroll down more than a screenful just to read anything. And a Javascript error to boot. I mean, if they still can't even design a competent website, what makes them think they can design a whole OS?

----

Re:What an ugly site

[Sunthalazar]

I agree. I thought it was pretty great. I was going to post it as well, but I'm glad I found someone else who did. =:->

Re:What an ugly site

[Bob-K]

Maybe the site is designed so you can only crack it using Internet Explorer.

Re:What an ugly site

[generic-man]

Somehow, I wouldn't take anything written in that guestbook seriously. It's like Slashdot, only even more unfriendly (and you can't view comments in Nested mode, either!)

Re:What an ugly site

[IanO]

The page looked like that to me also so I decided to fire up IE... well it's more like click and hope that it doesn't crash my machine :) Not surprisingly the page looked just fine. It's nice to know that these people don't have the brains to make their web pages compliant for all browsers.

On a side note I've had IE running for almost five minutes now and my machine hasn't crashed, although memory usage increased alot.

------
IanO

Re:What an ugly site

The site does look ugly under Netscape (Windows/Linux). It looks fine under IE 5.0, though. I Acutually prefer IE 5.0 to Netscape for browsing the web (which is one of the reasons I use use vmware). I don't have very good vision, and most sites (in addition to displaying properly) are also easier for me to read under IE, no matter what font tricks I try with Netscape.

Re:What an ugly site

[stuntpope]

Doesn't work for me with Netscape 4.5, even with JavaScript turned off. It does work in IE 4, but man it's ugly with the menu having close to 0 margin width on the left margin. Where are the style police when you need them?

Plus, in the guest book, a supposed member of the win2000 dev team wrote to the Netscape complainers, "Netscape is not supposed to work in here". Now isn't that just a wonderful attitude? Screw M$.

Another rigged contest...

I have to agree with this.

Never mind that I can't even get an IP address for this hoax, from 2 different locations!

2%nslookup windows2000test.com
Server: localhost
Address: 127.0.0.1

*** localhost can't find www.windows2000test.com: Non-existent host/domain

And... ???

No match for "WINDOWS2000TEST".

In any case, I fully expect the site to get /.'d anyway...

Hehe.

Re:Another rigged contest...

[DrAtomic]

I checked with internic because I thought that it was going to be a hoax, but it looks like the domain name windows2000test.com is registered to microsoft. I do know that the page is down right now, so that might have something to do with what happened to you, but I know that it is registered at least to someone at M$ (or someone who knows a good deal of M$ info, like their street adress and stuff like that).

Re:Another rigged contest...

Or someone who looked up the domain registration for, say, www.microsoft.com, and used their cut+paste skillz.

Nope /.'d

[just+someone]

(Some router loops happening and when I did hit the server in the 'appropriate" browser)

The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be displayed.

------------------------------------------------ --------------------------------

Please try the following:

Open the www.windows2000test.com home page, and then look for links to the information you want.
Click the Refresh button, or try again later.

Click Search to look for information on the Internet.
You can also see a list of related sites.




HTTP 500 - Internal server error
Internet Explorer

They are using Linux 2.0.32-34

Whats with that.... hmm, dem boyz is crazy!

javascript errors?

[Numeric]

is anyone getting javascript errors using netscape 4.61 (windoze)? i can't see the page and i am not going to load internet exploder to see their challenge!!!

Re:javascript errors?

[Numeric]

Okay I loaded Internet Exploder and read through the source....

SCRIPT language=Jscript --- that's M$ specific code

bgProperties=fixed --- m$ specific?

later in the code they have a section
for script language=javascript
---

I have no idea what this function is however Netscape doesn't like it nor should it.

function done()
{
Windows.style.display = "";
}

Obviously this web site will only work in one browser! Ugh!

does anyone else get this on M$Windoze2ktest site?

[Vamphyri]

Logon failure: user not allowed to log on to this computer.

Problems

[Nocturnal]

the nameserver propagation may not be the only problem, at current I cant reach it by the ip, nor can I get to www.microsoft.com *Smiles* What a wonderful day it seems to be.

who cares?

[mdillon]

why should anyone want to help micro$oft audit the security of win2k? wait till we can get a copy of it, then we'll start looking for security holes. this is just microsoft trying to use the anti-ms sentiments of crackers to get free auditing. screw them.

Re:who cares?

[quicksilver]

Let me get this straight. They expect met to crack their software (read beta test) as mdillion says so they can make it better. And what do I get? Hmm recognition? Free software? Paid? Access to the source? Or do I just spend my time on their product because they dared me? I'll hold out for the double-dare.

Boy where do I sign up. Can I pay to do this too?

I wonder, I really really wonderrrrr......

[Vector+Inspector]

I don't think I crashed it, but I sure hope I did. I made a guestbook message made up of about a couple of 100 lines of hex codes from the windows registry and then I hit submit a couple of 100 times, and then it shut down. I doubt I crashed, but I can always hope , can't I?

The Guestbook

You are entering a submission from IP address - 204.95.240.10. We are currently accepting a maximum of 5 submissions per 24 hour period for each unique IP address. If you wish to provide further feedback on Windows 2000, or on this site, please visit again tomorrow.

they pulled their dns name server!!

[Darksky]

see title

Hypocrite!!

You bunch of hypocrites! You scream about how crappy MS's software is then you refuse to "help" them improve them. You guys don't hate MS because of it's software quality, you hate them because they're MS. Be honest with yourselves here, if you hate them because they're MS, then you're a biggot; if you hate them because of they're software quality, help them out; if you hate them because of their business practices, well...that's a judgement call.

PS. I work at MS but love Linux...I use the best tool for whatever job I'm performing.

Re:Hypocrite!!

Don't delude yourself. MS is not trying to cash in on people's anger. They're trying to make a better product and asking the world to help them.

I can't grok what you're trying to say in your second paragraph. Are you saying it's BAD for MS to improve their products for thier users? The next sentence is nonsense...contrary to what you state, it WILL benefit MS users if MS improves its software.

And what do you mean they "expect" free debugging in exchange for nothing? They want their potential Win2000 customers to validate the security of this beta so when they release it, these customers will feel comfortable about its security. I think MS's reasoning behind this "crack-it" server was not to entice the Linux crowd, that's silly, I think they did it to allow their potential customers to bang on it.

I'm not a fanatical MS or Linux advocate. I'm an advocate of rational thinking.

Re:Hypocrite!!

[Azul]

I consider MS software crappy at best. And I also refuse to help them improve it, as you point out. But I consider my attitude far from being hypocrite. Does Microsoft expects me to help them improve their propietary software, that I have to pay for and can't modify nor share with my friends?

Why should I help them improve their propietary software? I would do it would they release it under the GPL or a similar license.

Expecting me to pay for their crappy software is ridicolous. Expecting me to help improve their propietary software is far more ridicolous.

Alejo.

Re:Hypocrite!!

[Mr.+Flibble]

Well said.

Especially your last line.

Re:Hypocrite!!

[Micah]

I hate Microsoft for their business practices. The fact that their software sucks is a side benefit...

Re:Hypocrite!!

I'm not a fanatical MS or Linux advocate. I'm an advocate of rational thinking.

Then you're on the wrong web site. This is slashdot. No rational thinking allowed here.

Nail their ass to the wall.

A few suspicions arise:

Will they release the TRUE results of the test?

Will they say how many times the machine had to be rebooted?

Is Back Orifice 2000 fair game?

It's obviously a clever attempt by Microsoft to come off as being "secure." But so long as it's closed source -- there will always be suspicions of backdoors.

Not to mention the fact that this doesn't even address the issue of reliability..

Re:Nail their ass to the wall.

[WasterDave]

Of course Back Orifice is fair game. You have to upload it and get it going, of course.

Wasn't there something about terminal services being included in Win2k server?

Dave :)

Re:Nail their ass to the wall.

[ElJefe]

With regards to uptime, it might be interesting to write a script that automatically pings it once in a while (say,every minute) and logs the results, just to see how often it's actually working (and to make sure that they don't reboot it every night)...

-ElJefe

Re:Thoughts - followup

Set paranoia level to two.

So I went and touched this machine from a honeypot out on a backbone, just to see where it was and what kind of response I would get. Just a single traceroute, a ping, an http: HEAD. Nothing out of the ordinary for a slashdotted machine. I had a sniffer running to capture any packets headed into my machine, but didn't see any return ICMP or IP traffic.

Within two minutes, someone, somewhere on winisp.net did a single whois and reverse block lookup on my address. The two were less than a second apart, so I suspect an automated tool.

I did another traceroute and ping, as well as a bunch of traceroutes from web servers. After 20 minutes writing this up, no second lookup on the honeypot, nor any other traffic directed at it. I guess the watchers on the other end have their data cached in their DB, and don't need to look it up again.

So, I do the same lookups on them and got
----
whois -h whois.internic.net winisp.net ...
Registrant:
Pebkac Networks (WINISP-DOM)
12732-28th Pl. W. #B
Everett, WA 98204

Domain Name: WINISP.NET

Administrative Contact, Technical Contact, Zone Contact:
Casper, Holly (HC3227) ghcasper@STTL.USWEST.NET
425-423-0145
Billing Contact:
Casper, Holly (HC3227) ghcasper@STTL.USWEST.NET
425-423-0145

Record last updated on 10-Feb-99.
Record created on 23-Nov-98.
Database last updated on 2-Aug-99 04:09:46 EDT.

Domain servers in listed order:

NS1.WINISP.NET 207.46.170.2
NS2.WINISP.NET 207.46.170.3

whois -h whois.internic.net windows2000test.com ...
Registrant:
Microsoft Corporation (WINDOWS2000TEST-DOM)
One Microsoft Way
Redmond, WA 98052
US

Domain Name: WINDOWS2000TEST.COM

Administrative Contact:
Microsoft Hostmaster (MH37-ORG) msnhst@MICROSOFT.COM
425 882 8080
Fax- .: 206 703 2641
Technical Contact, Zone Contact:
Casper, Holly (HC3227) ghcasper@STTL.USWEST.NET
425-423-0145
Billing Contact:
Gudmundson, Carolyn (CG6635) carolyng@MICROSOFT.COM
+1 (425) 882-8080 (FAX) +1 (425) 936-7329

Record last updated on 20-Jul-99.
Record created on 20-Jul-99.
Database last updated on 2-Aug-99 04:09:46 EDT.

Domain servers in listed order:

NS1.WINISP.NET 207.46.170.2
NS2.WINISP.NET 207.46.170.3
----

I'll have to get a copy of their rules, as soon as you slashdotters all go to bed and leave the poor site alone. See if they specifically deny all other types of social engineering and DoS on upstream machines. Its cheating to take down their local cisco router, or reroute their internic pointers, or stuff a bogus IP address into their DNS server.

It would be nice to see them set up a proper e-commerce site, with a real e-commerce package and some dynamically created shopping pages, allowing testers to enter fake visa card numbers. Then the machine would be a proper challenge.

The guest book redirects to slashdot are classic, they almost count as a proper crack (I'd call them a hack, clever and harmless).

Maybe I should set paranoia level to three :-)

the AC

It is already borked.

[DrZaius]

Hmmm, it seems to be broken already. The page does not display properly and it is damn slow.

What a way to demo win2k; a server and web content that does not serve to unix clients (as well as any other platform that uses Netscape). But, as MS reps have told me, in the "real" world, everyone uses NT.

Okay, back to my imaginary job working with Unix.

Re:It is already borked.

[eponymous+cohort]

M$ = $$$ (for more staff & admins)

2 staff/admins per mainframe
3 staff/admins per NT server + good technical support contract ;)

Yes but those 3 staff are much cheaper since NT is so easy that anyone can admin it.***

*** Not my own view, but it seems to be a prevalant view among some PHBs. MS themselves seem guilty of pushing this notion in some form.

Re:It is already borked.

[bmetzler]

M$ = $$$ (for more staff & admins)
2 staff/admins per mainframe
3 staff/admins per NT server + good technical support contract ;)
Yes but those 3 staff are much cheaper since NT is so easy that anyone can admin it.***
*** Not my own view, but it seems to be a prevalant view among some PHBs. MS themselves seem guilty of pushing this notion in some form.

Yep, it's amazing how many times Microsoft points this out in their white papers. System administration is cheaper on NT then Unix. Yeah right, simply because "system administration" on NT is limited to rebooting BSOD'ed machines and calling the tech support line when anything else goes wrong. At the same time they are telling people that they'll be rich and famous if they get MCSE certified. So which lie do you believe? Either a good administor will cost the same amount to keep the either systems running, or the system admin will be certified and paid next to nothing because Microsoft told the PHB's that systems admins came cheap on NT platforms. I chose to believe the whitepapers. NT Administrators aren't paid as much as Unix administrators.

I hope Bill's happy

-Brent

win2000test

[Microlith]

hehe. webpage now returns:

Logon failure: user not allowed to log on to this computer.

another machine to 'crack'

Try http://www.microsoft.com

Refresh hack

[drwiii]

The key was to put the refresh at 0. It stopped IE people from adding new entries, and kept the refresh on the guestbook page.

With all the people hammering the server though, I'm surprised nobody tried a meta refresh before my redhat.com and freebsd.org tests. :P

Difficulty rating of 11.

[Neuromancer]

It's not hard to protect a machine against cracking attempts if all you run in a Web server and close off all port access except 80.

I suppose in less than 2 weeks we'll see an update from Microsoft expounding on the systems security, and failed attempts to "crack" it.

Gimme a break...

They rebooted the thing!

most of the time connects to ports other than 80 and 88 are neither answered nor refused,
but through their reboot cycle I got "Connection refused..." from all interesting ports.
man... is slashdot slashdotted or what?

Works fine in IE - Hello? DOJ?

Yet another attempt to squash competition by producing pages that can only be used by their proprietory browser and not Netscape's. I certainly hope the DOJ is taking note of this - little actions like this illuminate the inner philosophy of Microsoft...

Long Live Netscape (even if it IS owned by AOL)

It is already fuxored!

It loaded all messed up, and jacked my browser. I
had to reload Netscape. Seems like Microfilth can
still screw up my box.

IT'S DED!!! D. E. D. DED!!!

[macdaddy]

I just tried to connect and it says "Logon failure: user not allowed to log on to this computer."!!!!!! Now every other try gets denied whatsoever! Muh hahahahahahaha I love the /. effect!!!!

Re:IT'S DED!!! D. E. D. DED!!!

yup same here, Logon failure: user not allowed to log on to this computer.
that took what 1-2 hours
That's funny. I gotta see what MS says about this.

Fixed?

[battery841]

It looks like it isn't forwarding anymore. Did this 'break the rules' and MS had to fix it?

It was *NOT* cracked

[Hanno]

Hemos, get your facts straight. A simple redirection
is *not* the same as cracking a machine.

Looks like their DNS is down also

[Wastl]

I can't even resolve the name www.windows2000test.com.

Perhaps the crackers got another target after the real server got /.'ed.:-)

Sebastian

Why Hackers might be kvetching...

[DLG]

Microsoft offers a server and asks that folks take a shot at gaining access to things Microsoft wouldn't want folks to have access to in a commercial product.

Some people yelp, "Screw Microsoft, let em do their own dirty work."

Others tut tut, "This is just like Open Source! This is a step in the right direction."

What to do!?! Is Microsoft challenging us to stick by our Morals? Or are we being "used" by a corporate entity. Even worse, are the logs of this attempt at hackign the system going to represent evidence?

#1. If you can't avoid a simple tcp/ip packet sniffer from tracking you down, then you are unlikely to be the ones the FBI cares about.

#2. If you believe that this is closer to open source than before, try a breath deep too. Oxygen is good. Yes.. It burns stuff... Anyone can torture test any product they buy. There is nothing open source about that. The issue of Open Source is that modifications we as hackers might make after finding bugs, are owned by the community, as is the original software to some extent. The notion that this method of security analysis is any different than normal practice of Microsoft is laughable. The question is HOW the software is being tested, not WHO is testing it.

#3. I will note that it is rare for a Linux machine to HAVE to be advertised to be crashed. That is because if you want to test out a security flaw you can create your own test machine with no cost. Thats the joy of OPEN SOURCE. You can truly know what you are getting, try it before spending money, and even fix problems yourself rather than having to wait for a company to respond to your bug report.

#4. I still have doubts that this product ever will exist. The fact is that if no one hacks the software, then Microsoft can claim their non-released software that probably will not be really implemented before some serious bug fixing, is secure within the context of 1999's security issues and protocols. With new services being added regularly and custom software being thrown into the mix, this is relatively vapor ware benchmarking...

Whatever,
dlg

Not using linux according to HTTP header

[livewirevoodoo]

using the Server HTTP header you get

Server: Microsoft-IIS/5.0

although it is interesting that the server behaves like linux OS, unless MS decided to port IIS to linux.

Re:Not using linux according to HTTP header

[Alex+Zepeda]

Oh please. It's so amazing to me to see all you arrogant Linux users think that Microsoft has nothing better to do than rip off Linux. Linux is a monolithic kernel, that for better or for worse uses a coarse lock. If MS was going to rip code from someone it would probably be Sun's Solaris, b/c they at least have massively fine grained locking, and so-on.

WRT nmap, that's bogus. Have you people NOT SEEN what nmap says, it's a GUESS!

"Remote operating system guess: "

Sheesh. I've seen nmap report a system is running AIX, but the http header claims that it's running IIS 3.0. Has IIS been ported to a non NT/9x platform? I doubt it!

Re:Not using linux according to HTTP header

Or they realised that their own IP-stack was so crappy that they desided to use Linux's. Hey, whait a minute, doesn't that mean that they have to Open Source Windoze2K (GPL)? Please don't do that!!! I have allready seen too much bad things in my life. ;-)

N Ghandie

Re:D'oh! shes down hard now

[adavidw]

Nah, ICMP is filtered out on almost the entire Microsoft net, so not being able to get a pong back from your ping doesn't mean anything in this case.

-Aaron

ftp://windows2000test.com

Try it.

w3rd

[joq]

n0w l3mm3 c4ll my skr1ptk1dd13 fr13nds%!$#

./eeye -sploit -microcrap

sil@macroshaft.org

Re:w3rd

XP, is there anyplace you don't post? :) One wonders if an old-fashioned OOB ping would work...one never knows till one tries.

Rules page LOGON FAILURE

Going to the rules page (with either Netscape 4.61 or MSIE 4.0) I get:

Logon failure: user not allowed to log on to this computer.

Has someone already broken the HTTP daemon?

Contest?

[Mignon]

How about making this a contest? Maybe those Linux users disillusioned by their crippled SETI@Home client could put their idle time to use. Now that would be a Slashdot effect...

I haven't read the "rules", but I wonder if everyone will follow them.

Dont do it guys!

[Larry+L]

Basically ms is asking for your help for FREE!

yes, this will help, i guess, the hoards of win users... but who cares!

MS is making money off of YOUR WORK!

Even the beta testers for Win98 ( or was it 95) got free copies of Windoze for their work. In this deal you get squat!

Re:Dont do it guys!

[alfredo]

It helps them ID hackers and crackers too.

Back Orifice udp port

[TREMOR]

I may be wrong, but it looks like there is a Back Orifice UDP port open at 31337.

Re:Back Orifice udp port

[Accipiter]

You're not wrong. :)

31337 open udp BackOrifice

-- Give him Head? Be a Beacon?

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

Of course ping -s will make it unavailable, knob. And hence prevent any _Real_ attacks, which is what they're looking for. They can easily test flood attacks on their own.

Like it says - it's not behind a firewall which is the only defense to that type of DoS attack.

Duh.

A ploy to get crackers to use IE4-5!!!

[|DaBuzz|]

The site is already fubar if you use NS or IE 3 so to even read the text you'll need IE 4 or 5. This is Microsoft's evil plan since any cracker out there who installs IE 4 or 5 will have their name and SSN sent to the FBI. *grin*

Re:A ploy to get crackers to use IE4-5!!!

[petef]

heheh yea, we should email them and tell them their site looks like shit in netscape.

hahaha

-pcf

Look!

[Uart]

Its a bird!
Its a plane!

This looks like a job for....

SCRIPT KIDDY MAN!

Logon failure

[Kancer]

At 1:50EST I got this when trying to access the site.
"Logon failure: user not allowed to log on to this computer. "
I have been looking at it on someones machine that was running IE5 and now this is what I am getting. Anyone else see this?

Re:Logon failure

[quantumfire]

Copy that, Red Leader.
Looks like ye olde slashdot effect has taken hold at last..... *cackle*


If you find yourself in a hole, it's time to stop digging.

Re:Logon failure

[DECula]

score at least 3 hits so far.
whoever did the login fix, I'd sure like to
know how ya did it. cool!

2 hits dropped em in their shorts.

Hey - funny thing, try playing with redirections
folks. seems like a in a url effects
the server. muhahahaha

Javascript

Yep, I get the same error. Lets just pretend they are watching this discussion and want to see the frustration. Ignore it. Lets figure out a way to crack the site!

Re:They're asking the Internet to debug for them !

I think your signature line sums up your position most succinctly.

Do this instead!!!!

[Larry+L]

Screw ms... this is a better use of your time.

Or go help out the mozilla guys...

my 2c

Whew-hew! HAHAHA! That didn't take long...

And I quote:
ErrorLogon failure: user not allowed to log on to this computer.

Did they honestly think it couldn't be done?

Fools.

Re:Whew-hew! HAHAHA! That didn't take long...

[zyklone]

It's an odd message, i wonder what happened ..

do we/you really want to be a beta tester for MS?

[gimpboy]

this is just a way for microsoft to use the talents of its oppostion and not pay for it. this will inturn make the final release (or whatever you call it) of w2k better by pointing out serious bugs and allowing them to fix them before the offical release.

this challenge is just a ploy trick people into working for them for free to improve the next release in the line of pathetic products.

just a thought.

john

And Confused

[just+someone]

Actual message returned in netscape:

Logon failure: user not allowed to log on to this computer.

heh even MSIE 4.0 can't run the JavaScript

tsia

Does S.A.T.A.N. run (under) Microsoft (Windows)?

[ole]

Microsoft is doing something that is bad for software users: making software proprietary.

It's just a waste of time to security audit and help Microsoft to improve any non-free software.

And IE4-5 is MS's version of Back Orifice!!!!!

Think about it. MS is trying to get crackers to instal IE4/5 on their machines. IE 4/5 is an MS commissioned cracker tool that allows them to look in on users' hard drives, read files, delete files, see what's installed..... um strike all that... I mean "collect marketing and user preference data", yeah, that's it! Anyway, once crackers run IE, MS can snoop on the next versions of Back Orifice while they're under development and prepare for them before they're released. Then MS and Bill Gates will be TH3 UL71/\/\4T3 'l33t H4X0R d00dzzzzZZZzzzzZZzzzzzssssssszz!!!!1!!!#@#@$@$#$@# @$!

Logon failure: user not allowed...

[Bazman]

to log on to this computer.

Looks like we crashed it. Funny, this happened just as I requested a URL of:

http://www.windows2000test.com///////[2000 x /]

Coincidence? Probably!

Baz

I guess it was done

I don't know if anyone has checked recently, or if it is just my quadrant of the internet, but www.windows2000test.com doesn't even exist anymore.
Maybe Billy Boy woke up from his afternoon nap and had a paranoia attack,
then again, it may just be my stupid internet connection.

Re:I guess it was done

>I don't know if anyone has checked recently, or if it is just my >quadrant of the internet, but www.windows2000test.com doesn't even >exist anymore.

Shrug. It's what happens when the Wave-Motion Cannon is fired....

Nonsense.

[jtgold]

Exactly how is this "challenge" intriguing? Cracking contests are a dime-a-dozen these days, which is interesting because they demonstrate almost nothing about security. (See this essay to undestand why.) If you believe that the nature of the open-source community is to fall for tricks like that then you have drastically underestimated this community. Most of the audience here doesn't get paid to find and report security holes in Linux or NT. However, if you find a security hole in Linux the result of your work will be made available to you and everyone in the Linux community at no charge through the efforts of volunteers like Torvalds and Cox. If you make the same effort for NT on the other hand, Gates is sure to offer you the opportunity to pay for the improvement whenever Win2K manages to surface without seeing it's own shadow.

I'm not sure what you mean when you say, "The open-source community has been calling for Microsoft to do something like this for a long time now." As far as I can tell, no one has asked for Microsoft to offer us an opportunity to allow us to support their development and marketing efforts without compensation. Sorry, but now that the opportunity is here, I'm still not impressed. It probably would be easy to knock down the Win2K test server (I can't seem to get through to it so perhaps someone already did), and yours as well -- but I don't much care. I use Linux because it is the most stable and effective operating system that meets my computing needs, not as a protest against some other system. I choose to direct my attention to constructive activities -- attacking a system that isn't even in production without source code or specifications doesn't qualify.

Re:Don't bother

[dadkins]

Right, so why do idiotic hackers feel the need to "help" proprietary websites become more secure by hacking and defacing them? Seems like the slashdot crowd is being severely hypocritical.

Re:D'oh! shes down hard now

[Justin+Motion]

They could make it almost completely unhackable by turning it off....

Hey,

[Axe]

what the hell is on
207.46.175.252 (aka 207.46.175.252)
can smbd check it?

Pro-Microsoft for no good reason?

Why do I see so many posts on slashdot supporting Microsoft get scored +5? This doesn't this fit entirely with the concept of Open Source! Microsoft is not requesting assistance and criticism from the community, rather they are keeping entirely closed by not handing out the source code. It is not a step in the right direction. Shouldn't we all be happy that Microsoft is at least TRYING to improve their product before they release it rather than just giving us another piece of crap? Nope. Tolerance of Microsoft's brutality has gone on too long.

If you like Microsoft, that's one thing, but you have to admit, they shouldn't have deliberatley sabotaged Windows '95 and called it Windows 98.

It is down right now mabie /.ed hehe

[Guzzi]

W2K shellac on shit!!

Don't bother

[Megaweapon]

All you are doing is allowing them to test their software using your efforts. Don't waste your time. Let them test their own crap.

Re:Don't bother

[Jonny+Angel]

All you are doing is allowing them to test their software using your efforts. Don't waste your time. Let them test their own crap.

*cough* *cough* open source *cough* *cough*

Jonny Angel

Re:Don't bother

I'm confused. Microsoft puts up a site that says "hack me" and then wants us to tell them when we find security problems? They're giving us free reign to test out ways of hacking a windows box. What's stopping people fom discovering back doors and keeping the info to themselves? I don't think this was very well though out by MS (what a surprise!)

Re:Does S.A.T.A.N. run (under) Microsoft (Windows)

[Darksky]

is it just me, or is the windoze test site DOWN!??? it took us less than 4 hours hahahahaha1

Cracked?

[periscope]

Here's some output: [mastersj@periscope mastersj]$ ping www.windows2000test.com ping: unknown host www.windows2000test.com [mastersj@periscope mastersj]$ ERROR: The requested URL could not be retrieved While trying to retrieve the URL: http://www.windows2000test.com/ The following error was encountered: ERROR 205 -- DNS name lookup failure. Please contact your system administrator. This means that: Host lookup www.windows2000test.com not available Web-Caching powered by Network Appliance. Generated by NetCache/3.4D3@www-cache.pol.co.uk:8080 Wed, 21 Jul 1999 13:51:06 GMT Broken retrieval invalidation Generated by NetCache/3.4D3@www-cache.freeserve.net:8080

Non standard HTML, broken Javascript & Guestbook

[Carl]

Great site. I get Javascript errors. The page doesn't render correctly in Netscape. And you cannot sign the guestbook to tell them about it. Duh!

no way

[Darksky]

there's no way bill knew about this one in advance, he's too smart for that. someone (or someones) at microsoft are in big trouble...
Jar Jar would say:"People in Redmond gonna fry??"

l0pht...

[Hard_Code]

Well, I got:

"JavaScript error: Type 'javascript:' into Location for details"

so I had to read the source (yay) to figure out what they were saying.

But anyway...I would think l0pht is all over this already...is it? do they know/care?

Re:l0pht...

But anyway...I would think l0pht is all over this already...is it? do they know/care?

Why would they (or anyone) bother?

Real-world security is not based on an MS-tuned, heavily scrutinized box like that. I'm sure MS has a 24-hour manned packet analyzer on it. At least. Why show MS the tricks of the trade?

Real-world security is based on how easy it is for Admins to screw up the configuration. Or unwittingly add back doors (such as by installing Front Page Server Extensions).

Better to wait until they unleash it on corporate america...

Re:Anti-Microsoft for no good reason?

[matthewmccoy]

I'm going to agree with you that Microsoft doesn't need to be critisized on this. I think that Microsoft is just like any company, they want to get bigger and bigger, richer and richer. I'm not necessarily a Pro-Microsoft Person, but as I posted in another article, previously, Microsoft built itself up to where it is today; some tactics that they used weren't of best ethics, but they built themselves up.

I think that Microsoft has been somewhat been trying to improve their quality, I mean, finaly in Win95 they successfully (well partially) mimiced Mac OS. Microsoft is working on it, and someday, probably by the year 3000 they'll get it right.

response from msscoff site

this is all I got when I used Mozilla 4.61 to attach via http: "Logon failure: user not allowed to log on to this computer."

IMHO, it's not worth our time to debug their software (can't they afford to do it themselves?!)

stormkeeper@softhome.net

DNS Cache Poisoning?

Is the DNS just broken or has someone been doing DNS cache poisoning to "exploit" the site's reliance on DNS?

Re:DNS Cache Poisoning?

[Fr05t]

Is it still dead? There is something kinda weird about this shiet. Earlier I was portscanning it and it wasnt finding anything open (not even port 80) but the server seemed to be up when I would go to it in my browser, and when I was pinging it :/

Finally!

*Finally* someone who sees this as something other than some evil Plot by microsoft to lock out netscape users and force everyone to use IE. Netscape isn't the perfect browser, people, and neither is it the standard-maker for HTML.

The reason the formatting is way off in NS is because it doesn't do CSS as well as IE (though IE has a bunch o' problems too -- check out www.webstandards.org )

But microsoft (or whoever wrote that page) is in the wrong: they should have tested it cross-browser just like every other web designer in the world. Isn't FrontPage2000 supposed to have auto cross-browser testing features? ;)

I hope their policy to "eat their own dog food" (Re: http://www.microsoft.com/backstage/solutions.htm )doesn't forbid them to use competitors' products!

DoS attack

[javac]

They might think the /. effect is a DOS attack from some "Hacker" group. I think that would be very funny.

Microsoft Press Release

Microsoft Win2000 server withstands cracker attempts. Though there was a small kernel fault due to a massive DoS attack from a well organized group of malicious crackers.

Ha, Ha

geach

Re:DoS attack

[belphegore]

What exactly is a "small" kernel fault? Did only the TCP stack crash? Perhaps only half the screen turned blue with hex numbers on it?

I get "Login Failure"

When I hit the named sites I get "Login failure: User not allowed to log into this computer."

So Windows 2000 is secure... as long as you don't run any services on the system. You know what makes your system even MORE secure? Pulling the power plug out of the back.

Scroll Down

[Bob9113]

If you are using Netscape, scroll down to read the text on each page. Begs the question of how you hope to crack a high security system if you can't even work the scroll bar, haha.

Hacking M$

I want to work for M$, hehe
For free!!

Why bother?!?

[ottffssent]

Crack this site!?! Why? It's already broken. Go check out the page with the rules on it. It looks to me like the page begins with a footer, followed by the begining of the page. Also, the javascript is broken.

(from Netscape 4.5) JavaScript Error:
http://www.windows2000test.com/ground_rules.htm, line 91:

Windows is not defined. (end Netscape)

I'm sure many of us wish that were true!

Despite deficiencies in the HTML, microsoft is to be commended for their effort to solicit outside assistance, and beaten over the head with a dead cow for too little, too late. If win2k is anything like the rest of the MS products we know and love, it'll take a damn sight longer than 5 months to fix it, regardless of how much we help them.

On a related note, why do we care? Idea for next poll: who cares about win2k? I don't. My computer's coming in a few months, and it won't ever have windows-anything on it. I certainly don't want win2k. If I ever did put windows on it, it'd be win95 so I don't have to bother with all the shit M$ lumped into 98 and is sure to include with 2000.

Well, that was supposed to be somewhat well-reasoned and insightful, and it turned into a rant. Oh well...I feel better now, and thanks for reading it:)

Long live the penguin!

Is this based on a build they sent out to testers?

Or based on an internal build, they arent totally clear about it. They just say its the latest beta.

Re:Thoughts from a grey-hat - this is SO right

[arthurs_sidekick]

You said it. Anybody reading this far: don't give 'em the ammo.

Already broken.

[kanaka]

All I get now is: Logon failure: user not allowed to log on to this computer. Guess that's a hidden message. Whooo Hoooo.

Re:The site will remain uncrackable...

SfB

Look at the following really carefully

root@nessus src]# nmap -sT -P0 -o ./windows2000.txt -v -e ppp0 207.46.171.196

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Initiating TCP connect() scan against (207.46.171.196)
Adding TCP port 56 (state Firewalled).

Re:Anti-Microsoft for no good reason?

A good response by the cracker community
would be to attack a private copy of W2K in
secret and wait for Microsoft to claim
victory over crackers. Even better would
be to attack Microsoft's development
facility, liberate a copy of the source
and post the *fix* to a couple security
holes. (GPL'd of course... ;)

Now THAT would be funny. And M$ wouldn't be able to use the fix due to viral infection of the legal kind.

Stupid Question

how easy can it be to crack into a machine that is being gaurded by a firewall?

I am new to this so I do not understand everything

Re:Stupid Question

[Wastl]

If it's a good firewall it is almost impossible, as only connections are going through to this server where they think that they are secure. All others are already blocked at the firewall server.

The only possibility would be to first crack the firewall server which is certainly very well guarded.

For more information about such topics see the Network Administrators Guide of the Linux Documentation Project or the book "Unix and Internet Security".

Sebastian

Hummm.....

[ninoloco]

They /didn't/ say "don't slashdot us"
:: insert laughter ::

and why I can not..

[Axe]

.$ /usr/sbin/traceroute 207.46.175.252
traceroute to 207.46.175.252 (207.46.175.252), 30 hops max, 40 byte packets
... ...
6 BR1.PSK1.Alter.net (192.157.69.60) 79.138 ms 83.704 ms *
7 Hssi0-1-0.hr1.nyc1.ALTER.NET (137.39.100.2) 84.881 ms 81.848 ms 82.168 ms 8 101.ATM3-0.XR2.NYC1.ALTER.NET (146.188.177.82) 82.139 ms 93.160 ms 81.376 ms
9 294.ATM3-0.TR2.EWR1.ALTER.NET (146.188.178.238) 85.732 ms 81.151 ms 73.022 ms
10 105.ATM6-0.TR2.SEA1.ALTER.NET (146.188.137.78) 97.771 ms 95.332 ms 97.509 ms
11 298.ATM7-0.XR2.SEA1.ALTER.NET (146.188.200.125) 99.304 ms * 96.855 ms
12 194.ATM3-0.GW3.SEA1.ALTER.NET (146.188.201.29) 119.292 ms 96.889 ms 99.457 ms
13 157.130.177.154 (157.130.177.154) 98.660 ms 95.782 ms *
14 207.46.190.82 (207.46.190.82) 822.081 ms 145.652 ms 143.130 ms
15 iuscb11ixc7501-a1-00-1.cp.msft.net (207.46.129.135) 148.169 ms 159.827 ms
152.966 ms
16 * iusdmsnbcc7201-a2-0-2.cp.msft.net (207.46.168.67) 160.550 ms 154.572 ms
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Why would MS steal a single-threaded IP stack?

Why would Microsoft steal Linux's single-threaded, non-scaling TCP/IP stack? I'm sure Microsoft has a native, multi-threaded TCP/IP stack for NT. I did hear a rumor (started by Alan Cox!) that NT5's TCP fingerprints looked like FreeBSD/NetBSD. He implied that Microsoft could have borrowed (under the BSD license) the FreeBSD/NetBSD TCP/IP stack.

Re:Why would MS steal a single-threaded IP stack?

[sonoffreak]

Under a Queso remote OS detect (through nmap) I came up with Linux 2.0.32-34. Forget legal BSD liscense. They ganked a sad IP stack illegally if you ask me. Not like anyone could get their hands on Win2K source to prove anything anyway.

hmmm

Articles:Microsoft /asks/ "Crack this machine"
faq
code
awards
privacy
slashNET
older stuff
rob's page
preferences
andover.net
submit story
advertising
supporters
past polls
topics
about
jobs
hof

Sections
books
ask slashdot
features

"Microsoft /asks/ "Crack this machine"" | Login/Create an Account |
Top | 504 comments | 238 siblings
Threshold: -1: 504 comments0: 499 comments1: 344 comments2: 54
comments3: 19 comments4: 5 comments5: 2 comments FlatNestedNo
CommentsThreaded Highest Scores FirstNewest FirstNewest First
(Ignore Threads)Oldest FirstOldest First (Ignore Threads)
The Fine Print: The following comments are owned by whoever posted
them. Slashdot is not responsible for what they say.
( We can't even spell bayta!)
(1 ) | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 (Slashdot Overload:
CommentLimit 25)
Muhahhahha
by miahrogers (m1i2a3h4r5o6g7e8r9s@excite.com) on Tuesday August 03,
@11:38AM EDT (#1)
(User Info)
they better hope that site ain't networked to anyother microsoft
sites... MUhahahahhahaha
/.firstpost if i get it!!
"Windows leads to anger, anger leads to hate, hate leads to LINUX."
to email me remove all numbers from my email address.
[ Reply to This | Parent ]


Re:Muhahhahha (Score:1)
by Synic (synic@linuxfreak.com) on Tuesday August 03, @12:42PM EDT
(#126)
(User Info) http://www.lanparty.com

why the hell is this "Score:1"?
I thought filters were for removing first post and flaming garbage.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @12:54PM EDT (#153)

Posts made by people who aren't anonymous default to score:1.
*sigh*

[ Reply to This | Parent ]

DoS attacks "don't count"? FU! ping -s 65000 -f...
by Anonymous Coward on Tuesday August 03, @01:49PM EDT (#260)

What is this DoS attacks don't count bullshit. Dead servers is dead
servers. And no I don't just mean while the DoS attack is happening,
I mean if it causes the server to lock up or crash and stay that way
when the DoS attack ceases, then that's a successful crack. But we
can't test that unless we try! Or will MS sue me for cracking?

Not allowed indeed. Pffft!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @01:55PM EDT (#271)

Of course ping -s will make it unavailable, knob. And hence prevent
any _Real_ attacks, which is what they're looking for. They can
easily test flood attacks on their own.

Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Duh.

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @02:16PM EDT (#311)

>Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Well, one could flood it with http requests which WOULD get through
a firewall. An indefensable DoS attack. And if you play with the
source IP addresses, the software won't know they're all coming from
the same location. Come to think about. I'm describing the /.
effect!

> Duh.

Indeed!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @04:06PM EDT (#374)

HAHAHAHAH

For that reason alone (/. effect), I have a feeling that they didn't
know what they were getting into when they
did this.

Is this for real?

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @03:56PM EDT (#365)

What they said is that attacks using lots of packets don't count. If
you can find a DoS which doesn't involve flooding the machine, that
would be a valid attack according to the rules as described.

The worst DoS attacks aren't flood attacks,
but attacks which use significantly less resources for the attacker
than the target host. Excluding floods is appropriate.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @02:44PM EDT (#333)

The site is already down...I can't access it from my machine.

...huh, Microsoft sucks

[ Reply to This | Parent ]

This can be a force for good... (Score:1)
by Bill the Cat on Tuesday August 03, @11:39AM EDT (#2)
(User Info)
If MS provides detailed info about successful attacks, and uses the
info to improve Win2K. Of course, can we trust the info that comes
from their corporate mouthpieces?

[ Reply to This | Parent ]


Re:This can be a force for good... (Score:1)
by sraasch on Tuesday August 03, @01:02PM EDT (#174)
(User Info)
Does this sound a little "open source-y" to anybody else? I thought
M$ didn't care for the concept!

[ Reply to This | Parent ]

I prefer "Corporate Piehole"
by Anonymous Coward on Tuesday August 03, @01:43PM EDT (#251)

Describes their function better.

[ Reply to This | Parent ]

Javascript Dies in Netscape (Score:2, Informative)
by ChiefArcher (brian@NOSPAM-REMOVE.gannon.com) on Tuesday August
03, @11:39AM EDT (#3)
(User Info) http://brian.gannon.com

I guess that want to leave the UNIX crackers out of this...
Javascript dies in Netscape for me..
=(

Anyone else experience this?

Chief Archer

[ Reply to This | Parent ]


Re:Javascript Dies in Netscape (Score:1)
by Bob9113 on Tuesday August 03, @11:43AM EDT (#11)
(User Info)
yup, is not Netscape compatible.

Funny $hit.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zantispam (zantispam@netscape.net) on Tuesday August 03, @12:29PM
EDT (#104)
(User Info)
Well, that's the point of the Almighty JScript bastardization.

M$ products are just broken. Especially the products they Embraced
and Extended(JavaScript, Java, DOS, Windows)

--Please note: Half of this post is hyperbole and sarcasm.





--Jedi Hacker (Apprentice) and Code Poet
[ Reply to This | Parent ]

Javascript error "Windows is not defined" (!) (Score:2)
by Sun Tzu on Tuesday August 03, @01:29PM EDT (#226)
(User Info) http://www.tfn.net/~yeargin/art01.html

Running Netscape from my Solaris 7 Sun 10, that is what I get. It
turns out to be an error. And I thought it was a congratulatory
message! ;)

StarshipTraders.com goes into open beta!
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:2, Funny)
by Anonymous Coward on Tuesday August 03, @11:44AM EDT (#19)

I run linux and I'm gonna hack it. And when the interview me for the
article, I will use the word hack just to piss you off.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:28PM EDT (#353)

When you crack it, please do everyone a favor and make the damn
think Lynx/Netscape compliant.

many thanks

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:48AM EDT (#26)

Confirmed.
I'm using Njetscape 4.61 on a Slowlaris. Died on
me too. The guy who wrote that piece of crap
should be shot or at least get fired.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Syslevel on Tuesday August 03, @01:16PM EDT (#206)
(User Info)
They can't fire the guy who wrote Netscape.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by mistabobdobalina (samedi@disinfo.SPAM.net) on Tuesday August 03,
@04:17PM EDT (#387)
(User Info)
heh...i think he meant the guy who wrote the ms page. funny comment
anyway...
-- your knees hurt, don't they?
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:49AM EDT (#29)

Yes. It's almost funny, but not quite.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1, Insightful)
by Anonymous Coward on Tuesday August 03, @11:52AM EDT (#36)

Bleh.... don't worry about viewing the pages in a fancy browser/html
format. Just go to the page. Get the error. Hit Ok. Then view the
page source. Then you can read the entire page, and begin your
cracking.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by The Silicon Sorceror (silsor@xoommail.com) on Tuesday August 03,
@11:54AM EDT (#42)
(User Info) http://members.xoom.com/_XOOM/silsor/index.html

I got a Javascript error for Win32 Netscape, too. Interestingly
enough, the site works perfectly under Internet Explorer.

Get a frigging STANDARD!!!

~ Give me 101 plastic soldiers, and I will conquer the world.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by panZ (panz@no_SPAM_@hal.calpoly.edu) on Tuesday August 03,
@06:14PM EDT (#470)
(User Info)
>Get a frigging STANDARD!!!

This is hardly an accident or problem with standards. Its not even
breaking news for that matter. Micro$ft is notorious for making all
of their web pages do quirky things to non-IE browsers. If I break
this thing, I'll post a simple html with links to d/l alternative
browsers and a heartfelt message to the micro$ofties. This server is
/. fodder. Maybe we can load it up with a copy of Stampede and issue
Winblows the autoboot & config command remotely. =)
--Let's hack root on 127.0.0.1 --panZ
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Romen (stobin#bates.edu) on Tuesday August 03, @11:54AM EDT (#43)
(User Info)
I'm currently running Windows (I hate my job) and it still gives me
Javascript errors. The most humorous one was "Windows not
recognized."


Romen

Romen
[ Reply to This | Parent ]

Re:Javascript Dies Period. (Score:1)
by D3 (dhenning@www.usda.gov) on Tuesday August 03, @11:55AM EDT
(#45)
(User Info)
It doesn't work with IE either. How lame!


"I'm sorry that we have to have a Washington presence. We thrived
during our first 16 years without any of this." -M$ Chairman Bill
Gates 1995
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@11:58AM EDT (#51)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work (please don't hurt me). For what its worth:

Netscape 4.08 (Mac) -- garbled mess

Explorer 4.5 (Mac) -- "as intended" (though not really much better
8^)

lynx -- as good as one can expect (at least it loads)

I spend a lot of time reworking sites so that they will at least
load in both major browsers... and I know I don't get paid nearly
what the "genius" who put this site up gets. I know I should get
around to learning the "new" DOM better, but my initial perusal
leads me to suspect that is the problem.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by javac (jbgeach@yahoo.com) on Tuesday August 03, @12:01PM EDT
(#57)
(User Info) http://southern.edu/~jbgeach

Well, as much as I hate to admit it, it works with IE4
geach

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @12:09PM EDT (#68)

It has a lot of CSS too which is probably confusing netscape 4.x a
lot.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by llzackll on Tuesday August 03, @12:11PM EDT (#71)
(User Info)
Hmm, Netscape 4.08 Navigator standalone doesnt die on this page, but
the text does appear in the wrong place, I have to scroll down a bit
to read it.

[ Reply to This | Parent ]

Mozilla works fine
by Anonymous Coward on Tuesday August 03, @12:15PM EDT (#78)

Mozilla works fine

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Laner on Tuesday August 03, @12:16PM EDT (#84)
(User Info)
Hey, it's not Microsoft's fault that Netscape is at least two years
behind the times when it comes to DHTML/CSS/XML.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by aidoneus (aidoneus1976@hotmail.com) on Tuesday August 03,
@12:16PM EDT (#86)
(User Info)
http://www.cartoonnetwork.com/spaceghost/cod/brak/ index.html

And yet another wrinkle...
Just for kicks (and to see the type of damage it would do to my
system here at work... tee hee) I decided to try it in Mozilla,
specifically build 1999071417 and guess what...
It works, flawlessly at that. Funny when I rebooted and tried it in
NT using IE4.0 it couldn't even do that.
Any ideas as to what the devil is going on?

Now I just need to see if I can break into it, play with some bios
settings, and hoping the machine has a softbios, just adjust the
voltage to the cpu...

consider it payback for my monitor exploding.
(and yes, I am just kidding around about the voltage settings to the
CPU. the monitor is a whole other story though...)

-j

"Never trust a monkey." -Brak
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by KevCo (kbecker@mediaone.net) on Tuesday August 03, @12:32PM EDT
(#109)
(User Info) http://kevco.cx

It dies for me in Communicator 4.6 under windows too. But if I
scroll down past the screwed up crap, the content is still visible.

[ Reply to This | Parent ]

FIXME: I am a braindead moderator
by Anonymous Coward on Tuesday August 03, @12:44PM EDT (#129)

Sorry for that 'Offtopic' setting. Stupid browser saved the form
contents when I pressed 'Back'.

Would a *real* moderator please fix my stupid mistake?

Please excuse my stupidity.

[ Reply to This | Parent ]

Re:FIXME: I am a braindead moderator (Score:1)
by Dwonis (dlitz[IBoycottSpam]@cheerful[spamsucks].com) on Tuesday
August 03, @12:58PM EDT (#165)
(User Info) http://members.tripod.com/~DLitzPower/

You also didn't know that posting a message as yourself instead of
an AC would have caused your moderations to be removed.

Now you do.
--------
"I already have all the latest software."
-- Laura Winslow, "Family Matters"
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Informative)
by theCoder (minster@expert.cc.purdue.edu) on Tuesday August 03,
@12:55PM EDT (#160)
(User Info)
I don't have a copy of Netscape here (I'm at work), so I can't
confirm this, but in looking at the source code I would suspect that
Netscape is dying in the function "done()" at line 89. That function
tries to access the object "Windows" which seems to be a DIV
declared on line 96. This function is being executed from the
"onload" attribute of the BODY tag on line 55.

It seems that netscape is trying to execute this function before
loading the DIV, while IE (and Mozilla) has either loaded it already
or scanned the file to find that object.

As for what is correct in this situation, it would have to depend on
when the "onload" function should be called -- before the page is
fully loaded or after. IMHO, I'd probably have to say that IE and
Mozilla are probably doing it right (no error vs. error).

I don't know why there is a spacing problem in Netscape (but I
wouldn't be too surprised if it's intentional). Anybody know if
Netscape or IE is interpreting the HTML "wrong" (please don't define
"right" as what netscape does -- define it as you'd expect a browser
to behave)?


[ Reply to This | Parent ]

Finally!
by Anonymous Coward on Tuesday August 03, @03:35PM EDT (#356)

*Finally* someone who sees this as something other than some evil
Plot by microsoft to lock out netscape users and force everyone to
use IE. Netscape isn't the perfect browser, people, and neither is
it the standard-maker for HTML.

The reason the formatting is way off in NS is because it doesn't do
CSS as well as IE (though IE has a bunch o' problems too -- check
out www.webstandards.org )

But microsoft (or whoever wrote that page) is in the wrong: they
should have tested it cross-browser just like every other web
designer in the world. Isn't FrontPage2000 supposed to have auto
cross-browser testing features? ;)

I hope their policy to "eat their own dog food" (Re:
http://www.microsoft.com/backstage/solutions.htm )doesn't forbid
them to use competitors' products!

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zaw (Zaw_nospam@netscape.net) on Tuesday August 03, @06:45PM EDT
(#483)
(User Info) http://members.home.com/zaw/



Hmm.. MSHTML , I can't find that any where on W3C.

[ Reply to This | Parent ]

Works fine in IE - Hello? DOJ?
by Anonymous Coward on Tuesday August 03, @01:11PM EDT (#194)

Yet another attempt to squash competition by producing pages that
can only be used by their proprietory browser and not Netscape's. I
certainly hope the DOJ is taking note of this - little actions like
this illuminate the inner philosophy of Microsoft...

Long Live Netscape (even if it IS owned by AOL)

[ Reply to This | Parent ]

Hello? Are YOU THERE???
by Anonymous Coward on Tuesday August 03, @02:19PM EDT (#316)

Proprietory indeed.

1:The word is proprietary.
2:Netscape, in this case, is the proprietary one. If Netscape had
properly honored true DHTML, and the W3C approved DOM, your browser
wouldn't have flinched at that page.

Why don't you just change your SIG to:

"Long Live Netscape and all their proprietary standards"

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:22PM EDT (#216)

Sad thing is, I'm not quite sure if this was intentional. Look at
this tag:

FONT face="Verdana, Arial, Helvetica" size=1

Isn't Arial what Windows calls Helvetica? I'm starting to wonder if
the "poor" saps just don't know any better...

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:33PM EDT (#232)

It's called 'cross-platform'. It's so Macs will recognize the font.
(still known there as Helvetica)

Major fonts have been ripped off by every major foundry and been
renamed. Some have over 10 iterations.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@02:10PM EDT (#303)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.). However, the two are close
enough to be used interchangeably across platform. (Of course, since
I have Arial on my Mac and most PCs don't have Helvetica, I tend to
avoid Helvetica like the plague and stick with Arial.)

A larger issue here is the use of . I was skeptical at first, but
the advantages of CSS over the FACE attribute far outweigh the
drawbacks. I seem to remember it was M$ that had a hand in
developing the tag, though I know Netscape was no less responsible.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:12PM EDT (#342)

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.).
Helvetica is owned by Adobe (or someone) so a replacement for it has
to be different.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by ZenBoy on Tuesday August 03, @01:41PM EDT (#247)
(User Info) http://www.geocities.com/BourbonStreet/9979

When I open it, Javascript dies, and when I do get it to open (IN IE
5) when I click on the guest book, I'm magically whisked to
freebsd.org. I think somebuddy may have phuct it already.
-Zen I'm gonna make the _world_ my bitch.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Funny)
by dattaway (dattaway@attaway.org) on Tuesday August 03, @04:24PM
EDT (#397)
(User Info) http://attaway.org

I won! Where's my prize? I broke its Java! I couldn't even see the
rules, now what were they? Microsoft can't seem to write HTML worth
a damn.

[ Reply to This | Parent ]

bfs (Score:0, Offtopic)
by Anonymous Coward on Tuesday August 03, @11:40AM EDT (#4)

bfs

[ Reply to This | Parent ]


Re:bfs
by Anonymous Coward on Tuesday August 03, @05:29PM EDT (#451)

as in Be File System? wtf?

[ Reply to This | Parent ]

Netscape (Score:1)
by Roofus (roofus@psu DOT edu) on Tuesday August 03, @11:40AM EDT
(#5)
(User Info) http://www.csoft.net/~roofus/finger.html

Great, they can't even create a site that works with Navigator 4.0


-= Confucious say: Moo =-
[ Reply to This | Parent ]


Re:Netscape (Score:1)
by cemerson on Tuesday August 03, @11:55AM EDT (#46)
(User Info) http://chiark.greenend.org.uk/~cemerson/

It works for me in Netscape 4.08 and Mozilla M8.

Of course I keep Java and Javascript disabled. Solves more problems
than it creates.

Chris

[ Reply to This | Parent ]

Re:Netscape (Score:1)
by snow dog (tom.main@nospam.fnmail.com) on Tuesday August 03,
@01:08PM EDT (#190)
(User Info) http://www-cor-pmf.web.boeing.com

I get a javascript error on communicator 4.6....
One person's error is another person's data.
[ Reply to This | Parent ]

heh (Score:1)
by galore (ian@wehrman.com) on Tuesday August 03, @11:41AM EDT (#6)
(User Info) http://ian.wehrman.com/

i get a javascript error when i try to view this site... when i look
at the javascript console in netscape, all it tells me is "Windows
is not defined." how true it is.

later,
ian

[ Reply to This | Parent ]


Re:heh
by Anonymous Coward on Tuesday August 03, @12:52PM EDT (#150)

yeah, me too. Mebbe somebody already cracked it & they just never
'fixed' it :)

[ Reply to This | Parent ]

First Comment (Score:-1, Troll)
by Anonymous Coward on Tuesday August 03, @11:41AM EDT (#7)

Go get it guys


[ Reply to This | Parent ]

Real security for 2000 and beyond? (Score:1)
by Pauly on Tuesday August 03, @11:42AM EDT (#8)
(User Info)
If it can withstand /. effect, I'll be impressed.

//Pauly

[ Reply to This | Parent ]


Real Security for 2600 and beyond!
by Anonymous Coward on Tuesday August 03, @12:20PM EDT (#92)

:)


[ Reply to This | Parent ]

Re:Real security for 2000 and beyond?
by Anonymous Coward on Tuesday August 03, @12:39PM EDT (#121)

It seems to be cruising right along for me.
Are you impressed yet ?

[ Reply to This | Parent ]

Nope /.'d (Score:1)
by just someone on Tuesday August 03, @01:50PM EDT (#261)
(User Info)
(Some router loops happening and when I did hit the server in the
'appropriate" browser)

The page cannot be displayed
There is a problem with the page you are trying to reach and it
cannot be displayed.

-------------------------------------------------- ------------------------------


Please try the following:

Open the www.windows2000test.com home page, and then look for links
to the information you want.
Click the Refresh button, or try again later.

Click Search to look for information on the Internet.
You can also see a list of related sites.




HTTP 500 - Internal server error
Internet Explorer


[ Reply to This | Parent ]

And Confused (Score:1)
by just someone on Tuesday August 03, @01:58PM EDT (#276)
(User Info)
Actual message returned in netscape:

Logon failure: user not allowed to log on to this computer.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2, Funny)
by BuBu_ on Tuesday August 03, @02:20PM EDT (#318)
(User Info)
The Slashdot effect? What are you planning to do? get a bunch of
your friends around then go and flame the hell out of them? By
saying something like "YOUR 0S SUCKS! USE LINUX WOOOOOOO!" Yeah,
great idea.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2)
by MindStalker (johnlar@tfn.spam.net) on Tuesday August 03, @03:56PM
EDT (#366)
(User Info) http://www.tfn.net/~johnlar/index.html

Obviously your a new user here, or just haven't been paying
attention. The slashdot effect, is a semi-natural phenomenon, in
which a article/url is posted on slashdot that everyone wants to
checkout/read. The server holding that article is generally not
prepared for an increase in hits of several thousand people within
an hours time, crashing the server. The server is then known as
being slashdotted. Every once in a while even slashdot gets
slashdotted, when other news agencies link to slashdot, but in
general the effect is named after slashdot as we tend to create such
an effect more often than most other news sites.
~A nerd is someone whose life revolved around computers and
technology. A geek is someone whose life revolves around computers
and technology, and likes it
[ Reply to This | Parent ]

...And Thar she Goes...
by Anonymous Coward on Tuesday August 03, @04:12PM EDT (#381)

I tried to go to the site, to no avail...it was /.'ed...no response
from the server. Glad to see the future is so rosy...for REAL OS's

[ Reply to This | Parent ]

Machine messed up already? (Score:1)
by elvum (sj@nospam.post1.com (remove trap)) on Tuesday August 03,
@11:42AM EDT (#9)
(User Info) http://www.post1.com/~round

Is it just me, or have hackers* already messed up the javascript
front-end? Neither Netscape 4 nor IE3 seem to like it. Or is it just
that the only hackers Microsoft want to attract are those that use
the latest version of IE ?!?!?

*or incompetent Microsoft employees


[ Reply to This | Parent ]


Re:Machine messed up already? (Score:1)
by cswiii on Tuesday August 03, @12:02PM EDT (#58)
(User Info) http://wiw.org/~corey/

:is it just me, or have hackers* already messed up
:
:*or incompetent Microsoft employees

hey, we already have enough problems with people equating hackers ==
crackers. let's not start equating M$ Employees with hackers, as
well... :)

[ Reply to This | Parent ]

Re:Machine messed up already?
by Anonymous Coward on Tuesday August 03, @07:02PM EDT (#494)

or equating hackers with wanna-be SLASHDOTTERS who don't know shit
about code, but love to use the M$ acronym for Microsoft.

y0r c00l d00d

[ Reply to This | Parent ]

Smart move for Microsoft (Score:4, Informative)
by EngrBohn (cbohn@ieee.org) on Tuesday August 03, @11:42AM EDT
(#10)
(User Info) http://members.aol.com/EngrBohn/

Two possible outcomes:
- Nothing breaks it, and this becomes a marketing high-point for
Microsoft - It gets broken, and Microsoft engineers now have solid
data (vice anecdotal) as to where the problems are. Especially if
this was compiled with the debug option switched on.
Christopher A. Bohn
Oooh! What does this button do!?
[ Reply to This | Parent ]


Re:Smart move for Microsoft (Score:2, Funny)
by Suydam (brian@SPAMR00LZ.rickjames.sapien.net) on Tuesday August
03, @11:49AM EDT (#28)
(User Info) http://rickjames.sapien.net/brian/virii/

YEP
Outcome 1 - nothing breaks it. THis would be a bad thing. Arrogance
and "we're unstoppable" would be their attitude.
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice.
You forgot Outcome 3 though - we break it. they deny it for 6 months
and then release a Service Pack that fixes the problem that "doesn't
exist". This seems the most likely to me.



GCS/IT d++$(-) s+: a- C+++$(++) UL+++$ P++++$ L+++ E--- W+++$ N+(-)
!o K? w--- O- M- V- PS+(++) PE Y+ PGP t+ 5 X++ R- tv b++ DI++ D++ G
e++ h-- r++ y++
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2, Interesting)
by vt@office on Tuesday August 03, @11:53AM EDT (#39)
(User Info)
Yes, but what about the case when noone (flexibly defined) CARES to
break it? Serious people have more important work to do rather than
break the thing which is broken by design...

OK, kids, now get away from appliances, we're gonna reboot the house
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:37PM EDT (#240)
(User Info)
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice


But Microsoft doesn't believe in choice, oh wait, yes they do,
"Workstation or Server edition?"



A Stronger W2K means that MS will be in a stronger position to push
their "Windows Everywhere" agenda


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:5, Insightful)
by Signal 11 (signal11ATmediaone.net?Subject=Slashdot comment) on
Tuesday August 03, @12:25PM EDT (#97)
(User Info) http://www.mediaone.net

No, there is another outcome. Nobody takes the challenge. Challenges
like this are generally dismissed in the security industry for a
variety of reasons. Some of them are as follows...

- Real Crackers aren't going to spend their time trying to get
caught on a high-profile site.
- Script kiddies don't have any scripts for the "new" OS yet.
- It's new - so of COURSE it's going to take time to find the
vulnerabilities. You think "one stunt, and that's it" is going to
fix all their problems? You're more naive than I thought.
- Past record. How long does Microsoft take to acknowledge, let
alone fix, the problems they find? W2K *will* have bugs. All major
programs have bugs. The question is - will they efficiently and
quickly inform their customers, and provide comprehensive support to
them - like the 4-color glossies they distribute say?
- Many vulnerabilities are discovered at the console - and by
looking at the source. It could be wide open, but you'd never know
that from a remote perspective. Breaking into a system you've never
seen or used remotely has about as much of a chance of success as me
getting away with being called Rob Malda in this post.

That's just what I can think of off the top of my head. Use your
imagination. And most importantly: dismiss yet another one of
Microsoft's tricks to get you to do their bidding. Clever Microsoft,
but I thought you'd have learned by now that the 'net dispels FUD
faster than a speeding salesman.

--
What goes up, must come down. Ask any system administrator.
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Amazing Proton Boy (joep@lainet.com) on Tuesday August 03,
@04:18PM EDT (#391)
(User Info) http://www.wgn.net/~joep

You are Rob Malda.


[ Reply to This | Parent ]

Another rigged contest...
by Anonymous Coward on Tuesday August 03, @04:31PM EDT (#407)

I have to agree with this.

Never mind that I can't even get an IP address for this hoax, from 2
different locations!


2%nslookup windows2000test.com
Server: localhost
Address: 127.0.0.1

*** localhost can't find www.windows2000test.com: Non-existent
host/domain



And... ???


No match for "WINDOWS2000TEST".




In any case, I fully expect the site to get /.'d anyway...

Hehe.




[ Reply to This | Parent ]

Re:Another rigged contest... (Score:1)
by DrAtomic on Tuesday August 03, @04:39PM EDT (#413)
(User Info)
I checked with internic because I thought that it was going to be a
hoax, but it looks like the domain name windows2000test.com is
registered to microsoft. I do know that the page is down right now,
so that might have something to do with what happened to you, but I
know that it is registered at least to someone at M$ (or someone who
knows a good deal of M$ info, like their street adress and stuff
like that).



[ Reply to This | Parent ]

Re:Another rigged contest...
by Anonymous Coward on Tuesday August 03, @05:54PM EDT (#458)

Or someone who looked up the domain registration for, say,
www.microsoft.com, and used their cut+paste skillz.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by !IH on Tuesday August 03, @12:46PM EDT (#133)
(User Info) http://www.stheno.demon.co.uk

Couple of points, some exploits don't work against a debug build
system, that do in release mode - ever tried to track down a bug
that was unreproducable when built in debug?

For another off the wall point, what if this is not actually running
w2k, but Linux, and MS use the Anti-Ms brigade, to poke hole in
Linux's default security?

One of the rules of engagement is that you have to tell them how you
did it, but it doesn't give a time limit on when you have to tell
them.


--
Exigo spamos et dona ferentes
[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @01:12PM EDT (#198)

PING www.windows2000test.com (207.46.171.196): 56 data bytes
64 bytes from 207.46.171.196: icmp_seq=0 ttl=113 time=781.0 ms

The TTL doesn't look quite linux'ish (only really ancient versions
of linux used 128 AFAIK).

But maybe I'm wrong.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by C.Lee on Tuesday August 03, @04:27PM EDT (#402)
(User Info)
4:21 pm on 8/3/1999...Microsoft's test WWW site seems to be deader
than 3-day-old roadkill and all's well...

[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @04:58PM EDT (#429)

Seems like network problem to me...
Tracerouting reveals that connection ends somewhere along
iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136), that is for me
atleast. Also other IPs belonging to same subnet are not responding.

[ Reply to This | Parent ]

Why would they do that?
by Anonymous Coward on Tuesday August 03, @01:30PM EDT (#227)


Microsoft sucks, we all know that, and they're evil. But come on,
why would they do that?

First off, there are many ways to detect if a machine is running
Linux. Granted, they could change a few things, but then they'd
likely break most all 'bugs' discovered.

Its relatively easy to setup a system which is statically configured
and running limited services to be secure. Its another thing
entirely building a production ready system, that can be installed
and configured by Joe Idiot, and still be reasonably secure.


[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:36PM EDT (#478)
(User Info)
Actualy, i've had situations where a weird bug would crop up, I'd go
to debug mode, and then *more* crash bugs would show up! I was
writing win32 code, and the code I had writen was exspecting
somthign to be done (initalizing the windows, etc) before it was
sure to be. In optimzed mode, it happend fast enough, and "out of
order" or somthing, and it worked fine
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Leapfrog on Tuesday August 03, @02:22PM EDT (#319)
(User Info) file:/dev/null

Looks like someone broke it. I keep getting this message:
Logon failure: user not allowed to log on to this computer.
It happens no matter what page I try to hit, even some really
obvious 404's. I guess we really showed 'em. Or something. Didn't
last very long, now did it?

"Fool! There is nothing Perl cannot do! NOTHING!" -Bastich
[ Reply to This | Parent ]

What an ugly site (Score:2)
by Gleef (gleef@capital.net) on Tuesday August 03, @11:43AM EDT
(#12)
(User Info) about:mozilla

To "show off Windows 2000", I would think they could do with a
better designed web page. I get about 250 pixels (vertically) of
broken-looking header, followed by about 800 pixels of whitespace,
followed by the actual text. I have to scroll down more than a
screenful just to read anything. And a Javascript error to boot. I
mean, if they still can't even design a competent website, what
makes them think they can design a whole OS?

[ Reply to This | Parent ]


Re:What an ugly site (Score:2, Funny)
by Bob-K (bobk@jump.com) on Tuesday August 03, @11:48AM EDT (#25)
(User Info)
Maybe the site is designed so you can only crack it using Internet
Explorer.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Kerg on Tuesday August 03, @12:47PM EDT (#140)
(User Info)
Or maybe somebody already cracked it, and they can't figure out how
to fix it?!

HA!


[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by IanO (iano AT canada DOT com) on Tuesday August 03, @11:58AM EDT
(#53)
(User Info) http://www.tomandian.com/

The page looked like that to me also so I decided to fire up IE...
well it's more like click and hope that it doesn't crash my machine
:) Not surprisingly the page looked just fine. It's nice to know
that these people don't have the brains to make their web pages
compliant for all browsers.

On a side note I've had IE running for almost five minutes now and
my machine hasn't crashed, although memory usage increased alot.

------
IanO

"It's what you learn after you know it all that counts." -- John
Wooden
[ Reply to This | Parent ]

Re:What an ugly site (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:42PM EDT (#249)
(User Info)
It's nice to know that these people don't have the brains to make
their web pages compliant for all browsers
Why would they? This is MS, to them there is only one browser. When
they released IE for Unix, they proclaimed, "Finally, a graphical
alternative to lynx!"


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:What an ugly site
by Anonymous Coward on Tuesday August 03, @11:58AM EDT (#55)

The site does look ugly under Netscape (Windows/Linux). It looks
fine under IE 5.0, though. I Acutually prefer IE 5.0 to Netscape for
browsing the web (which is one of the reasons I use use vmware). I
don't have very good vision, and most sites (in addition to
displaying properly) are also easier for me to read under IE, no
matter what font tricks I try with Netscape.

[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by boinger (boinger@tekhaus.net) on Tuesday August 03, @12:03PM EDT
(#60)
(User Info) http://ww4.choice.net/~boinger/

Most M$ sites are getting worse. Try looking at product comparisons
in the electronics section of sidewalk.com with a Netscape browser -
It /used/ to work fine, but they changed it to be /incorrectly/
tagged HTML in the tables. M$IE conveniently misinterprets it to
where it looks okay, whereas Netscape "reads" it properly, thus
producing a hideous page where you have to scroll sideways for
several screens between columns of text.
I still can't figure out why they'd do that. It's not like people
who use Netscape don't see the load of banner ads, too.
*sigh*

----------------------
It's too bad stupidity isn't painful"
- Anton Szandor LaVey
[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by Detritus on Tuesday August 03, @12:23PM EDT (#96)
(User Info)
The wizards at Microsoft don't even support older versions of
Internet Explorer. I've recently done several installations of
Windows NT 4.0 Workstation, which installs IE 2.0. Microsoft's web
site is totally non-functional with this browser. You would think
that they would make it easy to download and upgrade to IE 5.0. I
didn't have any trouble using IE 2.0 to download the latest version
of Netscape.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by stuntpope (robhb@nospam.dclink.com) on Tuesday August 03,
@12:12PM EDT (#72)
(User Info)
Doesn't work for me with Netscape 4.5, even with JavaScript turned
off. It does work in IE 4, but man it's ugly with the menu having
close to 0 margin width on the left margin. Where are the style
police when you need them?
Plus, in the guest book, a supposed member of the win2000 dev team
wrote to the Netscape complainers, "Netscape is not supposed to work
in here". Now isn't that just a wonderful attitude? Screw M$.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by TheMeld (msg2@NOSPAM.po.cwru.edu) on Tuesday August 03, @12:31PM
EDT (#108)
(User Info) http://cheetah.cwru.edu

And what's more, the javascript error message is:
Windows is not defined

HA HA HA HA!

-Matt
remove nospam for e-mail
[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Sunthalazar (jmeinel@NO.blue.weeg.uiowa.edu.SPAM) on Tuesday
August 03, @01:53PM EDT (#269)
(User Info)
I agree. I thought it was pretty great. I was going to post it as
well, but I'm glad I found someone else who did. =:->

[ Reply to This | Parent ]

javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @11:43AM EDT
(#13)
(User Info)
is anyone getting javascript errors using netscape 4.61 (windoze)? i
can't see the page and i am not going to load internet exploder to
see their challenge!!!


-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]


Re:javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:25PM EDT
(#99)
(User Info)
Okay I loaded Internet Exploder and read through the source....

SCRIPT language=Jscript --- that's M$ specific code

bgProperties=fixed --- m$ specific?

later in the code they have a section
for script language=javascript
---

I have no idea what this function is however Netscape doesn't like
it nor should it.

function done()
{
Windows.style.display = "";
}

Obviously this web site will only work in one browser! Ugh!

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

m$ comments about javascript problem (Score:3, Insightful)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:28PM EDT
(#102)
(User Info)
this was posted on their

message board

We have disabled the abilty of the Netscape browser to view our page
for specific reasons. Please do not flame the messege board with
comments pertaning to the inabilty to view the page in Netscape. Any
comments relating to this should be directed at the Webmaster in
charge of this page: jsmith@microsoft.com

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:2)
by dillon_rinker (dillonunderscorerinkerathotmaildotcom) on Tuesday
August 03, @12:57PM EDT (#162)
(User Info) http://www.21cs.com

...specific reasons...

Sounds more like high specific gravity to me...

[ Reply to This | Parent ]

Re:m$ comments about javascript problem
by Anonymous Coward on Tuesday August 03, @01:16PM EDT (#207)

or an absolut crock of shit

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:3, Funny)
by knuth (eknuth@unix.csbsju.edu) on Tuesday August 03, @02:57PM EDT
(#335)
(User Info) http://www.users.csbsju.edu/~eknuth/index.html

Top Ten Specific Reasons Why Only MSIE Users Can View Microsoft
Cracking Challenge
10. If you're doing lame browser detection, MSIE is fewer letters to
type than Netscape, Mozilla, or even Opera.
9. Similarly, "JScript" is shorter than "JavaScript".
8. AOL^H^H^HMicrosoft is the Internet.
7. We left our copy of FrontPage at the default settings. But don't
worry, it will all be fixed in FrontPage 2005.
6. We fear the mighty /. effect, and those fanatics wouldn't be
caught dead using Exploder.
5. VisualBasic is more powerful and efficient than C++.* Likewise,
Internet Explorer has that comforting familiar Microsoft Windows
interface, so you don't have to learn that arcane, complicated
Netscape setup.
4. You can't crack our powerful enterprise-level Microsoft(tm)
Windows(tm) server if you can't read the rules we made up, nanny
nanny boo boo.
3. We're weenies. We couldn't write "Hello world" in HTML, let alone
use scripting languages.
2. 3l337 hAx0r d0oDz swear by MSIE.**
And the number one reason why only MSIE users are permitted to view
the Microsoft cracking challenge is... drumroll, please...
1. Somehow the demo site was interfered with. Give me another
chance, your honor.
*Editor's note: Microsoft actually says this on another page.
**Editor's note: swear at, more likely.

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:1)
by Elminst (jdsmith.at.capital.net) on Tuesday August 03, @04:18PM
EDT (#392)
(User Info)
And if you believe that was a genuine Microsoft post, I have a
bridge in brooklyn i can sell ya cheap.

All posts from microsoft are titled as the mcrosotf W2K team and
there city, state and country are clearly listed under the message.
This message has no city, state or country.
And why, after initially presenting themselves as a team, would they
give you a specific email address to send problems to. ESPECIALLY
after giving the specific email to send problems to in several
places throughout the site?
jsmith? yeesh at least try to be original in comnig up with an email
address next time.

[ Reply to This | Parent ]

That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:45PM EDT (#484)
(User Info)
If they wanted to disable Netscape, they could have just set some
settings in the browser, to block all incoming HTTP reqests comming
from any kind of mozilla

I think the "spesific reasons" that they talk about is the fact that
they screwed up, and are stupid.

Typical "it's not a bug, its a feature" thinking.

plus some people are saying it dosn't work right in IE ether...
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:47PM EDT (#486)
(User Info)
(also, I dont' think this is real....)
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:javascript errors? (Score:1)
by Breakdown on Tuesday August 03, @12:33PM EDT (#112)
(User Info)
You are right, the function done seems to only be written for the
way IE handles stylesheets. The Netscape code seems to be absent.
My guess is that the page was created in Frontpage...

[ Reply to This | Parent ]

who cares? (Score:0, Troll)
by mdillon (moc.demdnats@nollidm) on Tuesday August 03, @11:43AM EDT
(#14)
(User Info)
why should anyone want to help micro$oft audit the security of
win2k? wait till we can get a copy of it, then we'll start looking
for security holes. this is just microsoft trying to use the anti-ms
sentiments of crackers to get free auditing. screw them.

[ Reply to This | Parent ]


Hypocrite!!
by Anonymous Coward on Tuesday August 03, @01:09PM EDT (#191)

You bunch of hypocrites! You scream about how crappy MS's software
is then you refuse to "help" them improve them. You guys don't hate
MS because of it's software quality, you hate them because they're
MS. Be honest with yourselves here, if you hate them because they're
MS, then you're a biggot; if you hate them because of they're
software quality, help them out; if you hate them because of their
business practices, well...that's a judgement call.

PS. I work at MS but love Linux...I use the best tool

Re:hmmm

Articles:Microsoft /asks/ "Crack this machine"
faq
code
awards
privacy
slashNET
older stuff
rob's page
preferences
andover.net
submit story
advertising
supporters
past polls
topics
about
jobs
hof

Sections
books
ask slashdot
features

"Microsoft /asks/ "Crack this machine"" | Login/Create an Account |
Top | 504 comments | 238 siblings
Threshold: -1: 504 comments0: 499 comments1: 344 comments2: 54
comments3: 19 comments4: 5 comments5: 2 comments FlatNestedNo
CommentsThreaded Highest Scores FirstNewest FirstNewest First
(Ignore Threads)Oldest FirstOldest First (Ignore Threads)
The Fine Print: The following comments are owned by whoever posted
them. Slashdot is not responsible for what they say.
( We can't even spell bayta!)
(1 ) | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 (Slashdot Overload:
CommentLimit 25)
Muhahhahha
by miahrogers (m1i2a3h4r5o6g7e8r9s@excite.com) on Tuesday August 03,
@11:38AM EDT (#1)
(User Info)
they better hope that site ain't networked to anyother microsoft
sites... MUhahahahhahaha
/.firstpost if i get it!!
"Windows leads to anger, anger leads to hate, hate leads to LINUX."
to email me remove all numbers from my email address.
[ Reply to This | Parent ]


Re:Muhahhahha (Score:1)
by Synic (synic@linuxfreak.com) on Tuesday August 03, @12:42PM EDT
(#126)
(User Info) http://www.lanparty.com

why the hell is this "Score:1"?
I thought filters were for removing first post and flaming garbage.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @12:54PM EDT (#153)

Posts made by people who aren't anonymous default to score:1.
*sigh*

[ Reply to This | Parent ]

DoS attacks "don't count"? FU! ping -s 65000 -f...
by Anonymous Coward on Tuesday August 03, @01:49PM EDT (#260)

What is this DoS attacks don't count bullshit. Dead servers is dead
servers. And no I don't just mean while the DoS attack is happening,
I mean if it causes the server to lock up or crash and stay that way
when the DoS attack ceases, then that's a successful crack. But we
can't test that unless we try! Or will MS sue me for cracking?

Not allowed indeed. Pffft!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @01:55PM EDT (#271)

Of course ping -s will make it unavailable, knob. And hence prevent
any _Real_ attacks, which is what they're looking for. They can
easily test flood attacks on their own.

Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Duh.

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @02:16PM EDT (#311)

>Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Well, one could flood it with http requests which WOULD get through
a firewall. An indefensable DoS attack. And if you play with the
source IP addresses, the software won't know they're all coming from
the same location. Come to think about. I'm describing the /.
effect!

> Duh.

Indeed!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @04:06PM EDT (#374)

HAHAHAHAH

For that reason alone (/. effect), I have a feeling that they didn't
know what they were getting into when they
did this.

Is this for real?

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @03:56PM EDT (#365)

What they said is that attacks using lots of packets don't count. If
you can find a DoS which doesn't involve flooding the machine, that
would be a valid attack according to the rules as described.

The worst DoS attacks aren't flood attacks,
but attacks which use significantly less resources for the attacker
than the target host. Excluding floods is appropriate.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @02:44PM EDT (#333)

The site is already down...I can't access it from my machine.

...huh, Microsoft sucks

[ Reply to This | Parent ]

This can be a force for good... (Score:1)
by Bill the Cat on Tuesday August 03, @11:39AM EDT (#2)
(User Info)
If MS provides detailed info about successful attacks, and uses the
info to improve Win2K. Of course, can we trust the info that comes
from their corporate mouthpieces?

[ Reply to This | Parent ]


Re:This can be a force for good... (Score:1)
by sraasch on Tuesday August 03, @01:02PM EDT (#174)
(User Info)
Does this sound a little "open source-y" to anybody else? I thought
M$ didn't care for the concept!

[ Reply to This | Parent ]

I prefer "Corporate Piehole"
by Anonymous Coward on Tuesday August 03, @01:43PM EDT (#251)

Describes their function better.

[ Reply to This | Parent ]

Javascript Dies in Netscape (Score:2, Informative)
by ChiefArcher (brian@NOSPAM-REMOVE.gannon.com) on Tuesday August
03, @11:39AM EDT (#3)
(User Info) http://brian.gannon.com

I guess that want to leave the UNIX crackers out of this...
Javascript dies in Netscape for me..
=(

Anyone else experience this?

Chief Archer

[ Reply to This | Parent ]


Re:Javascript Dies in Netscape (Score:1)
by Bob9113 on Tuesday August 03, @11:43AM EDT (#11)
(User Info)
yup, is not Netscape compatible.

Funny $hit.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zantispam (zantispam@netscape.net) on Tuesday August 03, @12:29PM
EDT (#104)
(User Info)
Well, that's the point of the Almighty JScript bastardization.

M$ products are just broken. Especially the products they Embraced
and Extended(JavaScript, Java, DOS, Windows)

--Please note: Half of this post is hyperbole and sarcasm.





--Jedi Hacker (Apprentice) and Code Poet
[ Reply to This | Parent ]

Javascript error "Windows is not defined" (!) (Score:2)
by Sun Tzu on Tuesday August 03, @01:29PM EDT (#226)
(User Info) http://www.tfn.net/~yeargin/art01.html

Running Netscape from my Solaris 7 Sun 10, that is what I get. It
turns out to be an error. And I thought it was a congratulatory
message! ;)

StarshipTraders.com goes into open beta!
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:2, Funny)
by Anonymous Coward on Tuesday August 03, @11:44AM EDT (#19)

I run linux and I'm gonna hack it. And when the interview me for the
article, I will use the word hack just to piss you off.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:28PM EDT (#353)

When you crack it, please do everyone a favor and make the damn
think Lynx/Netscape compliant.

many thanks

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:48AM EDT (#26)

Confirmed.
I'm using Njetscape 4.61 on a Slowlaris. Died on
me too. The guy who wrote that piece of crap
should be shot or at least get fired.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Syslevel on Tuesday August 03, @01:16PM EDT (#206)
(User Info)
They can't fire the guy who wrote Netscape.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by mistabobdobalina (samedi@disinfo.SPAM.net) on Tuesday August 03,
@04:17PM EDT (#387)
(User Info)
heh...i think he meant the guy who wrote the ms page. funny comment
anyway...
-- your knees hurt, don't they?
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:49AM EDT (#29)

Yes. It's almost funny, but not quite.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1, Insightful)
by Anonymous Coward on Tuesday August 03, @11:52AM EDT (#36)

Bleh.... don't worry about viewing the pages in a fancy browser/html
format. Just go to the page. Get the error. Hit Ok. Then view the
page source. Then you can read the entire page, and begin your
cracking.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by The Silicon Sorceror (silsor@xoommail.com) on Tuesday August 03,
@11:54AM EDT (#42)
(User Info) http://members.xoom.com/_XOOM/silsor/index.html

I got a Javascript error for Win32 Netscape, too. Interestingly
enough, the site works perfectly under Internet Explorer.

Get a frigging STANDARD!!!

~ Give me 101 plastic soldiers, and I will conquer the world.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by panZ (panz@no_SPAM_@hal.calpoly.edu) on Tuesday August 03,
@06:14PM EDT (#470)
(User Info)
>Get a frigging STANDARD!!!

This is hardly an accident or problem with standards. Its not even
breaking news for that matter. Micro$ft is notorious for making all
of their web pages do quirky things to non-IE browsers. If I break
this thing, I'll post a simple html with links to d/l alternative
browsers and a heartfelt message to the micro$ofties. This server is
/. fodder. Maybe we can load it up with a copy of Stampede and issue
Winblows the autoboot & config command remotely. =)
--Let's hack root on 127.0.0.1 --panZ
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Romen (stobin#bates.edu) on Tuesday August 03, @11:54AM EDT (#43)
(User Info)
I'm currently running Windows (I hate my job) and it still gives me
Javascript errors. The most humorous one was "Windows not
recognized."


Romen

Romen
[ Reply to This | Parent ]

Re:Javascript Dies Period. (Score:1)
by D3 (dhenning@www.usda.gov) on Tuesday August 03, @11:55AM EDT
(#45)
(User Info)
It doesn't work with IE either. How lame!


"I'm sorry that we have to have a Washington presence. We thrived
during our first 16 years without any of this." -M$ Chairman Bill
Gates 1995
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@11:58AM EDT (#51)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work (please don't hurt me). For what its worth:

Netscape 4.08 (Mac) -- garbled mess

Explorer 4.5 (Mac) -- "as intended" (though not really much better
8^)

lynx -- as good as one can expect (at least it loads)

I spend a lot of time reworking sites so that they will at least
load in both major browsers... and I know I don't get paid nearly
what the "genius" who put this site up gets. I know I should get
around to learning the "new" DOM better, but my initial perusal
leads me to suspect that is the problem.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by javac (jbgeach@yahoo.com) on Tuesday August 03, @12:01PM EDT
(#57)
(User Info) http://southern.edu/~jbgeach

Well, as much as I hate to admit it, it works with IE4
geach

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @12:09PM EDT (#68)

It has a lot of CSS too which is probably confusing netscape 4.x a
lot.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by llzackll on Tuesday August 03, @12:11PM EDT (#71)
(User Info)
Hmm, Netscape 4.08 Navigator standalone doesnt die on this page, but
the text does appear in the wrong place, I have to scroll down a bit
to read it.

[ Reply to This | Parent ]

Mozilla works fine
by Anonymous Coward on Tuesday August 03, @12:15PM EDT (#78)

Mozilla works fine

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Laner on Tuesday August 03, @12:16PM EDT (#84)
(User Info)
Hey, it's not Microsoft's fault that Netscape is at least two years
behind the times when it comes to DHTML/CSS/XML.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by aidoneus (aidoneus1976@hotmail.com) on Tuesday August 03,
@12:16PM EDT (#86)
(User Info)
http://www.cartoonnetwork.com/spaceghost/cod/brak/ index.html

And yet another wrinkle...
Just for kicks (and to see the type of damage it would do to my
system here at work... tee hee) I decided to try it in Mozilla,
specifically build 1999071417 and guess what...
It works, flawlessly at that. Funny when I rebooted and tried it in
NT using IE4.0 it couldn't even do that.
Any ideas as to what the devil is going on?

Now I just need to see if I can break into it, play with some bios
settings, and hoping the machine has a softbios, just adjust the
voltage to the cpu...

consider it payback for my monitor exploding.
(and yes, I am just kidding around about the voltage settings to the
CPU. the monitor is a whole other story though...)

-j

"Never trust a monkey." -Brak
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by KevCo (kbecker@mediaone.net) on Tuesday August 03, @12:32PM EDT
(#109)
(User Info) http://kevco.cx

It dies for me in Communicator 4.6 under windows too. But if I
scroll down past the screwed up crap, the content is still visible.

[ Reply to This | Parent ]

FIXME: I am a braindead moderator
by Anonymous Coward on Tuesday August 03, @12:44PM EDT (#129)

Sorry for that 'Offtopic' setting. Stupid browser saved the form
contents when I pressed 'Back'.

Would a *real* moderator please fix my stupid mistake?

Please excuse my stupidity.

[ Reply to This | Parent ]

Re:FIXME: I am a braindead moderator (Score:1)
by Dwonis (dlitz[IBoycottSpam]@cheerful[spamsucks].com) on Tuesday
August 03, @12:58PM EDT (#165)
(User Info) http://members.tripod.com/~DLitzPower/

You also didn't know that posting a message as yourself instead of
an AC would have caused your moderations to be removed.

Now you do.
--------
"I already have all the latest software."
-- Laura Winslow, "Family Matters"
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Informative)
by theCoder (minster@expert.cc.purdue.edu) on Tuesday August 03,
@12:55PM EDT (#160)
(User Info)
I don't have a copy of Netscape here (I'm at work), so I can't
confirm this, but in looking at the source code I would suspect that
Netscape is dying in the function "done()" at line 89. That function
tries to access the object "Windows" which seems to be a DIV
declared on line 96. This function is being executed from the
"onload" attribute of the BODY tag on line 55.

It seems that netscape is trying to execute this function before
loading the DIV, while IE (and Mozilla) has either loaded it already
or scanned the file to find that object.

As for what is correct in this situation, it would have to depend on
when the "onload" function should be called -- before the page is
fully loaded or after. IMHO, I'd probably have to say that IE and
Mozilla are probably doing it right (no error vs. error).

I don't know why there is a spacing problem in Netscape (but I
wouldn't be too surprised if it's intentional). Anybody know if
Netscape or IE is interpreting the HTML "wrong" (please don't define
"right" as what netscape does -- define it as you'd expect a browser
to behave)?


[ Reply to This | Parent ]

Finally!
by Anonymous Coward on Tuesday August 03, @03:35PM EDT (#356)

*Finally* someone who sees this as something other than some evil
Plot by microsoft to lock out netscape users and force everyone to
use IE. Netscape isn't the perfect browser, people, and neither is
it the standard-maker for HTML.

The reason the formatting is way off in NS is because it doesn't do
CSS as well as IE (though IE has a bunch o' problems too -- check
out www.webstandards.org )

But microsoft (or whoever wrote that page) is in the wrong: they
should have tested it cross-browser just like every other web
designer in the world. Isn't FrontPage2000 supposed to have auto
cross-browser testing features? ;)

I hope their policy to "eat their own dog food" (Re:
http://www.microsoft.com/backstage/solutions.htm )doesn't forbid
them to use competitors' products!

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zaw (Zaw_nospam@netscape.net) on Tuesday August 03, @06:45PM EDT
(#483)
(User Info) http://members.home.com/zaw/



Hmm.. MSHTML , I can't find that any where on W3C.

[ Reply to This | Parent ]

Works fine in IE - Hello? DOJ?
by Anonymous Coward on Tuesday August 03, @01:11PM EDT (#194)

Yet another attempt to squash competition by producing pages that
can only be used by their proprietory browser and not Netscape's. I
certainly hope the DOJ is taking note of this - little actions like
this illuminate the inner philosophy of Microsoft...

Long Live Netscape (even if it IS owned by AOL)

[ Reply to This | Parent ]

Hello? Are YOU THERE???
by Anonymous Coward on Tuesday August 03, @02:19PM EDT (#316)

Proprietory indeed.

1:The word is proprietary.
2:Netscape, in this case, is the proprietary one. If Netscape had
properly honored true DHTML, and the W3C approved DOM, your browser
wouldn't have flinched at that page.

Why don't you just change your SIG to:

"Long Live Netscape and all their proprietary standards"

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:22PM EDT (#216)

Sad thing is, I'm not quite sure if this was intentional. Look at
this tag:

FONT face="Verdana, Arial, Helvetica" size=1

Isn't Arial what Windows calls Helvetica? I'm starting to wonder if
the "poor" saps just don't know any better...

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:33PM EDT (#232)

It's called 'cross-platform'. It's so Macs will recognize the font.
(still known there as Helvetica)

Major fonts have been ripped off by every major foundry and been
renamed. Some have over 10 iterations.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@02:10PM EDT (#303)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.). However, the two are close
enough to be used interchangeably across platform. (Of course, since
I have Arial on my Mac and most PCs don't have Helvetica, I tend to
avoid Helvetica like the plague and stick with Arial.)

A larger issue here is the use of . I was skeptical at first, but
the advantages of CSS over the FACE attribute far outweigh the
drawbacks. I seem to remember it was M$ that had a hand in
developing the tag, though I know Netscape was no less responsible.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:12PM EDT (#342)

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.).
Helvetica is owned by Adobe (or someone) so a replacement for it has
to be different.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by ZenBoy on Tuesday August 03, @01:41PM EDT (#247)
(User Info) http://www.geocities.com/BourbonStreet/9979

When I open it, Javascript dies, and when I do get it to open (IN IE
5) when I click on the guest book, I'm magically whisked to
freebsd.org. I think somebuddy may have phuct it already.
-Zen I'm gonna make the _world_ my bitch.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Funny)
by dattaway (dattaway@attaway.org) on Tuesday August 03, @04:24PM
EDT (#397)
(User Info) http://attaway.org

I won! Where's my prize? I broke its Java! I couldn't even see the
rules, now what were they? Microsoft can't seem to write HTML worth
a damn.

[ Reply to This | Parent ]

bfs (Score:0, Offtopic)
by Anonymous Coward on Tuesday August 03, @11:40AM EDT (#4)

bfs

[ Reply to This | Parent ]


Re:bfs
by Anonymous Coward on Tuesday August 03, @05:29PM EDT (#451)

as in Be File System? wtf?

[ Reply to This | Parent ]

Netscape (Score:1)
by Roofus (roofus@psu DOT edu) on Tuesday August 03, @11:40AM EDT
(#5)
(User Info) http://www.csoft.net/~roofus/finger.html

Great, they can't even create a site that works with Navigator 4.0


-= Confucious say: Moo =-
[ Reply to This | Parent ]


Re:Netscape (Score:1)
by cemerson on Tuesday August 03, @11:55AM EDT (#46)
(User Info) http://chiark.greenend.org.uk/~cemerson/

It works for me in Netscape 4.08 and Mozilla M8.

Of course I keep Java and Javascript disabled. Solves more problems
than it creates.

Chris

[ Reply to This | Parent ]

Re:Netscape (Score:1)
by snow dog (tom.main@nospam.fnmail.com) on Tuesday August 03,
@01:08PM EDT (#190)
(User Info) http://www-cor-pmf.web.boeing.com

I get a javascript error on communicator 4.6....
One person's error is another person's data.
[ Reply to This | Parent ]

heh (Score:1)
by galore (ian@wehrman.com) on Tuesday August 03, @11:41AM EDT (#6)
(User Info) http://ian.wehrman.com/

i get a javascript error when i try to view this site... when i look
at the javascript console in netscape, all it tells me is "Windows
is not defined." how true it is.

later,
ian

[ Reply to This | Parent ]


Re:heh
by Anonymous Coward on Tuesday August 03, @12:52PM EDT (#150)

yeah, me too. Mebbe somebody already cracked it & they just never
'fixed' it :)

[ Reply to This | Parent ]

First Comment (Score:-1, Troll)
by Anonymous Coward on Tuesday August 03, @11:41AM EDT (#7)

Go get it guys


[ Reply to This | Parent ]

Real security for 2000 and beyond? (Score:1)
by Pauly on Tuesday August 03, @11:42AM EDT (#8)
(User Info)
If it can withstand /. effect, I'll be impressed.

//Pauly

[ Reply to This | Parent ]


Real Security for 2600 and beyond!
by Anonymous Coward on Tuesday August 03, @12:20PM EDT (#92)

:)


[ Reply to This | Parent ]

Re:Real security for 2000 and beyond?
by Anonymous Coward on Tuesday August 03, @12:39PM EDT (#121)

It seems to be cruising right along for me.
Are you impressed yet ?

[ Reply to This | Parent ]

Nope /.'d (Score:1)
by just someone on Tuesday August 03, @01:50PM EDT (#261)
(User Info)
(Some router loops happening and when I did hit the server in the
'appropriate" browser)

The page cannot be displayed
There is a problem with the page you are trying to reach and it
cannot be displayed.

-------------------------------------------------- ------------------------------


Please try the following:

Open the www.windows2000test.com home page, and then look for links
to the information you want.
Click the Refresh button, or try again later.

Click Search to look for information on the Internet.
You can also see a list of related sites.




HTTP 500 - Internal server error
Internet Explorer


[ Reply to This | Parent ]

And Confused (Score:1)
by just someone on Tuesday August 03, @01:58PM EDT (#276)
(User Info)
Actual message returned in netscape:

Logon failure: user not allowed to log on to this computer.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2, Funny)
by BuBu_ on Tuesday August 03, @02:20PM EDT (#318)
(User Info)
The Slashdot effect? What are you planning to do? get a bunch of
your friends around then go and flame the hell out of them? By
saying something like "YOUR 0S SUCKS! USE LINUX WOOOOOOO!" Yeah,
great idea.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2)
by MindStalker (johnlar@tfn.spam.net) on Tuesday August 03, @03:56PM
EDT (#366)
(User Info) http://www.tfn.net/~johnlar/index.html

Obviously your a new user here, or just haven't been paying
attention. The slashdot effect, is a semi-natural phenomenon, in
which a article/url is posted on slashdot that everyone wants to
checkout/read. The server holding that article is generally not
prepared for an increase in hits of several thousand people within
an hours time, crashing the server. The server is then known as
being slashdotted. Every once in a while even slashdot gets
slashdotted, when other news agencies link to slashdot, but in
general the effect is named after slashdot as we tend to create such
an effect more often than most other news sites.
~A nerd is someone whose life revolved around computers and
technology. A geek is someone whose life revolves around computers
and technology, and likes it
[ Reply to This | Parent ]

...And Thar she Goes...
by Anonymous Coward on Tuesday August 03, @04:12PM EDT (#381)

I tried to go to the site, to no avail...it was /.'ed...no response
from the server. Glad to see the future is so rosy...for REAL OS's

[ Reply to This | Parent ]

Machine messed up already? (Score:1)
by elvum (sj@nospam.post1.com (remove trap)) on Tuesday August 03,
@11:42AM EDT (#9)
(User Info) http://www.post1.com/~round

Is it just me, or have hackers* already messed up the javascript
front-end? Neither Netscape 4 nor IE3 seem to like it. Or is it just
that the only hackers Microsoft want to attract are those that use
the latest version of IE ?!?!?

*or incompetent Microsoft employees


[ Reply to This | Parent ]


Re:Machine messed up already? (Score:1)
by cswiii on Tuesday August 03, @12:02PM EDT (#58)
(User Info) http://wiw.org/~corey/

:is it just me, or have hackers* already messed up
:
:*or incompetent Microsoft employees

hey, we already have enough problems with people equating hackers ==
crackers. let's not start equating M$ Employees with hackers, as
well... :)

[ Reply to This | Parent ]

Re:Machine messed up already?
by Anonymous Coward on Tuesday August 03, @07:02PM EDT (#494)

or equating hackers with wanna-be SLASHDOTTERS who don't know shit
about code, but love to use the M$ acronym for Microsoft.

y0r c00l d00d

[ Reply to This | Parent ]

Smart move for Microsoft (Score:4, Informative)
by EngrBohn (cbohn@ieee.org) on Tuesday August 03, @11:42AM EDT
(#10)
(User Info) http://members.aol.com/EngrBohn/

Two possible outcomes:
- Nothing breaks it, and this becomes a marketing high-point for
Microsoft - It gets broken, and Microsoft engineers now have solid
data (vice anecdotal) as to where the problems are. Especially if
this was compiled with the debug option switched on.
Christopher A. Bohn
Oooh! What does this button do!?
[ Reply to This | Parent ]


Re:Smart move for Microsoft (Score:2, Funny)
by Suydam (brian@SPAMR00LZ.rickjames.sapien.net) on Tuesday August
03, @11:49AM EDT (#28)
(User Info) http://rickjames.sapien.net/brian/virii/

YEP
Outcome 1 - nothing breaks it. THis would be a bad thing. Arrogance
and "we're unstoppable" would be their attitude.
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice.
You forgot Outcome 3 though - we break it. they deny it for 6 months
and then release a Service Pack that fixes the problem that "doesn't
exist". This seems the most likely to me.



GCS/IT d++$(-) s+: a- C+++$(++) UL+++$ P++++$ L+++ E--- W+++$ N+(-)
!o K? w--- O- M- V- PS+(++) PE Y+ PGP t+ 5 X++ R- tv b++ DI++ D++ G
e++ h-- r++ y++
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2, Interesting)
by vt@office on Tuesday August 03, @11:53AM EDT (#39)
(User Info)
Yes, but what about the case when noone (flexibly defined) CARES to
break it? Serious people have more important work to do rather than
break the thing which is broken by design...

OK, kids, now get away from appliances, we're gonna reboot the house
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:37PM EDT (#240)
(User Info)
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice


But Microsoft doesn't believe in choice, oh wait, yes they do,
"Workstation or Server edition?"



A Stronger W2K means that MS will be in a stronger position to push
their "Windows Everywhere" agenda


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:5, Insightful)
by Signal 11 (signal11ATmediaone.net?Subject=Slashdot comment) on
Tuesday August 03, @12:25PM EDT (#97)
(User Info) http://www.mediaone.net

No, there is another outcome. Nobody takes the challenge. Challenges
like this are generally dismissed in the security industry for a
variety of reasons. Some of them are as follows...

- Real Crackers aren't going to spend their time trying to get
caught on a high-profile site.
- Script kiddies don't have any scripts for the "new" OS yet.
- It's new - so of COURSE it's going to take time to find the
vulnerabilities. You think "one stunt, and that's it" is going to
fix all their problems? You're more naive than I thought.
- Past record. How long does Microsoft take to acknowledge, let
alone fix, the problems they find? W2K *will* have bugs. All major
programs have bugs. The question is - will they efficiently and
quickly inform their customers, and provide comprehensive support to
them - like the 4-color glossies they distribute say?
- Many vulnerabilities are discovered at the console - and by
looking at the source. It could be wide open, but you'd never know
that from a remote perspective. Breaking into a system you've never
seen or used remotely has about as much of a chance of success as me
getting away with being called Rob Malda in this post.

That's just what I can think of off the top of my head. Use your
imagination. And most importantly: dismiss yet another one of
Microsoft's tricks to get you to do their bidding. Clever Microsoft,
but I thought you'd have learned by now that the 'net dispels FUD
faster than a speeding salesman.

--
What goes up, must come down. Ask any system administrator.
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Amazing Proton Boy (joep@lainet.com) on Tuesday August 03,
@04:18PM EDT (#391)
(User Info) http://www.wgn.net/~joep

You are Rob Malda.


[ Reply to This | Parent ]

Another rigged contest...
by Anonymous Coward on Tuesday August 03, @04:31PM EDT (#407)

I have to agree with this.

Never mind that I can't even get an IP address for this hoax, from 2
different locations!


2%nslookup windows2000test.com
Server: localhost
Address: 127.0.0.1

*** localhost can't find www.windows2000test.com: Non-existent
host/domain



And... ???


No match for "WINDOWS2000TEST".




In any case, I fully expect the site to get /.'d anyway...

Hehe.




[ Reply to This | Parent ]

Re:Another rigged contest... (Score:1)
by DrAtomic on Tuesday August 03, @04:39PM EDT (#413)
(User Info)
I checked with internic because I thought that it was going to be a
hoax, but it looks like the domain name windows2000test.com is
registered to microsoft. I do know that the page is down right now,
so that might have something to do with what happened to you, but I
know that it is registered at least to someone at M$ (or someone who
knows a good deal of M$ info, like their street adress and stuff
like that).



[ Reply to This | Parent ]

Re:Another rigged contest...
by Anonymous Coward on Tuesday August 03, @05:54PM EDT (#458)

Or someone who looked up the domain registration for, say,
www.microsoft.com, and used their cut+paste skillz.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by !IH on Tuesday August 03, @12:46PM EDT (#133)
(User Info) http://www.stheno.demon.co.uk

Couple of points, some exploits don't work against a debug build
system, that do in release mode - ever tried to track down a bug
that was unreproducable when built in debug?

For another off the wall point, what if this is not actually running
w2k, but Linux, and MS use the Anti-Ms brigade, to poke hole in
Linux's default security?

One of the rules of engagement is that you have to tell them how you
did it, but it doesn't give a time limit on when you have to tell
them.


--
Exigo spamos et dona ferentes
[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @01:12PM EDT (#198)

PING www.windows2000test.com (207.46.171.196): 56 data bytes
64 bytes from 207.46.171.196: icmp_seq=0 ttl=113 time=781.0 ms

The TTL doesn't look quite linux'ish (only really ancient versions
of linux used 128 AFAIK).

But maybe I'm wrong.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by C.Lee on Tuesday August 03, @04:27PM EDT (#402)
(User Info)
4:21 pm on 8/3/1999...Microsoft's test WWW site seems to be deader
than 3-day-old roadkill and all's well...

[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @04:58PM EDT (#429)

Seems like network problem to me...
Tracerouting reveals that connection ends somewhere along
iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136), that is for me
atleast. Also other IPs belonging to same subnet are not responding.

[ Reply to This | Parent ]

Why would they do that?
by Anonymous Coward on Tuesday August 03, @01:30PM EDT (#227)


Microsoft sucks, we all know that, and they're evil. But come on,
why would they do that?

First off, there are many ways to detect if a machine is running
Linux. Granted, they could change a few things, but then they'd
likely break most all 'bugs' discovered.

Its relatively easy to setup a system which is statically configured
and running limited services to be secure. Its another thing
entirely building a production ready system, that can be installed
and configured by Joe Idiot, and still be reasonably secure.


[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:36PM EDT (#478)
(User Info)
Actualy, i've had situations where a weird bug would crop up, I'd go
to debug mode, and then *more* crash bugs would show up! I was
writing win32 code, and the code I had writen was exspecting
somthign to be done (initalizing the windows, etc) before it was
sure to be. In optimzed mode, it happend fast enough, and "out of
order" or somthing, and it worked fine
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Leapfrog on Tuesday August 03, @02:22PM EDT (#319)
(User Info) file:/dev/null

Looks like someone broke it. I keep getting this message:
Logon failure: user not allowed to log on to this computer.
It happens no matter what page I try to hit, even some really
obvious 404's. I guess we really showed 'em. Or something. Didn't
last very long, now did it?

"Fool! There is nothing Perl cannot do! NOTHING!" -Bastich
[ Reply to This | Parent ]

What an ugly site (Score:2)
by Gleef (gleef@capital.net) on Tuesday August 03, @11:43AM EDT
(#12)
(User Info) about:mozilla

To "show off Windows 2000", I would think they could do with a
better designed web page. I get about 250 pixels (vertically) of
broken-looking header, followed by about 800 pixels of whitespace,
followed by the actual text. I have to scroll down more than a
screenful just to read anything. And a Javascript error to boot. I
mean, if they still can't even design a competent website, what
makes them think they can design a whole OS?

[ Reply to This | Parent ]


Re:What an ugly site (Score:2, Funny)
by Bob-K (bobk@jump.com) on Tuesday August 03, @11:48AM EDT (#25)
(User Info)
Maybe the site is designed so you can only crack it using Internet
Explorer.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Kerg on Tuesday August 03, @12:47PM EDT (#140)
(User Info)
Or maybe somebody already cracked it, and they can't figure out how
to fix it?!

HA!


[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by IanO (iano AT canada DOT com) on Tuesday August 03, @11:58AM EDT
(#53)
(User Info) http://www.tomandian.com/

The page looked like that to me also so I decided to fire up IE...
well it's more like click and hope that it doesn't crash my machine
:) Not surprisingly the page looked just fine. It's nice to know
that these people don't have the brains to make their web pages
compliant for all browsers.

On a side note I've had IE running for almost five minutes now and
my machine hasn't crashed, although memory usage increased alot.

------
IanO

"It's what you learn after you know it all that counts." -- John
Wooden
[ Reply to This | Parent ]

Re:What an ugly site (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:42PM EDT (#249)
(User Info)
It's nice to know that these people don't have the brains to make
their web pages compliant for all browsers
Why would they? This is MS, to them there is only one browser. When
they released IE for Unix, they proclaimed, "Finally, a graphical
alternative to lynx!"


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:What an ugly site
by Anonymous Coward on Tuesday August 03, @11:58AM EDT (#55)

The site does look ugly under Netscape (Windows/Linux). It looks
fine under IE 5.0, though. I Acutually prefer IE 5.0 to Netscape for
browsing the web (which is one of the reasons I use use vmware). I
don't have very good vision, and most sites (in addition to
displaying properly) are also easier for me to read under IE, no
matter what font tricks I try with Netscape.

[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by boinger (boinger@tekhaus.net) on Tuesday August 03, @12:03PM EDT
(#60)
(User Info) http://ww4.choice.net/~boinger/

Most M$ sites are getting worse. Try looking at product comparisons
in the electronics section of sidewalk.com with a Netscape browser -
It /used/ to work fine, but they changed it to be /incorrectly/
tagged HTML in the tables. M$IE conveniently misinterprets it to
where it looks okay, whereas Netscape "reads" it properly, thus
producing a hideous page where you have to scroll sideways for
several screens between columns of text.
I still can't figure out why they'd do that. It's not like people
who use Netscape don't see the load of banner ads, too.
*sigh*

----------------------
It's too bad stupidity isn't painful"
- Anton Szandor LaVey
[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by Detritus on Tuesday August 03, @12:23PM EDT (#96)
(User Info)
The wizards at Microsoft don't even support older versions of
Internet Explorer. I've recently done several installations of
Windows NT 4.0 Workstation, which installs IE 2.0. Microsoft's web
site is totally non-functional with this browser. You would think
that they would make it easy to download and upgrade to IE 5.0. I
didn't have any trouble using IE 2.0 to download the latest version
of Netscape.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by stuntpope (robhb@nospam.dclink.com) on Tuesday August 03,
@12:12PM EDT (#72)
(User Info)
Doesn't work for me with Netscape 4.5, even with JavaScript turned
off. It does work in IE 4, but man it's ugly with the menu having
close to 0 margin width on the left margin. Where are the style
police when you need them?
Plus, in the guest book, a supposed member of the win2000 dev team
wrote to the Netscape complainers, "Netscape is not supposed to work
in here". Now isn't that just a wonderful attitude? Screw M$.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by TheMeld (msg2@NOSPAM.po.cwru.edu) on Tuesday August 03, @12:31PM
EDT (#108)
(User Info) http://cheetah.cwru.edu

And what's more, the javascript error message is:
Windows is not defined

HA HA HA HA!

-Matt
remove nospam for e-mail
[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Sunthalazar (jmeinel@NO.blue.weeg.uiowa.edu.SPAM) on Tuesday
August 03, @01:53PM EDT (#269)
(User Info)
I agree. I thought it was pretty great. I was going to post it as
well, but I'm glad I found someone else who did. =:->

[ Reply to This | Parent ]

javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @11:43AM EDT
(#13)
(User Info)
is anyone getting javascript errors using netscape 4.61 (windoze)? i
can't see the page and i am not going to load internet exploder to
see their challenge!!!


-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]


Re:javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:25PM EDT
(#99)
(User Info)
Okay I loaded Internet Exploder and read through the source....

SCRIPT language=Jscript --- that's M$ specific code

bgProperties=fixed --- m$ specific?

later in the code they have a section
for script language=javascript
---

I have no idea what this function is however Netscape doesn't like
it nor should it.

function done()
{
Windows.style.display = "";
}

Obviously this web site will only work in one browser! Ugh!

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

m$ comments about javascript problem (Score:3, Insightful)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:28PM EDT
(#102)
(User Info)
this was posted on their

message board

We have disabled the abilty of the Netscape browser to view our page
for specific reasons. Please do not flame the messege board with
comments pertaning to the inabilty to view the page in Netscape. Any
comments relating to this should be directed at the Webmaster in
charge of this page: jsmith@microsoft.com

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:2)
by dillon_rinker (dillonunderscorerinkerathotmaildotcom) on Tuesday
August 03, @12:57PM EDT (#162)
(User Info) http://www.21cs.com

...specific reasons...

Sounds more like high specific gravity to me...

[ Reply to This | Parent ]

Re:m$ comments about javascript problem
by Anonymous Coward on Tuesday August 03, @01:16PM EDT (#207)

or an absolut crock of shit

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:3, Funny)
by knuth (eknuth@unix.csbsju.edu) on Tuesday August 03, @02:57PM EDT
(#335)
(User Info) http://www.users.csbsju.edu/~eknuth/index.html

Top Ten Specific Reasons Why Only MSIE Users Can View Microsoft
Cracking Challenge
10. If you're doing lame browser detection, MSIE is fewer letters to
type than Netscape, Mozilla, or even Opera.
9. Similarly, "JScript" is shorter than "JavaScript".
8. AOL^H^H^HMicrosoft is the Internet.
7. We left our copy of FrontPage at the default settings. But don't
worry, it will all be fixed in FrontPage 2005.
6. We fear the mighty /. effect, and those fanatics wouldn't be
caught dead using Exploder.
5. VisualBasic is more powerful and efficient than C++.* Likewise,
Internet Explorer has that comforting familiar Microsoft Windows
interface, so you don't have to learn that arcane, complicated
Netscape setup.
4. You can't crack our powerful enterprise-level Microsoft(tm)
Windows(tm) server if you can't read the rules we made up, nanny
nanny boo boo.
3. We're weenies. We couldn't write "Hello world" in HTML, let alone
use scripting languages.
2. 3l337 hAx0r d0oDz swear by MSIE.**
And the number one reason why only MSIE users are permitted to view
the Microsoft cracking challenge is... drumroll, please...
1. Somehow the demo site was interfered with. Give me another
chance, your honor.
*Editor's note: Microsoft actually says this on another page.
**Editor's note: swear at, more likely.

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:1)
by Elminst (jdsmith.at.capital.net) on Tuesday August 03, @04:18PM
EDT (#392)
(User Info)
And if you believe that was a genuine Microsoft post, I have a
bridge in brooklyn i can sell ya cheap.

All posts from microsoft are titled as the mcrosotf W2K team and
there city, state and country are clearly listed under the message.
This message has no city, state or country.
And why, after initially presenting themselves as a team, would they
give you a specific email address to send problems to. ESPECIALLY
after giving the specific email to send problems to in several
places throughout the site?
jsmith? yeesh at least try to be original in comnig up with an email
address next time.

[ Reply to This | Parent ]

That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:45PM EDT (#484)
(User Info)
If they wanted to disable Netscape, they could have just set some
settings in the browser, to block all incoming HTTP reqests comming
from any kind of mozilla

I think the "spesific reasons" that they talk about is the fact that
they screwed up, and are stupid.

Typical "it's not a bug, its a feature" thinking.

plus some people are saying it dosn't work right in IE ether...
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:47PM EDT (#486)
(User Info)
(also, I dont' think this is real....)
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:javascript errors? (Score:1)
by Breakdown on Tuesday August 03, @12:33PM EDT (#112)
(User Info)
You are right, the function done seems to only be written for the
way IE handles stylesheets. The Netscape code seems to be absent.
My guess is that the page was created in Frontpage...

[ Reply to This | Parent ]

who cares? (Score:0, Troll)
by mdillon (moc.demdnats@nollidm) on Tuesday August 03, @11:43AM EDT
(#14)
(User Info)
why should anyone want to help micro$oft audit the security of
win2k? wait till we can get a copy of it, then we'll start looking
for security holes. this is just microsoft trying to use the anti-ms
sentiments of crackers to get free auditing. screw them.

[ Reply to This | Parent ]


Hypocrite!!
by Anonymous Coward on Tuesday August 03, @01:09PM EDT (#191)

You bunch of hypocrites! You scream about how crappy MS's software
is then you refuse to "help" them improve them. You guys don't hate
MS because of it's software quality, you hate them because they're
MS. Be honest with yourselves here, if you hate them because they're
MS, then you're a biggot; if you hate them because of they're
software quality, help them out; if you hate them because of their
business practices, well...that's a judgement call.

PS. I work at MS but love Linux...I use the best tool

Re:hmmm

Articles:Microsoft /asks/ "Crack this machine"
faq
code
awards
privacy
slashNET
older stuff
rob's page
preferences
andover.net
submit story
advertising
supporters
past polls
topics
about
jobs
hof

Sections
books
ask slashdot
features

"Microsoft /asks/ "Crack this machine"" | Login/Create an Account |
Top | 504 comments | 238 siblings
Threshold: -1: 504 comments0: 499 comments1: 344 comments2: 54
comments3: 19 comments4: 5 comments5: 2 comments FlatNestedNo
CommentsThreaded Highest Scores FirstNewest FirstNewest First
(Ignore Threads)Oldest FirstOldest First (Ignore Threads)
The Fine Print: The following comments are owned by whoever posted
them. Slashdot is not responsible for what they say.
( We can't even spell bayta!)
(1 ) | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 (Slashdot Overload:
CommentLimit 25)
Muhahhahha
by miahrogers (m1i2a3h4r5o6g7e8r9s@excite.com) on Tuesday August 03,
@11:38AM EDT (#1)
(User Info)
they better hope that site ain't networked to anyother microsoft
sites... MUhahahahhahaha
/.firstpost if i get it!!
"Windows leads to anger, anger leads to hate, hate leads to LINUX."
to email me remove all numbers from my email address.
[ Reply to This | Parent ]


Re:Muhahhahha (Score:1)
by Synic (synic@linuxfreak.com) on Tuesday August 03, @12:42PM EDT
(#126)
(User Info) http://www.lanparty.com

why the hell is this "Score:1"?
I thought filters were for removing first post and flaming garbage.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @12:54PM EDT (#153)

Posts made by people who aren't anonymous default to score:1.
*sigh*

[ Reply to This | Parent ]

DoS attacks "don't count"? FU! ping -s 65000 -f...
by Anonymous Coward on Tuesday August 03, @01:49PM EDT (#260)

What is this DoS attacks don't count bullshit. Dead servers is dead
servers. And no I don't just mean while the DoS attack is happening,
I mean if it causes the server to lock up or crash and stay that way
when the DoS attack ceases, then that's a successful crack. But we
can't test that unless we try! Or will MS sue me for cracking?

Not allowed indeed. Pffft!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @01:55PM EDT (#271)

Of course ping -s will make it unavailable, knob. And hence prevent
any _Real_ attacks, which is what they're looking for. They can
easily test flood attacks on their own.

Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Duh.

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @02:16PM EDT (#311)

>Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Well, one could flood it with http requests which WOULD get through
a firewall. An indefensable DoS attack. And if you play with the
source IP addresses, the software won't know they're all coming from
the same location. Come to think about. I'm describing the /.
effect!

> Duh.

Indeed!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @04:06PM EDT (#374)

HAHAHAHAH

For that reason alone (/. effect), I have a feeling that they didn't
know what they were getting into when they
did this.

Is this for real?

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @03:56PM EDT (#365)

What they said is that attacks using lots of packets don't count. If
you can find a DoS which doesn't involve flooding the machine, that
would be a valid attack according to the rules as described.

The worst DoS attacks aren't flood attacks,
but attacks which use significantly less resources for the attacker
than the target host. Excluding floods is appropriate.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @02:44PM EDT (#333)

The site is already down...I can't access it from my machine.

...huh, Microsoft sucks

[ Reply to This | Parent ]

This can be a force for good... (Score:1)
by Bill the Cat on Tuesday August 03, @11:39AM EDT (#2)
(User Info)
If MS provides detailed info about successful attacks, and uses the
info to improve Win2K. Of course, can we trust the info that comes
from their corporate mouthpieces?

[ Reply to This | Parent ]


Re:This can be a force for good... (Score:1)
by sraasch on Tuesday August 03, @01:02PM EDT (#174)
(User Info)
Does this sound a little "open source-y" to anybody else? I thought
M$ didn't care for the concept!

[ Reply to This | Parent ]

I prefer "Corporate Piehole"
by Anonymous Coward on Tuesday August 03, @01:43PM EDT (#251)

Describes their function better.

[ Reply to This | Parent ]

Javascript Dies in Netscape (Score:2, Informative)
by ChiefArcher (brian@NOSPAM-REMOVE.gannon.com) on Tuesday August
03, @11:39AM EDT (#3)
(User Info) http://brian.gannon.com

I guess that want to leave the UNIX crackers out of this...
Javascript dies in Netscape for me..
=(

Anyone else experience this?

Chief Archer

[ Reply to This | Parent ]


Re:Javascript Dies in Netscape (Score:1)
by Bob9113 on Tuesday August 03, @11:43AM EDT (#11)
(User Info)
yup, is not Netscape compatible.

Funny $hit.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zantispam (zantispam@netscape.net) on Tuesday August 03, @12:29PM
EDT (#104)
(User Info)
Well, that's the point of the Almighty JScript bastardization.

M$ products are just broken. Especially the products they Embraced
and Extended(JavaScript, Java, DOS, Windows)

--Please note: Half of this post is hyperbole and sarcasm.





--Jedi Hacker (Apprentice) and Code Poet
[ Reply to This | Parent ]

Javascript error "Windows is not defined" (!) (Score:2)
by Sun Tzu on Tuesday August 03, @01:29PM EDT (#226)
(User Info) http://www.tfn.net/~yeargin/art01.html

Running Netscape from my Solaris 7 Sun 10, that is what I get. It
turns out to be an error. And I thought it was a congratulatory
message! ;)

StarshipTraders.com goes into open beta!
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:2, Funny)
by Anonymous Coward on Tuesday August 03, @11:44AM EDT (#19)

I run linux and I'm gonna hack it. And when the interview me for the
article, I will use the word hack just to piss you off.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:28PM EDT (#353)

When you crack it, please do everyone a favor and make the damn
think Lynx/Netscape compliant.

many thanks

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:48AM EDT (#26)

Confirmed.
I'm using Njetscape 4.61 on a Slowlaris. Died on
me too. The guy who wrote that piece of crap
should be shot or at least get fired.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Syslevel on Tuesday August 03, @01:16PM EDT (#206)
(User Info)
They can't fire the guy who wrote Netscape.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by mistabobdobalina (samedi@disinfo.SPAM.net) on Tuesday August 03,
@04:17PM EDT (#387)
(User Info)
heh...i think he meant the guy who wrote the ms page. funny comment
anyway...
-- your knees hurt, don't they?
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:49AM EDT (#29)

Yes. It's almost funny, but not quite.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1, Insightful)
by Anonymous Coward on Tuesday August 03, @11:52AM EDT (#36)

Bleh.... don't worry about viewing the pages in a fancy browser/html
format. Just go to the page. Get the error. Hit Ok. Then view the
page source. Then you can read the entire page, and begin your
cracking.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by The Silicon Sorceror (silsor@xoommail.com) on Tuesday August 03,
@11:54AM EDT (#42)
(User Info) http://members.xoom.com/_XOOM/silsor/index.html

I got a Javascript error for Win32 Netscape, too. Interestingly
enough, the site works perfectly under Internet Explorer.

Get a frigging STANDARD!!!

~ Give me 101 plastic soldiers, and I will conquer the world.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by panZ (panz@no_SPAM_@hal.calpoly.edu) on Tuesday August 03,
@06:14PM EDT (#470)
(User Info)
>Get a frigging STANDARD!!!

This is hardly an accident or problem with standards. Its not even
breaking news for that matter. Micro$ft is notorious for making all
of their web pages do quirky things to non-IE browsers. If I break
this thing, I'll post a simple html with links to d/l alternative
browsers and a heartfelt message to the micro$ofties. This server is
/. fodder. Maybe we can load it up with a copy of Stampede and issue
Winblows the autoboot & config command remotely. =)
--Let's hack root on 127.0.0.1 --panZ
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Romen (stobin#bates.edu) on Tuesday August 03, @11:54AM EDT (#43)
(User Info)
I'm currently running Windows (I hate my job) and it still gives me
Javascript errors. The most humorous one was "Windows not
recognized."


Romen

Romen
[ Reply to This | Parent ]

Re:Javascript Dies Period. (Score:1)
by D3 (dhenning@www.usda.gov) on Tuesday August 03, @11:55AM EDT
(#45)
(User Info)
It doesn't work with IE either. How lame!


"I'm sorry that we have to have a Washington presence. We thrived
during our first 16 years without any of this." -M$ Chairman Bill
Gates 1995
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@11:58AM EDT (#51)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work (please don't hurt me). For what its worth:

Netscape 4.08 (Mac) -- garbled mess

Explorer 4.5 (Mac) -- "as intended" (though not really much better
8^)

lynx -- as good as one can expect (at least it loads)

I spend a lot of time reworking sites so that they will at least
load in both major browsers... and I know I don't get paid nearly
what the "genius" who put this site up gets. I know I should get
around to learning the "new" DOM better, but my initial perusal
leads me to suspect that is the problem.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by javac (jbgeach@yahoo.com) on Tuesday August 03, @12:01PM EDT
(#57)
(User Info) http://southern.edu/~jbgeach

Well, as much as I hate to admit it, it works with IE4
geach

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @12:09PM EDT (#68)

It has a lot of CSS too which is probably confusing netscape 4.x a
lot.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by llzackll on Tuesday August 03, @12:11PM EDT (#71)
(User Info)
Hmm, Netscape 4.08 Navigator standalone doesnt die on this page, but
the text does appear in the wrong place, I have to scroll down a bit
to read it.

[ Reply to This | Parent ]

Mozilla works fine
by Anonymous Coward on Tuesday August 03, @12:15PM EDT (#78)

Mozilla works fine

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Laner on Tuesday August 03, @12:16PM EDT (#84)
(User Info)
Hey, it's not Microsoft's fault that Netscape is at least two years
behind the times when it comes to DHTML/CSS/XML.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by aidoneus (aidoneus1976@hotmail.com) on Tuesday August 03,
@12:16PM EDT (#86)
(User Info)
http://www.cartoonnetwork.com/spaceghost/cod/brak/ index.html

And yet another wrinkle...
Just for kicks (and to see the type of damage it would do to my
system here at work... tee hee) I decided to try it in Mozilla,
specifically build 1999071417 and guess what...
It works, flawlessly at that. Funny when I rebooted and tried it in
NT using IE4.0 it couldn't even do that.
Any ideas as to what the devil is going on?

Now I just need to see if I can break into it, play with some bios
settings, and hoping the machine has a softbios, just adjust the
voltage to the cpu...

consider it payback for my monitor exploding.
(and yes, I am just kidding around about the voltage settings to the
CPU. the monitor is a whole other story though...)

-j

"Never trust a monkey." -Brak
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by KevCo (kbecker@mediaone.net) on Tuesday August 03, @12:32PM EDT
(#109)
(User Info) http://kevco.cx

It dies for me in Communicator 4.6 under windows too. But if I
scroll down past the screwed up crap, the content is still visible.

[ Reply to This | Parent ]

FIXME: I am a braindead moderator
by Anonymous Coward on Tuesday August 03, @12:44PM EDT (#129)

Sorry for that 'Offtopic' setting. Stupid browser saved the form
contents when I pressed 'Back'.

Would a *real* moderator please fix my stupid mistake?

Please excuse my stupidity.

[ Reply to This | Parent ]

Re:FIXME: I am a braindead moderator (Score:1)
by Dwonis (dlitz[IBoycottSpam]@cheerful[spamsucks].com) on Tuesday
August 03, @12:58PM EDT (#165)
(User Info) http://members.tripod.com/~DLitzPower/

You also didn't know that posting a message as yourself instead of
an AC would have caused your moderations to be removed.

Now you do.
--------
"I already have all the latest software."
-- Laura Winslow, "Family Matters"
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Informative)
by theCoder (minster@expert.cc.purdue.edu) on Tuesday August 03,
@12:55PM EDT (#160)
(User Info)
I don't have a copy of Netscape here (I'm at work), so I can't
confirm this, but in looking at the source code I would suspect that
Netscape is dying in the function "done()" at line 89. That function
tries to access the object "Windows" which seems to be a DIV
declared on line 96. This function is being executed from the
"onload" attribute of the BODY tag on line 55.

It seems that netscape is trying to execute this function before
loading the DIV, while IE (and Mozilla) has either loaded it already
or scanned the file to find that object.

As for what is correct in this situation, it would have to depend on
when the "onload" function should be called -- before the page is
fully loaded or after. IMHO, I'd probably have to say that IE and
Mozilla are probably doing it right (no error vs. error).

I don't know why there is a spacing problem in Netscape (but I
wouldn't be too surprised if it's intentional). Anybody know if
Netscape or IE is interpreting the HTML "wrong" (please don't define
"right" as what netscape does -- define it as you'd expect a browser
to behave)?


[ Reply to This | Parent ]

Finally!
by Anonymous Coward on Tuesday August 03, @03:35PM EDT (#356)

*Finally* someone who sees this as something other than some evil
Plot by microsoft to lock out netscape users and force everyone to
use IE. Netscape isn't the perfect browser, people, and neither is
it the standard-maker for HTML.

The reason the formatting is way off in NS is because it doesn't do
CSS as well as IE (though IE has a bunch o' problems too -- check
out www.webstandards.org )

But microsoft (or whoever wrote that page) is in the wrong: they
should have tested it cross-browser just like every other web
designer in the world. Isn't FrontPage2000 supposed to have auto
cross-browser testing features? ;)

I hope their policy to "eat their own dog food" (Re:
http://www.microsoft.com/backstage/solutions.htm )doesn't forbid
them to use competitors' products!

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zaw (Zaw_nospam@netscape.net) on Tuesday August 03, @06:45PM EDT
(#483)
(User Info) http://members.home.com/zaw/



Hmm.. MSHTML , I can't find that any where on W3C.

[ Reply to This | Parent ]

Works fine in IE - Hello? DOJ?
by Anonymous Coward on Tuesday August 03, @01:11PM EDT (#194)

Yet another attempt to squash competition by producing pages that
can only be used by their proprietory browser and not Netscape's. I
certainly hope the DOJ is taking note of this - little actions like
this illuminate the inner philosophy of Microsoft...

Long Live Netscape (even if it IS owned by AOL)

[ Reply to This | Parent ]

Hello? Are YOU THERE???
by Anonymous Coward on Tuesday August 03, @02:19PM EDT (#316)

Proprietory indeed.

1:The word is proprietary.
2:Netscape, in this case, is the proprietary one. If Netscape had
properly honored true DHTML, and the W3C approved DOM, your browser
wouldn't have flinched at that page.

Why don't you just change your SIG to:

"Long Live Netscape and all their proprietary standards"

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:22PM EDT (#216)

Sad thing is, I'm not quite sure if this was intentional. Look at
this tag:

FONT face="Verdana, Arial, Helvetica" size=1

Isn't Arial what Windows calls Helvetica? I'm starting to wonder if
the "poor" saps just don't know any better...

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:33PM EDT (#232)

It's called 'cross-platform'. It's so Macs will recognize the font.
(still known there as Helvetica)

Major fonts have been ripped off by every major foundry and been
renamed. Some have over 10 iterations.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@02:10PM EDT (#303)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.). However, the two are close
enough to be used interchangeably across platform. (Of course, since
I have Arial on my Mac and most PCs don't have Helvetica, I tend to
avoid Helvetica like the plague and stick with Arial.)

A larger issue here is the use of . I was skeptical at first, but
the advantages of CSS over the FACE attribute far outweigh the
drawbacks. I seem to remember it was M$ that had a hand in
developing the tag, though I know Netscape was no less responsible.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:12PM EDT (#342)

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.).
Helvetica is owned by Adobe (or someone) so a replacement for it has
to be different.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by ZenBoy on Tuesday August 03, @01:41PM EDT (#247)
(User Info) http://www.geocities.com/BourbonStreet/9979

When I open it, Javascript dies, and when I do get it to open (IN IE
5) when I click on the guest book, I'm magically whisked to
freebsd.org. I think somebuddy may have phuct it already.
-Zen I'm gonna make the _world_ my bitch.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Funny)
by dattaway (dattaway@attaway.org) on Tuesday August 03, @04:24PM
EDT (#397)
(User Info) http://attaway.org

I won! Where's my prize? I broke its Java! I couldn't even see the
rules, now what were they? Microsoft can't seem to write HTML worth
a damn.

[ Reply to This | Parent ]

bfs (Score:0, Offtopic)
by Anonymous Coward on Tuesday August 03, @11:40AM EDT (#4)

bfs

[ Reply to This | Parent ]


Re:bfs
by Anonymous Coward on Tuesday August 03, @05:29PM EDT (#451)

as in Be File System? wtf?

[ Reply to This | Parent ]

Netscape (Score:1)
by Roofus (roofus@psu DOT edu) on Tuesday August 03, @11:40AM EDT
(#5)
(User Info) http://www.csoft.net/~roofus/finger.html

Great, they can't even create a site that works with Navigator 4.0


-= Confucious say: Moo =-
[ Reply to This | Parent ]


Re:Netscape (Score:1)
by cemerson on Tuesday August 03, @11:55AM EDT (#46)
(User Info) http://chiark.greenend.org.uk/~cemerson/

It works for me in Netscape 4.08 and Mozilla M8.

Of course I keep Java and Javascript disabled. Solves more problems
than it creates.

Chris

[ Reply to This | Parent ]

Re:Netscape (Score:1)
by snow dog (tom.main@nospam.fnmail.com) on Tuesday August 03,
@01:08PM EDT (#190)
(User Info) http://www-cor-pmf.web.boeing.com

I get a javascript error on communicator 4.6....
One person's error is another person's data.
[ Reply to This | Parent ]

heh (Score:1)
by galore (ian@wehrman.com) on Tuesday August 03, @11:41AM EDT (#6)
(User Info) http://ian.wehrman.com/

i get a javascript error when i try to view this site... when i look
at the javascript console in netscape, all it tells me is "Windows
is not defined." how true it is.

later,
ian

[ Reply to This | Parent ]


Re:heh
by Anonymous Coward on Tuesday August 03, @12:52PM EDT (#150)

yeah, me too. Mebbe somebody already cracked it & they just never
'fixed' it :)

[ Reply to This | Parent ]

First Comment (Score:-1, Troll)
by Anonymous Coward on Tuesday August 03, @11:41AM EDT (#7)

Go get it guys


[ Reply to This | Parent ]

Real security for 2000 and beyond? (Score:1)
by Pauly on Tuesday August 03, @11:42AM EDT (#8)
(User Info)
If it can withstand /. effect, I'll be impressed.

//Pauly

[ Reply to This | Parent ]


Real Security for 2600 and beyond!
by Anonymous Coward on Tuesday August 03, @12:20PM EDT (#92)

:)


[ Reply to This | Parent ]

Re:Real security for 2000 and beyond?
by Anonymous Coward on Tuesday August 03, @12:39PM EDT (#121)

It seems to be cruising right along for me.
Are you impressed yet ?

[ Reply to This | Parent ]

Nope /.'d (Score:1)
by just someone on Tuesday August 03, @01:50PM EDT (#261)
(User Info)
(Some router loops happening and when I did hit the server in the
'appropriate" browser)

The page cannot be displayed
There is a problem with the page you are trying to reach and it
cannot be displayed.

-------------------------------------------------- ------------------------------


Please try the following:

Open the www.windows2000test.com home page, and then look for links
to the information you want.
Click the Refresh button, or try again later.

Click Search to look for information on the Internet.
You can also see a list of related sites.




HTTP 500 - Internal server error
Internet Explorer


[ Reply to This | Parent ]

And Confused (Score:1)
by just someone on Tuesday August 03, @01:58PM EDT (#276)
(User Info)
Actual message returned in netscape:

Logon failure: user not allowed to log on to this computer.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2, Funny)
by BuBu_ on Tuesday August 03, @02:20PM EDT (#318)
(User Info)
The Slashdot effect? What are you planning to do? get a bunch of
your friends around then go and flame the hell out of them? By
saying something like "YOUR 0S SUCKS! USE LINUX WOOOOOOO!" Yeah,
great idea.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2)
by MindStalker (johnlar@tfn.spam.net) on Tuesday August 03, @03:56PM
EDT (#366)
(User Info) http://www.tfn.net/~johnlar/index.html

Obviously your a new user here, or just haven't been paying
attention. The slashdot effect, is a semi-natural phenomenon, in
which a article/url is posted on slashdot that everyone wants to
checkout/read. The server holding that article is generally not
prepared for an increase in hits of several thousand people within
an hours time, crashing the server. The server is then known as
being slashdotted. Every once in a while even slashdot gets
slashdotted, when other news agencies link to slashdot, but in
general the effect is named after slashdot as we tend to create such
an effect more often than most other news sites.
~A nerd is someone whose life revolved around computers and
technology. A geek is someone whose life revolves around computers
and technology, and likes it
[ Reply to This | Parent ]

...And Thar she Goes...
by Anonymous Coward on Tuesday August 03, @04:12PM EDT (#381)

I tried to go to the site, to no avail...it was /.'ed...no response
from the server. Glad to see the future is so rosy...for REAL OS's

[ Reply to This | Parent ]

Machine messed up already? (Score:1)
by elvum (sj@nospam.post1.com (remove trap)) on Tuesday August 03,
@11:42AM EDT (#9)
(User Info) http://www.post1.com/~round

Is it just me, or have hackers* already messed up the javascript
front-end? Neither Netscape 4 nor IE3 seem to like it. Or is it just
that the only hackers Microsoft want to attract are those that use
the latest version of IE ?!?!?

*or incompetent Microsoft employees


[ Reply to This | Parent ]


Re:Machine messed up already? (Score:1)
by cswiii on Tuesday August 03, @12:02PM EDT (#58)
(User Info) http://wiw.org/~corey/

:is it just me, or have hackers* already messed up
:
:*or incompetent Microsoft employees

hey, we already have enough problems with people equating hackers ==
crackers. let's not start equating M$ Employees with hackers, as
well... :)

[ Reply to This | Parent ]

Re:Machine messed up already?
by Anonymous Coward on Tuesday August 03, @07:02PM EDT (#494)

or equating hackers with wanna-be SLASHDOTTERS who don't know shit
about code, but love to use the M$ acronym for Microsoft.

y0r c00l d00d

[ Reply to This | Parent ]

Smart move for Microsoft (Score:4, Informative)
by EngrBohn (cbohn@ieee.org) on Tuesday August 03, @11:42AM EDT
(#10)
(User Info) http://members.aol.com/EngrBohn/

Two possible outcomes:
- Nothing breaks it, and this becomes a marketing high-point for
Microsoft - It gets broken, and Microsoft engineers now have solid
data (vice anecdotal) as to where the problems are. Especially if
this was compiled with the debug option switched on.
Christopher A. Bohn
Oooh! What does this button do!?
[ Reply to This | Parent ]


Re:Smart move for Microsoft (Score:2, Funny)
by Suydam (brian@SPAMR00LZ.rickjames.sapien.net) on Tuesday August
03, @11:49AM EDT (#28)
(User Info) http://rickjames.sapien.net/brian/virii/

YEP
Outcome 1 - nothing breaks it. THis would be a bad thing. Arrogance
and "we're unstoppable" would be their attitude.
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice.
You forgot Outcome 3 though - we break it. they deny it for 6 months
and then release a Service Pack that fixes the problem that "doesn't
exist". This seems the most likely to me.



GCS/IT d++$(-) s+: a- C+++$(++) UL+++$ P++++$ L+++ E--- W+++$ N+(-)
!o K? w--- O- M- V- PS+(++) PE Y+ PGP t+ 5 X++ R- tv b++ DI++ D++ G
e++ h-- r++ y++
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2, Interesting)
by vt@office on Tuesday August 03, @11:53AM EDT (#39)
(User Info)
Yes, but what about the case when noone (flexibly defined) CARES to
break it? Serious people have more important work to do rather than
break the thing which is broken by design...

OK, kids, now get away from appliances, we're gonna reboot the house
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:37PM EDT (#240)
(User Info)
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice


But Microsoft doesn't believe in choice, oh wait, yes they do,
"Workstation or Server edition?"



A Stronger W2K means that MS will be in a stronger position to push
their "Windows Everywhere" agenda


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:5, Insightful)
by Signal 11 (signal11ATmediaone.net?Subject=Slashdot comment) on
Tuesday August 03, @12:25PM EDT (#97)
(User Info) http://www.mediaone.net

No, there is another outcome. Nobody takes the challenge. Challenges
like this are generally dismissed in the security industry for a
variety of reasons. Some of them are as follows...

- Real Crackers aren't going to spend their time trying to get
caught on a high-profile site.
- Script kiddies don't have any scripts for the "new" OS yet.
- It's new - so of COURSE it's going to take time to find the
vulnerabilities. You think "one stunt, and that's it" is going to
fix all their problems? You're more naive than I thought.
- Past record. How long does Microsoft take to acknowledge, let
alone fix, the problems they find? W2K *will* have bugs. All major
programs have bugs. The question is - will they efficiently and
quickly inform their customers, and provide comprehensive support to
them - like the 4-color glossies they distribute say?
- Many vulnerabilities are discovered at the console - and by
looking at the source. It could be wide open, but you'd never know
that from a remote perspective. Breaking into a system you've never
seen or used remotely has about as much of a chance of success as me
getting away with being called Rob Malda in this post.

That's just what I can think of off the top of my head. Use your
imagination. And most importantly: dismiss yet another one of
Microsoft's tricks to get you to do their bidding. Clever Microsoft,
but I thought you'd have learned by now that the 'net dispels FUD
faster than a speeding salesman.

--
What goes up, must come down. Ask any system administrator.
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Amazing Proton Boy (joep@lainet.com) on Tuesday August 03,
@04:18PM EDT (#391)
(User Info) http://www.wgn.net/~joep

You are Rob Malda.


[ Reply to This | Parent ]

Another rigged contest...
by Anonymous Coward on Tuesday August 03, @04:31PM EDT (#407)

I have to agree with this.

Never mind that I can't even get an IP address for this hoax, from 2
different locations!


2%nslookup windows2000test.com
Server: localhost
Address: 127.0.0.1

*** localhost can't find www.windows2000test.com: Non-existent
host/domain



And... ???


No match for "WINDOWS2000TEST".




In any case, I fully expect the site to get /.'d anyway...

Hehe.




[ Reply to This | Parent ]

Re:Another rigged contest... (Score:1)
by DrAtomic on Tuesday August 03, @04:39PM EDT (#413)
(User Info)
I checked with internic because I thought that it was going to be a
hoax, but it looks like the domain name windows2000test.com is
registered to microsoft. I do know that the page is down right now,
so that might have something to do with what happened to you, but I
know that it is registered at least to someone at M$ (or someone who
knows a good deal of M$ info, like their street adress and stuff
like that).



[ Reply to This | Parent ]

Re:Another rigged contest...
by Anonymous Coward on Tuesday August 03, @05:54PM EDT (#458)

Or someone who looked up the domain registration for, say,
www.microsoft.com, and used their cut+paste skillz.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by !IH on Tuesday August 03, @12:46PM EDT (#133)
(User Info) http://www.stheno.demon.co.uk

Couple of points, some exploits don't work against a debug build
system, that do in release mode - ever tried to track down a bug
that was unreproducable when built in debug?

For another off the wall point, what if this is not actually running
w2k, but Linux, and MS use the Anti-Ms brigade, to poke hole in
Linux's default security?

One of the rules of engagement is that you have to tell them how you
did it, but it doesn't give a time limit on when you have to tell
them.


--
Exigo spamos et dona ferentes
[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @01:12PM EDT (#198)

PING www.windows2000test.com (207.46.171.196): 56 data bytes
64 bytes from 207.46.171.196: icmp_seq=0 ttl=113 time=781.0 ms

The TTL doesn't look quite linux'ish (only really ancient versions
of linux used 128 AFAIK).

But maybe I'm wrong.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by C.Lee on Tuesday August 03, @04:27PM EDT (#402)
(User Info)
4:21 pm on 8/3/1999...Microsoft's test WWW site seems to be deader
than 3-day-old roadkill and all's well...

[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @04:58PM EDT (#429)

Seems like network problem to me...
Tracerouting reveals that connection ends somewhere along
iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136), that is for me
atleast. Also other IPs belonging to same subnet are not responding.

[ Reply to This | Parent ]

Why would they do that?
by Anonymous Coward on Tuesday August 03, @01:30PM EDT (#227)


Microsoft sucks, we all know that, and they're evil. But come on,
why would they do that?

First off, there are many ways to detect if a machine is running
Linux. Granted, they could change a few things, but then they'd
likely break most all 'bugs' discovered.

Its relatively easy to setup a system which is statically configured
and running limited services to be secure. Its another thing
entirely building a production ready system, that can be installed
and configured by Joe Idiot, and still be reasonably secure.


[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:36PM EDT (#478)
(User Info)
Actualy, i've had situations where a weird bug would crop up, I'd go
to debug mode, and then *more* crash bugs would show up! I was
writing win32 code, and the code I had writen was exspecting
somthign to be done (initalizing the windows, etc) before it was
sure to be. In optimzed mode, it happend fast enough, and "out of
order" or somthing, and it worked fine
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Leapfrog on Tuesday August 03, @02:22PM EDT (#319)
(User Info) file:/dev/null

Looks like someone broke it. I keep getting this message:
Logon failure: user not allowed to log on to this computer.
It happens no matter what page I try to hit, even some really
obvious 404's. I guess we really showed 'em. Or something. Didn't
last very long, now did it?

"Fool! There is nothing Perl cannot do! NOTHING!" -Bastich
[ Reply to This | Parent ]

What an ugly site (Score:2)
by Gleef (gleef@capital.net) on Tuesday August 03, @11:43AM EDT
(#12)
(User Info) about:mozilla

To "show off Windows 2000", I would think they could do with a
better designed web page. I get about 250 pixels (vertically) of
broken-looking header, followed by about 800 pixels of whitespace,
followed by the actual text. I have to scroll down more than a
screenful just to read anything. And a Javascript error to boot. I
mean, if they still can't even design a competent website, what
makes them think they can design a whole OS?

[ Reply to This | Parent ]


Re:What an ugly site (Score:2, Funny)
by Bob-K (bobk@jump.com) on Tuesday August 03, @11:48AM EDT (#25)
(User Info)
Maybe the site is designed so you can only crack it using Internet
Explorer.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Kerg on Tuesday August 03, @12:47PM EDT (#140)
(User Info)
Or maybe somebody already cracked it, and they can't figure out how
to fix it?!

HA!


[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by IanO (iano AT canada DOT com) on Tuesday August 03, @11:58AM EDT
(#53)
(User Info) http://www.tomandian.com/

The page looked like that to me also so I decided to fire up IE...
well it's more like click and hope that it doesn't crash my machine
:) Not surprisingly the page looked just fine. It's nice to know
that these people don't have the brains to make their web pages
compliant for all browsers.

On a side note I've had IE running for almost five minutes now and
my machine hasn't crashed, although memory usage increased alot.

------
IanO

"It's what you learn after you know it all that counts." -- John
Wooden
[ Reply to This | Parent ]

Re:What an ugly site (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:42PM EDT (#249)
(User Info)
It's nice to know that these people don't have the brains to make
their web pages compliant for all browsers
Why would they? This is MS, to them there is only one browser. When
they released IE for Unix, they proclaimed, "Finally, a graphical
alternative to lynx!"


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:What an ugly site
by Anonymous Coward on Tuesday August 03, @11:58AM EDT (#55)

The site does look ugly under Netscape (Windows/Linux). It looks
fine under IE 5.0, though. I Acutually prefer IE 5.0 to Netscape for
browsing the web (which is one of the reasons I use use vmware). I
don't have very good vision, and most sites (in addition to
displaying properly) are also easier for me to read under IE, no
matter what font tricks I try with Netscape.

[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by boinger (boinger@tekhaus.net) on Tuesday August 03, @12:03PM EDT
(#60)
(User Info) http://ww4.choice.net/~boinger/

Most M$ sites are getting worse. Try looking at product comparisons
in the electronics section of sidewalk.com with a Netscape browser -
It /used/ to work fine, but they changed it to be /incorrectly/
tagged HTML in the tables. M$IE conveniently misinterprets it to
where it looks okay, whereas Netscape "reads" it properly, thus
producing a hideous page where you have to scroll sideways for
several screens between columns of text.
I still can't figure out why they'd do that. It's not like people
who use Netscape don't see the load of banner ads, too.
*sigh*

----------------------
It's too bad stupidity isn't painful"
- Anton Szandor LaVey
[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by Detritus on Tuesday August 03, @12:23PM EDT (#96)
(User Info)
The wizards at Microsoft don't even support older versions of
Internet Explorer. I've recently done several installations of
Windows NT 4.0 Workstation, which installs IE 2.0. Microsoft's web
site is totally non-functional with this browser. You would think
that they would make it easy to download and upgrade to IE 5.0. I
didn't have any trouble using IE 2.0 to download the latest version
of Netscape.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by stuntpope (robhb@nospam.dclink.com) on Tuesday August 03,
@12:12PM EDT (#72)
(User Info)
Doesn't work for me with Netscape 4.5, even with JavaScript turned
off. It does work in IE 4, but man it's ugly with the menu having
close to 0 margin width on the left margin. Where are the style
police when you need them?
Plus, in the guest book, a supposed member of the win2000 dev team
wrote to the Netscape complainers, "Netscape is not supposed to work
in here". Now isn't that just a wonderful attitude? Screw M$.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by TheMeld (msg2@NOSPAM.po.cwru.edu) on Tuesday August 03, @12:31PM
EDT (#108)
(User Info) http://cheetah.cwru.edu

And what's more, the javascript error message is:
Windows is not defined

HA HA HA HA!

-Matt
remove nospam for e-mail
[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Sunthalazar (jmeinel@NO.blue.weeg.uiowa.edu.SPAM) on Tuesday
August 03, @01:53PM EDT (#269)
(User Info)
I agree. I thought it was pretty great. I was going to post it as
well, but I'm glad I found someone else who did. =:->

[ Reply to This | Parent ]

javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @11:43AM EDT
(#13)
(User Info)
is anyone getting javascript errors using netscape 4.61 (windoze)? i
can't see the page and i am not going to load internet exploder to
see their challenge!!!


-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]


Re:javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:25PM EDT
(#99)
(User Info)
Okay I loaded Internet Exploder and read through the source....

SCRIPT language=Jscript --- that's M$ specific code

bgProperties=fixed --- m$ specific?

later in the code they have a section
for script language=javascript
---

I have no idea what this function is however Netscape doesn't like
it nor should it.

function done()
{
Windows.style.display = "";
}

Obviously this web site will only work in one browser! Ugh!

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

m$ comments about javascript problem (Score:3, Insightful)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:28PM EDT
(#102)
(User Info)
this was posted on their

message board

We have disabled the abilty of the Netscape browser to view our page
for specific reasons. Please do not flame the messege board with
comments pertaning to the inabilty to view the page in Netscape. Any
comments relating to this should be directed at the Webmaster in
charge of this page: jsmith@microsoft.com

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:2)
by dillon_rinker (dillonunderscorerinkerathotmaildotcom) on Tuesday
August 03, @12:57PM EDT (#162)
(User Info) http://www.21cs.com

...specific reasons...

Sounds more like high specific gravity to me...

[ Reply to This | Parent ]

Re:m$ comments about javascript problem
by Anonymous Coward on Tuesday August 03, @01:16PM EDT (#207)

or an absolut crock of shit

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:3, Funny)
by knuth (eknuth@unix.csbsju.edu) on Tuesday August 03, @02:57PM EDT
(#335)
(User Info) http://www.users.csbsju.edu/~eknuth/index.html

Top Ten Specific Reasons Why Only MSIE Users Can View Microsoft
Cracking Challenge
10. If you're doing lame browser detection, MSIE is fewer letters to
type than Netscape, Mozilla, or even Opera.
9. Similarly, "JScript" is shorter than "JavaScript".
8. AOL^H^H^HMicrosoft is the Internet.
7. We left our copy of FrontPage at the default settings. But don't
worry, it will all be fixed in FrontPage 2005.
6. We fear the mighty /. effect, and those fanatics wouldn't be
caught dead using Exploder.
5. VisualBasic is more powerful and efficient than C++.* Likewise,
Internet Explorer has that comforting familiar Microsoft Windows
interface, so you don't have to learn that arcane, complicated
Netscape setup.
4. You can't crack our powerful enterprise-level Microsoft(tm)
Windows(tm) server if you can't read the rules we made up, nanny
nanny boo boo.
3. We're weenies. We couldn't write "Hello world" in HTML, let alone
use scripting languages.
2. 3l337 hAx0r d0oDz swear by MSIE.**
And the number one reason why only MSIE users are permitted to view
the Microsoft cracking challenge is... drumroll, please...
1. Somehow the demo site was interfered with. Give me another
chance, your honor.
*Editor's note: Microsoft actually says this on another page.
**Editor's note: swear at, more likely.

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:1)
by Elminst (jdsmith.at.capital.net) on Tuesday August 03, @04:18PM
EDT (#392)
(User Info)
And if you believe that was a genuine Microsoft post, I have a
bridge in brooklyn i can sell ya cheap.

All posts from microsoft are titled as the mcrosotf W2K team and
there city, state and country are clearly listed under the message.
This message has no city, state or country.
And why, after initially presenting themselves as a team, would they
give you a specific email address to send problems to. ESPECIALLY
after giving the specific email to send problems to in several
places throughout the site?
jsmith? yeesh at least try to be original in comnig up with an email
address next time.

[ Reply to This | Parent ]

That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:45PM EDT (#484)
(User Info)
If they wanted to disable Netscape, they could have just set some
settings in the browser, to block all incoming HTTP reqests comming
from any kind of mozilla

I think the "spesific reasons" that they talk about is the fact that
they screwed up, and are stupid.

Typical "it's not a bug, its a feature" thinking.

plus some people are saying it dosn't work right in IE ether...
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:47PM EDT (#486)
(User Info)
(also, I dont' think this is real....)
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:javascript errors? (Score:1)
by Breakdown on Tuesday August 03, @12:33PM EDT (#112)
(User Info)
You are right, the function done seems to only be written for the
way IE handles stylesheets. The Netscape code seems to be absent.
My guess is that the page was created in Frontpage...

[ Reply to This | Parent ]

who cares? (Score:0, Troll)
by mdillon (moc.demdnats@nollidm) on Tuesday August 03, @11:43AM EDT
(#14)
(User Info)
why should anyone want to help micro$oft audit the security of
win2k? wait till we can get a copy of it, then we'll start looking
for security holes. this is just microsoft trying to use the anti-ms
sentiments of crackers to get free auditing. screw them.

[ Reply to This | Parent ]


Hypocrite!!
by Anonymous Coward on Tuesday August 03, @01:09PM EDT (#191)

You bunch of hypocrites! You scream about how crappy MS's software
is then you refuse to "help" them improve them. You guys don't hate
MS because of it's software quality, you hate them because they're
MS. Be honest with yourselves here, if you hate them because they're
MS, then you're a biggot; if you hate them because of they're
software quality, help them out; if you hate them because of their
business practices, well...that's a judgement call.

PS. I work at MS but love Linux...I use the best tool

Re:hmmm

Articles:Microsoft /asks/ "Crack this machine"
faq
code
awards
privacy
slashNET
older stuff
rob's page
preferences
andover.net
submit story
advertising
supporters
past polls
topics
about
jobs
hof

Sections
books
ask slashdot
features

"Microsoft /asks/ "Crack this machine"" | Login/Create an Account |
Top | 504 comments | 238 siblings
Threshold: -1: 504 comments0: 499 comments1: 344 comments2: 54
comments3: 19 comments4: 5 comments5: 2 comments FlatNestedNo
CommentsThreaded Highest Scores FirstNewest FirstNewest First
(Ignore Threads)Oldest FirstOldest First (Ignore Threads)
The Fine Print: The following comments are owned by whoever posted
them. Slashdot is not responsible for what they say.
( We can't even spell bayta!)
(1 ) | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 (Slashdot Overload:
CommentLimit 25)
Muhahhahha
by miahrogers (m1i2a3h4r5o6g7e8r9s@excite.com) on Tuesday August 03,
@11:38AM EDT (#1)
(User Info)
they better hope that site ain't networked to anyother microsoft
sites... MUhahahahhahaha
/.firstpost if i get it!!
"Windows leads to anger, anger leads to hate, hate leads to LINUX."
to email me remove all numbers from my email address.
[ Reply to This | Parent ]


Re:Muhahhahha (Score:1)
by Synic (synic@linuxfreak.com) on Tuesday August 03, @12:42PM EDT
(#126)
(User Info) http://www.lanparty.com

why the hell is this "Score:1"?
I thought filters were for removing first post and flaming garbage.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @12:54PM EDT (#153)

Posts made by people who aren't anonymous default to score:1.
*sigh*

[ Reply to This | Parent ]

DoS attacks "don't count"? FU! ping -s 65000 -f...
by Anonymous Coward on Tuesday August 03, @01:49PM EDT (#260)

What is this DoS attacks don't count bullshit. Dead servers is dead
servers. And no I don't just mean while the DoS attack is happening,
I mean if it causes the server to lock up or crash and stay that way
when the DoS attack ceases, then that's a successful crack. But we
can't test that unless we try! Or will MS sue me for cracking?

Not allowed indeed. Pffft!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @01:55PM EDT (#271)

Of course ping -s will make it unavailable, knob. And hence prevent
any _Real_ attacks, which is what they're looking for. They can
easily test flood attacks on their own.

Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Duh.

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @02:16PM EDT (#311)

>Like it says - it's not behind a firewall which is the only defense
to that type of DoS attack.

Well, one could flood it with http requests which WOULD get through
a firewall. An indefensable DoS attack. And if you play with the
source IP addresses, the software won't know they're all coming from
the same location. Come to think about. I'm describing the /.
effect!

> Duh.

Indeed!

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @04:06PM EDT (#374)

HAHAHAHAH

For that reason alone (/. effect), I have a feeling that they didn't
know what they were getting into when they
did this.

Is this for real?

[ Reply to This | Parent ]

Re:DoS attacks "don't count"? FU! ping -s 65000 -f
by Anonymous Coward on Tuesday August 03, @03:56PM EDT (#365)

What they said is that attacks using lots of packets don't count. If
you can find a DoS which doesn't involve flooding the machine, that
would be a valid attack according to the rules as described.

The worst DoS attacks aren't flood attacks,
but attacks which use significantly less resources for the attacker
than the target host. Excluding floods is appropriate.

[ Reply to This | Parent ]

Re:Muhahhahha
by Anonymous Coward on Tuesday August 03, @02:44PM EDT (#333)

The site is already down...I can't access it from my machine.

...huh, Microsoft sucks

[ Reply to This | Parent ]

This can be a force for good... (Score:1)
by Bill the Cat on Tuesday August 03, @11:39AM EDT (#2)
(User Info)
If MS provides detailed info about successful attacks, and uses the
info to improve Win2K. Of course, can we trust the info that comes
from their corporate mouthpieces?

[ Reply to This | Parent ]


Re:This can be a force for good... (Score:1)
by sraasch on Tuesday August 03, @01:02PM EDT (#174)
(User Info)
Does this sound a little "open source-y" to anybody else? I thought
M$ didn't care for the concept!

[ Reply to This | Parent ]

I prefer "Corporate Piehole"
by Anonymous Coward on Tuesday August 03, @01:43PM EDT (#251)

Describes their function better.

[ Reply to This | Parent ]

Javascript Dies in Netscape (Score:2, Informative)
by ChiefArcher (brian@NOSPAM-REMOVE.gannon.com) on Tuesday August
03, @11:39AM EDT (#3)
(User Info) http://brian.gannon.com

I guess that want to leave the UNIX crackers out of this...
Javascript dies in Netscape for me..
=(

Anyone else experience this?

Chief Archer

[ Reply to This | Parent ]


Re:Javascript Dies in Netscape (Score:1)
by Bob9113 on Tuesday August 03, @11:43AM EDT (#11)
(User Info)
yup, is not Netscape compatible.

Funny $hit.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zantispam (zantispam@netscape.net) on Tuesday August 03, @12:29PM
EDT (#104)
(User Info)
Well, that's the point of the Almighty JScript bastardization.

M$ products are just broken. Especially the products they Embraced
and Extended(JavaScript, Java, DOS, Windows)

--Please note: Half of this post is hyperbole and sarcasm.





--Jedi Hacker (Apprentice) and Code Poet
[ Reply to This | Parent ]

Javascript error "Windows is not defined" (!) (Score:2)
by Sun Tzu on Tuesday August 03, @01:29PM EDT (#226)
(User Info) http://www.tfn.net/~yeargin/art01.html

Running Netscape from my Solaris 7 Sun 10, that is what I get. It
turns out to be an error. And I thought it was a congratulatory
message! ;)

StarshipTraders.com goes into open beta!
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:2, Funny)
by Anonymous Coward on Tuesday August 03, @11:44AM EDT (#19)

I run linux and I'm gonna hack it. And when the interview me for the
article, I will use the word hack just to piss you off.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:28PM EDT (#353)

When you crack it, please do everyone a favor and make the damn
think Lynx/Netscape compliant.

many thanks

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:48AM EDT (#26)

Confirmed.
I'm using Njetscape 4.61 on a Slowlaris. Died on
me too. The guy who wrote that piece of crap
should be shot or at least get fired.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Syslevel on Tuesday August 03, @01:16PM EDT (#206)
(User Info)
They can't fire the guy who wrote Netscape.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by mistabobdobalina (samedi@disinfo.SPAM.net) on Tuesday August 03,
@04:17PM EDT (#387)
(User Info)
heh...i think he meant the guy who wrote the ms page. funny comment
anyway...
-- your knees hurt, don't they?
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @11:49AM EDT (#29)

Yes. It's almost funny, but not quite.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1, Insightful)
by Anonymous Coward on Tuesday August 03, @11:52AM EDT (#36)

Bleh.... don't worry about viewing the pages in a fancy browser/html
format. Just go to the page. Get the error. Hit Ok. Then view the
page source. Then you can read the entire page, and begin your
cracking.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by The Silicon Sorceror (silsor@xoommail.com) on Tuesday August 03,
@11:54AM EDT (#42)
(User Info) http://members.xoom.com/_XOOM/silsor/index.html

I got a Javascript error for Win32 Netscape, too. Interestingly
enough, the site works perfectly under Internet Explorer.

Get a frigging STANDARD!!!

~ Give me 101 plastic soldiers, and I will conquer the world.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by panZ (panz@no_SPAM_@hal.calpoly.edu) on Tuesday August 03,
@06:14PM EDT (#470)
(User Info)
>Get a frigging STANDARD!!!

This is hardly an accident or problem with standards. Its not even
breaking news for that matter. Micro$ft is notorious for making all
of their web pages do quirky things to non-IE browsers. If I break
this thing, I'll post a simple html with links to d/l alternative
browsers and a heartfelt message to the micro$ofties. This server is
/. fodder. Maybe we can load it up with a copy of Stampede and issue
Winblows the autoboot & config command remotely. =)
--Let's hack root on 127.0.0.1 --panZ
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Romen (stobin#bates.edu) on Tuesday August 03, @11:54AM EDT (#43)
(User Info)
I'm currently running Windows (I hate my job) and it still gives me
Javascript errors. The most humorous one was "Windows not
recognized."


Romen

Romen
[ Reply to This | Parent ]

Re:Javascript Dies Period. (Score:1)
by D3 (dhenning@www.usda.gov) on Tuesday August 03, @11:55AM EDT
(#45)
(User Info)
It doesn't work with IE either. How lame!


"I'm sorry that we have to have a Washington presence. We thrived
during our first 16 years without any of this." -M$ Chairman Bill
Gates 1995
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@11:58AM EDT (#51)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work (please don't hurt me). For what its worth:

Netscape 4.08 (Mac) -- garbled mess

Explorer 4.5 (Mac) -- "as intended" (though not really much better
8^)

lynx -- as good as one can expect (at least it loads)

I spend a lot of time reworking sites so that they will at least
load in both major browsers... and I know I don't get paid nearly
what the "genius" who put this site up gets. I know I should get
around to learning the "new" DOM better, but my initial perusal
leads me to suspect that is the problem.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by javac (jbgeach@yahoo.com) on Tuesday August 03, @12:01PM EDT
(#57)
(User Info) http://southern.edu/~jbgeach

Well, as much as I hate to admit it, it works with IE4
geach

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @12:09PM EDT (#68)

It has a lot of CSS too which is probably confusing netscape 4.x a
lot.



[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by llzackll on Tuesday August 03, @12:11PM EDT (#71)
(User Info)
Hmm, Netscape 4.08 Navigator standalone doesnt die on this page, but
the text does appear in the wrong place, I have to scroll down a bit
to read it.

[ Reply to This | Parent ]

Mozilla works fine
by Anonymous Coward on Tuesday August 03, @12:15PM EDT (#78)

Mozilla works fine

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by Laner on Tuesday August 03, @12:16PM EDT (#84)
(User Info)
Hey, it's not Microsoft's fault that Netscape is at least two years
behind the times when it comes to DHTML/CSS/XML.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by aidoneus (aidoneus1976@hotmail.com) on Tuesday August 03,
@12:16PM EDT (#86)
(User Info)
http://www.cartoonnetwork.com/spaceghost/cod/brak/ index.html

And yet another wrinkle...
Just for kicks (and to see the type of damage it would do to my
system here at work... tee hee) I decided to try it in Mozilla,
specifically build 1999071417 and guess what...
It works, flawlessly at that. Funny when I rebooted and tried it in
NT using IE4.0 it couldn't even do that.
Any ideas as to what the devil is going on?

Now I just need to see if I can break into it, play with some bios
settings, and hoping the machine has a softbios, just adjust the
voltage to the cpu...

consider it payback for my monitor exploding.
(and yes, I am just kidding around about the voltage settings to the
CPU. the monitor is a whole other story though...)

-j

"Never trust a monkey." -Brak
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by KevCo (kbecker@mediaone.net) on Tuesday August 03, @12:32PM EDT
(#109)
(User Info) http://kevco.cx

It dies for me in Communicator 4.6 under windows too. But if I
scroll down past the screwed up crap, the content is still visible.

[ Reply to This | Parent ]

FIXME: I am a braindead moderator
by Anonymous Coward on Tuesday August 03, @12:44PM EDT (#129)

Sorry for that 'Offtopic' setting. Stupid browser saved the form
contents when I pressed 'Back'.

Would a *real* moderator please fix my stupid mistake?

Please excuse my stupidity.

[ Reply to This | Parent ]

Re:FIXME: I am a braindead moderator (Score:1)
by Dwonis (dlitz[IBoycottSpam]@cheerful[spamsucks].com) on Tuesday
August 03, @12:58PM EDT (#165)
(User Info) http://members.tripod.com/~DLitzPower/

You also didn't know that posting a message as yourself instead of
an AC would have caused your moderations to be removed.

Now you do.
--------
"I already have all the latest software."
-- Laura Winslow, "Family Matters"
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Informative)
by theCoder (minster@expert.cc.purdue.edu) on Tuesday August 03,
@12:55PM EDT (#160)
(User Info)
I don't have a copy of Netscape here (I'm at work), so I can't
confirm this, but in looking at the source code I would suspect that
Netscape is dying in the function "done()" at line 89. That function
tries to access the object "Windows" which seems to be a DIV
declared on line 96. This function is being executed from the
"onload" attribute of the BODY tag on line 55.

It seems that netscape is trying to execute this function before
loading the DIV, while IE (and Mozilla) has either loaded it already
or scanned the file to find that object.

As for what is correct in this situation, it would have to depend on
when the "onload" function should be called -- before the page is
fully loaded or after. IMHO, I'd probably have to say that IE and
Mozilla are probably doing it right (no error vs. error).

I don't know why there is a spacing problem in Netscape (but I
wouldn't be too surprised if it's intentional). Anybody know if
Netscape or IE is interpreting the HTML "wrong" (please don't define
"right" as what netscape does -- define it as you'd expect a browser
to behave)?


[ Reply to This | Parent ]

Finally!
by Anonymous Coward on Tuesday August 03, @03:35PM EDT (#356)

*Finally* someone who sees this as something other than some evil
Plot by microsoft to lock out netscape users and force everyone to
use IE. Netscape isn't the perfect browser, people, and neither is
it the standard-maker for HTML.

The reason the formatting is way off in NS is because it doesn't do
CSS as well as IE (though IE has a bunch o' problems too -- check
out www.webstandards.org )

But microsoft (or whoever wrote that page) is in the wrong: they
should have tested it cross-browser just like every other web
designer in the world. Isn't FrontPage2000 supposed to have auto
cross-browser testing features? ;)

I hope their policy to "eat their own dog food" (Re:
http://www.microsoft.com/backstage/solutions.htm )doesn't forbid
them to use competitors' products!

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by zaw (Zaw_nospam@netscape.net) on Tuesday August 03, @06:45PM EDT
(#483)
(User Info) http://members.home.com/zaw/



Hmm.. MSHTML , I can't find that any where on W3C.

[ Reply to This | Parent ]

Works fine in IE - Hello? DOJ?
by Anonymous Coward on Tuesday August 03, @01:11PM EDT (#194)

Yet another attempt to squash competition by producing pages that
can only be used by their proprietory browser and not Netscape's. I
certainly hope the DOJ is taking note of this - little actions like
this illuminate the inner philosophy of Microsoft...

Long Live Netscape (even if it IS owned by AOL)

[ Reply to This | Parent ]

Hello? Are YOU THERE???
by Anonymous Coward on Tuesday August 03, @02:19PM EDT (#316)

Proprietory indeed.

1:The word is proprietary.
2:Netscape, in this case, is the proprietary one. If Netscape had
properly honored true DHTML, and the W3C approved DOM, your browser
wouldn't have flinched at that page.

Why don't you just change your SIG to:

"Long Live Netscape and all their proprietary standards"

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:22PM EDT (#216)

Sad thing is, I'm not quite sure if this was intentional. Look at
this tag:

FONT face="Verdana, Arial, Helvetica" size=1

Isn't Arial what Windows calls Helvetica? I'm starting to wonder if
the "poor" saps just don't know any better...

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @01:33PM EDT (#232)

It's called 'cross-platform'. It's so Macs will recognize the font.
(still known there as Helvetica)

Major fonts have been ripped off by every major foundry and been
renamed. Some have over 10 iterations.


[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by flieghund (kick_assATbubblegumDOTnetNOSPAM) on Tuesday August 03,
@02:10PM EDT (#303)
(User Info) http://128.125.253.183/~ellars/

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.). However, the two are close
enough to be used interchangeably across platform. (Of course, since
I have Arial on my Mac and most PCs don't have Helvetica, I tend to
avoid Helvetica like the plague and stick with Arial.)

A larger issue here is the use of . I was skeptical at first, but
the advantages of CSS over the FACE attribute far outweigh the
drawbacks. I seem to remember it was M$ that had a hand in
developing the tag, though I know Netscape was no less responsible.

"I came here to kick ass and chew bubblegum. I'm all out of
bubblegum." MSE USC APX ATS JDC HWG DFL LFH ETC
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape
by Anonymous Coward on Tuesday August 03, @03:12PM EDT (#342)

I use a Mac at work, and it has both Arial and Helvetica. I don't
know if it is just my Mac, but there are subtle differences between
the two (kerning, letter shape, etc.).
Helvetica is owned by Adobe (or someone) so a replacement for it has
to be different.

[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:1)
by ZenBoy on Tuesday August 03, @01:41PM EDT (#247)
(User Info) http://www.geocities.com/BourbonStreet/9979

When I open it, Javascript dies, and when I do get it to open (IN IE
5) when I click on the guest book, I'm magically whisked to
freebsd.org. I think somebuddy may have phuct it already.
-Zen I'm gonna make the _world_ my bitch.
[ Reply to This | Parent ]

Re:Javascript Dies in Netscape (Score:3, Funny)
by dattaway (dattaway@attaway.org) on Tuesday August 03, @04:24PM
EDT (#397)
(User Info) http://attaway.org

I won! Where's my prize? I broke its Java! I couldn't even see the
rules, now what were they? Microsoft can't seem to write HTML worth
a damn.

[ Reply to This | Parent ]

bfs (Score:0, Offtopic)
by Anonymous Coward on Tuesday August 03, @11:40AM EDT (#4)

bfs

[ Reply to This | Parent ]


Re:bfs
by Anonymous Coward on Tuesday August 03, @05:29PM EDT (#451)

as in Be File System? wtf?

[ Reply to This | Parent ]

Netscape (Score:1)
by Roofus (roofus@psu DOT edu) on Tuesday August 03, @11:40AM EDT
(#5)
(User Info) http://www.csoft.net/~roofus/finger.html

Great, they can't even create a site that works with Navigator 4.0


-= Confucious say: Moo =-
[ Reply to This | Parent ]


Re:Netscape (Score:1)
by cemerson on Tuesday August 03, @11:55AM EDT (#46)
(User Info) http://chiark.greenend.org.uk/~cemerson/

It works for me in Netscape 4.08 and Mozilla M8.

Of course I keep Java and Javascript disabled. Solves more problems
than it creates.

Chris

[ Reply to This | Parent ]

Re:Netscape (Score:1)
by snow dog (tom.main@nospam.fnmail.com) on Tuesday August 03,
@01:08PM EDT (#190)
(User Info) http://www-cor-pmf.web.boeing.com

I get a javascript error on communicator 4.6....
One person's error is another person's data.
[ Reply to This | Parent ]

heh (Score:1)
by galore (ian@wehrman.com) on Tuesday August 03, @11:41AM EDT (#6)
(User Info) http://ian.wehrman.com/

i get a javascript error when i try to view this site... when i look
at the javascript console in netscape, all it tells me is "Windows
is not defined." how true it is.

later,
ian

[ Reply to This | Parent ]


Re:heh
by Anonymous Coward on Tuesday August 03, @12:52PM EDT (#150)

yeah, me too. Mebbe somebody already cracked it & they just never
'fixed' it :)

[ Reply to This | Parent ]

First Comment (Score:-1, Troll)
by Anonymous Coward on Tuesday August 03, @11:41AM EDT (#7)

Go get it guys


[ Reply to This | Parent ]

Real security for 2000 and beyond? (Score:1)
by Pauly on Tuesday August 03, @11:42AM EDT (#8)
(User Info)
If it can withstand /. effect, I'll be impressed.

//Pauly

[ Reply to This | Parent ]


Real Security for 2600 and beyond!
by Anonymous Coward on Tuesday August 03, @12:20PM EDT (#92)

:)


[ Reply to This | Parent ]

Re:Real security for 2000 and beyond?
by Anonymous Coward on Tuesday August 03, @12:39PM EDT (#121)

It seems to be cruising right along for me.
Are you impressed yet ?

[ Reply to This | Parent ]

Nope /.'d (Score:1)
by just someone on Tuesday August 03, @01:50PM EDT (#261)
(User Info)
(Some router loops happening and when I did hit the server in the
'appropriate" browser)

The page cannot be displayed
There is a problem with the page you are trying to reach and it
cannot be displayed.

-------------------------------------------------- ------------------------------


Please try the following:

Open the www.windows2000test.com home page, and then look for links
to the information you want.
Click the Refresh button, or try again later.

Click Search to look for information on the Internet.
You can also see a list of related sites.




HTTP 500 - Internal server error
Internet Explorer


[ Reply to This | Parent ]

And Confused (Score:1)
by just someone on Tuesday August 03, @01:58PM EDT (#276)
(User Info)
Actual message returned in netscape:

Logon failure: user not allowed to log on to this computer.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2, Funny)
by BuBu_ on Tuesday August 03, @02:20PM EDT (#318)
(User Info)
The Slashdot effect? What are you planning to do? get a bunch of
your friends around then go and flame the hell out of them? By
saying something like "YOUR 0S SUCKS! USE LINUX WOOOOOOO!" Yeah,
great idea.

[ Reply to This | Parent ]

Re:Real security for 2000 and beyond? (Score:2)
by MindStalker (johnlar@tfn.spam.net) on Tuesday August 03, @03:56PM
EDT (#366)
(User Info) http://www.tfn.net/~johnlar/index.html

Obviously your a new user here, or just haven't been paying
attention. The slashdot effect, is a semi-natural phenomenon, in
which a article/url is posted on slashdot that everyone wants to
checkout/read. The server holding that article is generally not
prepared for an increase in hits of several thousand people within
an hours time, crashing the server. The server is then known as
being slashdotted. Every once in a while even slashdot gets
slashdotted, when other news agencies link to slashdot, but in
general the effect is named after slashdot as we tend to create such
an effect more often than most other news sites.
~A nerd is someone whose life revolved around computers and
technology. A geek is someone whose life revolves around computers
and technology, and likes it
[ Reply to This | Parent ]

...And Thar she Goes...
by Anonymous Coward on Tuesday August 03, @04:12PM EDT (#381)

I tried to go to the site, to no avail...it was /.'ed...no response
from the server. Glad to see the future is so rosy...for REAL OS's

[ Reply to This | Parent ]

Machine messed up already? (Score:1)
by elvum (sj@nospam.post1.com (remove trap)) on Tuesday August 03,
@11:42AM EDT (#9)
(User Info) http://www.post1.com/~round

Is it just me, or have hackers* already messed up the javascript
front-end? Neither Netscape 4 nor IE3 seem to like it. Or is it just
that the only hackers Microsoft want to attract are those that use
the latest version of IE ?!?!?

*or incompetent Microsoft employees


[ Reply to This | Parent ]


Re:Machine messed up already? (Score:1)
by cswiii on Tuesday August 03, @12:02PM EDT (#58)
(User Info) http://wiw.org/~corey/

:is it just me, or have hackers* already messed up
:
:*or incompetent Microsoft employees

hey, we already have enough problems with people equating hackers ==
crackers. let's not start equating M$ Employees with hackers, as
well... :)

[ Reply to This | Parent ]

Re:Machine messed up already?
by Anonymous Coward on Tuesday August 03, @07:02PM EDT (#494)

or equating hackers with wanna-be SLASHDOTTERS who don't know shit
about code, but love to use the M$ acronym for Microsoft.

y0r c00l d00d

[ Reply to This | Parent ]

Smart move for Microsoft (Score:4, Informative)
by EngrBohn (cbohn@ieee.org) on Tuesday August 03, @11:42AM EDT
(#10)
(User Info) http://members.aol.com/EngrBohn/

Two possible outcomes:
- Nothing breaks it, and this becomes a marketing high-point for
Microsoft - It gets broken, and Microsoft engineers now have solid
data (vice anecdotal) as to where the problems are. Especially if
this was compiled with the debug option switched on.
Christopher A. Bohn
Oooh! What does this button do!?
[ Reply to This | Parent ]


Re:Smart move for Microsoft (Score:2, Funny)
by Suydam (brian@SPAMR00LZ.rickjames.sapien.net) on Tuesday August
03, @11:49AM EDT (#28)
(User Info) http://rickjames.sapien.net/brian/virii/

YEP
Outcome 1 - nothing breaks it. THis would be a bad thing. Arrogance
and "we're unstoppable" would be their attitude.
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice.
You forgot Outcome 3 though - we break it. they deny it for 6 months
and then release a Service Pack that fixes the problem that "doesn't
exist". This seems the most likely to me.



GCS/IT d++$(-) s+: a- C+++$(++) UL+++$ P++++$ L+++ E--- W+++$ N+(-)
!o K? w--- O- M- V- PS+(++) PE Y+ PGP t+ 5 X++ R- tv b++ DI++ D++ G
e++ h-- r++ y++
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2, Interesting)
by vt@office on Tuesday August 03, @11:53AM EDT (#39)
(User Info)
Yes, but what about the case when noone (flexibly defined) CARES to
break it? Serious people have more important work to do rather than
break the thing which is broken by design...

OK, kids, now get away from appliances, we're gonna reboot the house
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:37PM EDT (#240)
(User Info)
Outcome 2 - we break it. they fix it. This would be a GOOD THING.
The more secure a system is, the better. It doesn't conflict with
our goal of Total World Domincation....it just gives people a viable
choice


But Microsoft doesn't believe in choice, oh wait, yes they do,
"Workstation or Server edition?"



A Stronger W2K means that MS will be in a stronger position to push
their "Windows Everywhere" agenda


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:5, Insightful)
by Signal 11 (signal11ATmediaone.net?Subject=Slashdot comment) on
Tuesday August 03, @12:25PM EDT (#97)
(User Info) http://www.mediaone.net

No, there is another outcome. Nobody takes the challenge. Challenges
like this are generally dismissed in the security industry for a
variety of reasons. Some of them are as follows...

- Real Crackers aren't going to spend their time trying to get
caught on a high-profile site.
- Script kiddies don't have any scripts for the "new" OS yet.
- It's new - so of COURSE it's going to take time to find the
vulnerabilities. You think "one stunt, and that's it" is going to
fix all their problems? You're more naive than I thought.
- Past record. How long does Microsoft take to acknowledge, let
alone fix, the problems they find? W2K *will* have bugs. All major
programs have bugs. The question is - will they efficiently and
quickly inform their customers, and provide comprehensive support to
them - like the 4-color glossies they distribute say?
- Many vulnerabilities are discovered at the console - and by
looking at the source. It could be wide open, but you'd never know
that from a remote perspective. Breaking into a system you've never
seen or used remotely has about as much of a chance of success as me
getting away with being called Rob Malda in this post.

That's just what I can think of off the top of my head. Use your
imagination. And most importantly: dismiss yet another one of
Microsoft's tricks to get you to do their bidding. Clever Microsoft,
but I thought you'd have learned by now that the 'net dispels FUD
faster than a speeding salesman.

--
What goes up, must come down. Ask any system administrator.
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Amazing Proton Boy (joep@lainet.com) on Tuesday August 03,
@04:18PM EDT (#391)
(User Info) http://www.wgn.net/~joep

You are Rob Malda.


[ Reply to This | Parent ]

Another rigged contest...
by Anonymous Coward on Tuesday August 03, @04:31PM EDT (#407)

I have to agree with this.

Never mind that I can't even get an IP address for this hoax, from 2
different locations!


2%nslookup windows2000test.com
Server: localhost
Address: 127.0.0.1

*** localhost can't find www.windows2000test.com: Non-existent
host/domain



And... ???


No match for "WINDOWS2000TEST".




In any case, I fully expect the site to get /.'d anyway...

Hehe.




[ Reply to This | Parent ]

Re:Another rigged contest... (Score:1)
by DrAtomic on Tuesday August 03, @04:39PM EDT (#413)
(User Info)
I checked with internic because I thought that it was going to be a
hoax, but it looks like the domain name windows2000test.com is
registered to microsoft. I do know that the page is down right now,
so that might have something to do with what happened to you, but I
know that it is registered at least to someone at M$ (or someone who
knows a good deal of M$ info, like their street adress and stuff
like that).



[ Reply to This | Parent ]

Re:Another rigged contest...
by Anonymous Coward on Tuesday August 03, @05:54PM EDT (#458)

Or someone who looked up the domain registration for, say,
www.microsoft.com, and used their cut+paste skillz.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by !IH on Tuesday August 03, @12:46PM EDT (#133)
(User Info) http://www.stheno.demon.co.uk

Couple of points, some exploits don't work against a debug build
system, that do in release mode - ever tried to track down a bug
that was unreproducable when built in debug?

For another off the wall point, what if this is not actually running
w2k, but Linux, and MS use the Anti-Ms brigade, to poke hole in
Linux's default security?

One of the rules of engagement is that you have to tell them how you
did it, but it doesn't give a time limit on when you have to tell
them.


--
Exigo spamos et dona ferentes
[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @01:12PM EDT (#198)

PING www.windows2000test.com (207.46.171.196): 56 data bytes
64 bytes from 207.46.171.196: icmp_seq=0 ttl=113 time=781.0 ms

The TTL doesn't look quite linux'ish (only really ancient versions
of linux used 128 AFAIK).

But maybe I'm wrong.

[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by C.Lee on Tuesday August 03, @04:27PM EDT (#402)
(User Info)
4:21 pm on 8/3/1999...Microsoft's test WWW site seems to be deader
than 3-day-old roadkill and all's well...

[ Reply to This | Parent ]

Re:Smart move for Microsoft
by Anonymous Coward on Tuesday August 03, @04:58PM EDT (#429)

Seems like network problem to me...
Tracerouting reveals that connection ends somewhere along
iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136), that is for me
atleast. Also other IPs belonging to same subnet are not responding.

[ Reply to This | Parent ]

Why would they do that?
by Anonymous Coward on Tuesday August 03, @01:30PM EDT (#227)


Microsoft sucks, we all know that, and they're evil. But come on,
why would they do that?

First off, there are many ways to detect if a machine is running
Linux. Granted, they could change a few things, but then they'd
likely break most all 'bugs' discovered.

Its relatively easy to setup a system which is statically configured
and running limited services to be secure. Its another thing
entirely building a production ready system, that can be installed
and configured by Joe Idiot, and still be reasonably secure.


[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:36PM EDT (#478)
(User Info)
Actualy, i've had situations where a weird bug would crop up, I'd go
to debug mode, and then *more* crash bugs would show up! I was
writing win32 code, and the code I had writen was exspecting
somthign to be done (initalizing the windows, etc) before it was
sure to be. In optimzed mode, it happend fast enough, and "out of
order" or somthing, and it worked fine
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:Smart move for Microsoft (Score:1)
by Leapfrog on Tuesday August 03, @02:22PM EDT (#319)
(User Info) file:/dev/null

Looks like someone broke it. I keep getting this message:
Logon failure: user not allowed to log on to this computer.
It happens no matter what page I try to hit, even some really
obvious 404's. I guess we really showed 'em. Or something. Didn't
last very long, now did it?

"Fool! There is nothing Perl cannot do! NOTHING!" -Bastich
[ Reply to This | Parent ]

What an ugly site (Score:2)
by Gleef (gleef@capital.net) on Tuesday August 03, @11:43AM EDT
(#12)
(User Info) about:mozilla

To "show off Windows 2000", I would think they could do with a
better designed web page. I get about 250 pixels (vertically) of
broken-looking header, followed by about 800 pixels of whitespace,
followed by the actual text. I have to scroll down more than a
screenful just to read anything. And a Javascript error to boot. I
mean, if they still can't even design a competent website, what
makes them think they can design a whole OS?

[ Reply to This | Parent ]


Re:What an ugly site (Score:2, Funny)
by Bob-K (bobk@jump.com) on Tuesday August 03, @11:48AM EDT (#25)
(User Info)
Maybe the site is designed so you can only crack it using Internet
Explorer.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Kerg on Tuesday August 03, @12:47PM EDT (#140)
(User Info)
Or maybe somebody already cracked it, and they can't figure out how
to fix it?!

HA!


[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by IanO (iano AT canada DOT com) on Tuesday August 03, @11:58AM EDT
(#53)
(User Info) http://www.tomandian.com/

The page looked like that to me also so I decided to fire up IE...
well it's more like click and hope that it doesn't crash my machine
:) Not surprisingly the page looked just fine. It's nice to know
that these people don't have the brains to make their web pages
compliant for all browsers.

On a side note I've had IE running for almost five minutes now and
my machine hasn't crashed, although memory usage increased alot.

------
IanO

"It's what you learn after you know it all that counts." -- John
Wooden
[ Reply to This | Parent ]

Re:What an ugly site (Score:2)
by eponymous cohort (ecohort@spammeanddie.com) on Tuesday August 03,
@01:42PM EDT (#249)
(User Info)
It's nice to know that these people don't have the brains to make
their web pages compliant for all browsers
Why would they? This is MS, to them there is only one browser. When
they released IE for Unix, they proclaimed, "Finally, a graphical
alternative to lynx!"


If you read only one .sig today, make it this one!
[ Reply to This | Parent ]

Re:What an ugly site
by Anonymous Coward on Tuesday August 03, @11:58AM EDT (#55)

The site does look ugly under Netscape (Windows/Linux). It looks
fine under IE 5.0, though. I Acutually prefer IE 5.0 to Netscape for
browsing the web (which is one of the reasons I use use vmware). I
don't have very good vision, and most sites (in addition to
displaying properly) are also easier for me to read under IE, no
matter what font tricks I try with Netscape.

[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by boinger (boinger@tekhaus.net) on Tuesday August 03, @12:03PM EDT
(#60)
(User Info) http://ww4.choice.net/~boinger/

Most M$ sites are getting worse. Try looking at product comparisons
in the electronics section of sidewalk.com with a Netscape browser -
It /used/ to work fine, but they changed it to be /incorrectly/
tagged HTML in the tables. M$IE conveniently misinterprets it to
where it looks okay, whereas Netscape "reads" it properly, thus
producing a hideous page where you have to scroll sideways for
several screens between columns of text.
I still can't figure out why they'd do that. It's not like people
who use Netscape don't see the load of banner ads, too.
*sigh*

----------------------
It's too bad stupidity isn't painful"
- Anton Szandor LaVey
[ Reply to This | Parent ]

Re:What an ugly pile of sites (Score:1)
by Detritus on Tuesday August 03, @12:23PM EDT (#96)
(User Info)
The wizards at Microsoft don't even support older versions of
Internet Explorer. I've recently done several installations of
Windows NT 4.0 Workstation, which installs IE 2.0. Microsoft's web
site is totally non-functional with this browser. You would think
that they would make it easy to download and upgrade to IE 5.0. I
didn't have any trouble using IE 2.0 to download the latest version
of Netscape.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by stuntpope (robhb@nospam.dclink.com) on Tuesday August 03,
@12:12PM EDT (#72)
(User Info)
Doesn't work for me with Netscape 4.5, even with JavaScript turned
off. It does work in IE 4, but man it's ugly with the menu having
close to 0 margin width on the left margin. Where are the style
police when you need them?
Plus, in the guest book, a supposed member of the win2000 dev team
wrote to the Netscape complainers, "Netscape is not supposed to work
in here". Now isn't that just a wonderful attitude? Screw M$.

[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by TheMeld (msg2@NOSPAM.po.cwru.edu) on Tuesday August 03, @12:31PM
EDT (#108)
(User Info) http://cheetah.cwru.edu

And what's more, the javascript error message is:
Windows is not defined

HA HA HA HA!

-Matt
remove nospam for e-mail
[ Reply to This | Parent ]

Re:What an ugly site (Score:1)
by Sunthalazar (jmeinel@NO.blue.weeg.uiowa.edu.SPAM) on Tuesday
August 03, @01:53PM EDT (#269)
(User Info)
I agree. I thought it was pretty great. I was going to post it as
well, but I'm glad I found someone else who did. =:->

[ Reply to This | Parent ]

javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @11:43AM EDT
(#13)
(User Info)
is anyone getting javascript errors using netscape 4.61 (windoze)? i
can't see the page and i am not going to load internet exploder to
see their challenge!!!


-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]


Re:javascript errors? (Score:1)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:25PM EDT
(#99)
(User Info)
Okay I loaded Internet Exploder and read through the source....

SCRIPT language=Jscript --- that's M$ specific code

bgProperties=fixed --- m$ specific?

later in the code they have a section
for script language=javascript
---

I have no idea what this function is however Netscape doesn't like
it nor should it.

function done()
{
Windows.style.display = "";
}

Obviously this web site will only work in one browser! Ugh!

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

m$ comments about javascript problem (Score:3, Insightful)
by Numeric (one@clfdotumbcdotedu) on Tuesday August 03, @12:28PM EDT
(#102)
(User Info)
this was posted on their

message board

We have disabled the abilty of the Netscape browser to view our page
for specific reasons. Please do not flame the messege board with
comments pertaning to the inabilty to view the page in Netscape. Any
comments relating to this should be directed at the Webmaster in
charge of this page: jsmith@microsoft.com

-- ladies and gentlemen we are floating in space!
[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:2)
by dillon_rinker (dillonunderscorerinkerathotmaildotcom) on Tuesday
August 03, @12:57PM EDT (#162)
(User Info) http://www.21cs.com

...specific reasons...

Sounds more like high specific gravity to me...

[ Reply to This | Parent ]

Re:m$ comments about javascript problem
by Anonymous Coward on Tuesday August 03, @01:16PM EDT (#207)

or an absolut crock of shit

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:3, Funny)
by knuth (eknuth@unix.csbsju.edu) on Tuesday August 03, @02:57PM EDT
(#335)
(User Info) http://www.users.csbsju.edu/~eknuth/index.html

Top Ten Specific Reasons Why Only MSIE Users Can View Microsoft
Cracking Challenge
10. If you're doing lame browser detection, MSIE is fewer letters to
type than Netscape, Mozilla, or even Opera.
9. Similarly, "JScript" is shorter than "JavaScript".
8. AOL^H^H^HMicrosoft is the Internet.
7. We left our copy of FrontPage at the default settings. But don't
worry, it will all be fixed in FrontPage 2005.
6. We fear the mighty /. effect, and those fanatics wouldn't be
caught dead using Exploder.
5. VisualBasic is more powerful and efficient than C++.* Likewise,
Internet Explorer has that comforting familiar Microsoft Windows
interface, so you don't have to learn that arcane, complicated
Netscape setup.
4. You can't crack our powerful enterprise-level Microsoft(tm)
Windows(tm) server if you can't read the rules we made up, nanny
nanny boo boo.
3. We're weenies. We couldn't write "Hello world" in HTML, let alone
use scripting languages.
2. 3l337 hAx0r d0oDz swear by MSIE.**
And the number one reason why only MSIE users are permitted to view
the Microsoft cracking challenge is... drumroll, please...
1. Somehow the demo site was interfered with. Give me another
chance, your honor.
*Editor's note: Microsoft actually says this on another page.
**Editor's note: swear at, more likely.

[ Reply to This | Parent ]

Re:m$ comments about javascript problem (Score:1)
by Elminst (jdsmith.at.capital.net) on Tuesday August 03, @04:18PM
EDT (#392)
(User Info)
And if you believe that was a genuine Microsoft post, I have a
bridge in brooklyn i can sell ya cheap.

All posts from microsoft are titled as the mcrosotf W2K team and
there city, state and country are clearly listed under the message.
This message has no city, state or country.
And why, after initially presenting themselves as a team, would they
give you a specific email address to send problems to. ESPECIALLY
after giving the specific email to send problems to in several
places throughout the site?
jsmith? yeesh at least try to be original in comnig up with an email
address next time.

[ Reply to This | Parent ]

That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:45PM EDT (#484)
(User Info)
If they wanted to disable Netscape, they could have just set some
settings in the browser, to block all incoming HTTP reqests comming
from any kind of mozilla

I think the "spesific reasons" that they talk about is the fact that
they screwed up, and are stupid.

Typical "it's not a bug, its a feature" thinking.

plus some people are saying it dosn't work right in IE ether...
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:That dosn't make any sense... (Score:1)
by delmoi (delmoi at hot mail dot com) on Tuesday August 03,
@06:47PM EDT (#486)
(User Info)
(also, I dont' think this is real....)
_
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Chad Okere, self apointed Unquestioned Lord of the internet
[ Reply to This | Parent ]

Re:javascript errors? (Score:1)
by Breakdown on Tuesday August 03, @12:33PM EDT (#112)
(User Info)
You are right, the function done seems to only be written for the
way IE handles stylesheets. The Netscape code seems to be absent.
My guess is that the page was created in Frontpage...

[ Reply to This | Parent ]

who cares? (Score:0, Troll)
by mdillon (moc.demdnats@nollidm) on Tuesday August 03, @11:43AM EDT
(#14)
(User Info)
why should anyone want to help micro$oft audit the security of
win2k? wait till we can get a copy of it, then we'll start looking
for security holes. this is just microsoft trying to use the anti-ms
sentiments of crackers to get free auditing. screw them.

[ Reply to This | Parent ]


Hypocrite!!
by Anonymous Coward on Tuesday August 03, @01:09PM EDT (#191)

You bunch of hypocrites! You scream about how crappy MS's software
is then you refuse to "help" them improve them. You guys don't hate
MS because of it's software quality, you hate them because they're
MS. Be honest with yourselves here, if you hate them because they're
MS, then you're a biggot; if you hate them because of they're
software quality, help them out; if you hate them because of their
business practices, well...that's a judgement call.

PS. I work at MS but love Linux...I use the best tool

Re:hmmm

Why help the one that isn`t worth to help.

Yust turn them down as mush we can,
this is the only way,

this is purely ethical,

Why ask money for something that is made in a
hury, driven by extensive marketing and sales

the whole aspect of IT at microsoft is
'sell dust' for $$ and give the vacium cleaner
free.

You don't NEED JavaScript, guys

Look, just choose "view page source" under the View menu. The text is right in there, if you want to read it. That's how I read the ground rules a little while back.

It's awfully slow now, though, Has it been brought to its knees already?

Re:You don't NEED JavaScript, guys

[Sangui5]

It's been down for about 45 min now or so.

DOWN AGAIN 2:40pm CST

Oy, time to reboot huh MS.

Re:microsoft.com is also using NT5 Beta. crack it!

Try going to MS's site http://www.microsoft.com/ using IE2.0 (the one that ships with NT). The other week I was doing that on an NT box I was setting up so I could download SP5 and it came back "This virtual directory does not allow contents to be listed..."

Re:Thoughts - Pebkac Networks

[anticypher]

Ha! I knew that acronym sounded familiar. Thanks for reminding the /. community. Pretty funny they are using that.

Seems to be a class C block of IP addresses from right in the middle of the Class B that M$ uses. Claims to be an ISP, but they have just one static web page on their server.

the AC

Perfect Target

[CountZer0]

This looks like a perfect target for my NoSkilz Website Haxor.

Go to http://www.cyberdeck.org/cgi-bin/noski lz.cgi
Fill in the form, and enjoy the thrill of defacing web pages.

-Steve

Back to my imaginary job working with Unix.

Alas, for an imaginary job, my salary is real
good. I love getting a pay for day-dreaming ;-)

appears down again...

just as I was submiting a test for the & l t ; thingy (for kicks: <)... and how have people figured out how to write fuck again? it won't work for me?

not exactly like /. is fast right now :/

Re:appears down again...

[Kerg]

you can write dirty words by using escape codes

Install Linux

The first one that gets remote administrator
access needs to do this:
Upload VNC to get a remote GUI.
Use FIPS to re-partition the box.
Upload a tiny linux image.
Change the lilo.conf to boot linux first.
Make a root passwd and reboot.
Set up the same web page under apache...

They're asking the Internet to debug for them !!!!

[Roxus]

Don't do it !!
Let them have a crappy product when it gets shipped so that they can be embarrased when the holes get found out THEN !!!!

DON'T HELP M$ !!!!

Broken?

[YourFingerYouFool]

All I get when I got to that page is "Logon failure: user not allowed to log on to this computer. " This happens on my Linux desk top and the ms box across the hall running IE.... The font is bigger on IE though. Does that mean it's superior to Netscape on Linux?

Re:Thoughts - followup

[egwene]

Pebcak Networks, huh? A bit ironic that Micro$oft would be using Problem-Exists-Between-Chair-And-Keyboard Networks to do their information gathering for them.

Already broken.

[kanaka]

All I get now is: Logon failure: user not allowed to log on to this computer. Guess that's a hidden message. Whooo Hoooo. At least I get the same in Netscape (no broken Javascript).

It's worse than that, it's dead Jim

No DNS resolution for me. Even by IP (from an earlier post) ping doesn't return, traceroute stalls nearby, and no luck connecting to ports 7, 9, 11, 21, 23, 25, 80, 143.
Maybe they don't just filter ICMP but TCP/IP as well?

Re:It's worse than that, it's dead Jim

[Pascal+Q.+Porcupine]

Ping isn't on a port. It's a low-level ICMP protocol, which exists at the IP level, completely independently of TCP. (TCP/IP refers to the combination of TCP atop IP; TCP is what handles packet ordering, error correction, and sockets etc.) This is why there is no 'ping' port, nor can you 'ping' a different port. Ping is so useful because it exists at the low level where no error checking etc. happen, so packets can be lost or misordered. Fun.

Oh, and you can't turn off ping. It's handled by the hardware layer (the device that IP sits on top of, usually ethernet, PPP, or loopback). Well, you *could* by castrating the hardware layer, but it's generally a Bad Idea. It's usually a better idea to just make sure there's no bugs which let ICMP controls frobnicate the system's kernel; this is exactly what MS didn't do in Win'95 OSR1. Oops. :)

---
"'Is not a quine' is not a quine" is a quine.

Re:It's worse than that, it's dead Jim

I did a portscan earlier this AM when it was up and the ONLY responding port was 80. I was suprised they didnt do something stupid like leave ping or ftp up. That would have been funny.

Microsoft Press Release
Hackers gain acces to test machine due to incompetent Microsoft engineer. Employee has been promoted to VP of marketing.

Re:It's worse than that, it's dead Jim

[mzito]

Of course you can turn off ping. It's a networking protocol, and like most networking protocols, they can be turned off. Ping is not handled at the hardware level. That's why icmp can be filtered via ipfw in FreeBSD. You can even specify what types of icmp messages to permit. And using sysctl, you can disable certain icmp behaviors in the kernel itself. So, its not handled at the hardware level.

Matt Zito
Who, thanks to his job, now knows more about FreeBSD than Linux.

And almost prefers it that way.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

What they said is that attacks using lots of packets don't count. If you can find a DoS which doesn't involve flooding the machine, that would be a valid attack according to the rules as described.

The worst DoS attacks aren't flood attacks,
but attacks which use significantly less resources for the attacker than the target host. Excluding floods is appropriate.

Share cracks with Slashdot before MS

[Pman]

If someone gets in to it, they should post how they did it here before they tell MS.

Make money on the net?!?

[rjaninda]

Let me get this straight. MS wants people to crack the site and do whatever they want with it with *HOPES* of the cracker revealing how he did it. I say, "Bad move MS". Crackers have a head start on this "revolutionary" new product from MS, and there is no way in hell they'll tell how they did it. Atleast not yet. Not until MS2K is in production, complete with bugs and holes. ;)

Re:Javascript Dies Period.

[D3]

It doesn't work with IE either. How lame!

Not allowed to log on?

[Mr+Gleep]

I'm getting this when I try to load the guest book...

Logon failure: user not allowed to log on to this computer.

Huh?

Re:Does S.A.T.A.N. run (under) Microsoft (Windows)

ahh..but what if the site is never able to
stay up again? Microsoft would be in a pickle
indeed.

And what does the Cracker get out of it?

[Quack1701]

I can see all the benifiets MS will get out of this site.

1) Noone breaks in. Claim the most secure 0S in the world.
2) People break in, MS fixes the bugs, downplays the seurity risk, and makes money off of a better product.

What do the crackers get?

1) They don't break in, Nothing.
2) If they break in, Nothing.

Humm... What a deal.

Who is going to waste thier time trying to get into a system they have no idea whats behind? Where are the security holes? I would hope MS has fixed all the Known problems. And until they release thier software, it will be hard to see what new is broken.

Quack

WTF?

[Simoriah]

Interesting... I went to the site and read up. I wanted to start getting into the message areas. When I hit refresh for the main site, I got the message (with WinNT4/IE5--i'm at work):

Logon failure: user not allowed to log on to this computer.

What the hell is this? Suddenly, I need a l/p to log into the website? Or is a user supposed to enter some funky 31337 code to get into the thing?

I'm just baffled by this one.

Microsoft

[drwiii]

There are hidden messages sprinkled around the computer. See if you can find them.

Do GPFs count as "hidden messages"?

The goal is to see how a properly secured machine will stand up to attack. These machines are configured to prevent known attacks.

With a cookie-cutter operating system like Windows, you'd think they'd make the default configuration as resistant as possible to known attacks.

And FUD stands for...

Fear, Uncertainty, Doubt. Used against competitors.

Microsoft is just praising themselves, not saying anything against their competitors, so how the hell could that be FUD?

Methinks some /.'ers like to throw these terms around too easily.

"FUD stands for 'anything microsoft does, btw Microsoft sucks and all their OS's crash' doesn't it?"

Cool

Every OS vendor should put up a test site like this. Linux should have one too.

logon failure -?

[mackga]

Is this a real error message from iis, or did someone get in? Now, if not, does this count as a hack of the site or just a DoS?

WTF?

[Simoriah]

Interesting... I went to the site and read up. I wanted to start getting into the message areas. When I hit refresh for the main site, I got the message (with WinNT4/IE5--i'm at work):

Logon failure: user not allowed to log on to this computer.

What the hell is this? Suddenly, I need a l/p to log into the website? Or is a user supposed to enter some funky 31337 code to get into the thing?

I'm just baffled by this one.

AND... I just tried using lynx (telnet into my school account and used lynx from there) and got the same error. Has the site been downed already? hehehehe

Logon failure: user not allowed to log on to this

[muffel]

Um... I can't even read the rules. Is that supposed to be part of the game already (wouldn't really make sense) or are they excluding Linux clients (would make great sense)?
Or has it already been hacked? ;o)

Stock install secure damnit! Crack in: win machine

[jcarr]

I must respond to the previous poster as to the security issues of a stock install( of LinuxPPC anyway.) A default install is much more secure than the crack.linuxppc.org machine is. And more stable from the looks of it as the windows machine looks like it has been rebooted already :)

So here is an additional challange:
Be the first to change /etc/motd on crack.linuxppc.org in a reproducable manner and we give you the machine crack.linuxppc.org.

Goodluck!

What's this crap? Rob - limit the comment size..

[Axe]

...if smbd has something big to show - he/she can
include a link. Nobody but assholes type
anything longer than a hundred or so lines..

Re:The site will remain uncrackable...

[Sangui5]

Because it is already DEAD!

Is Their Site Down?

[waldoj]

I can't get the the site anymore. I've been trying on a couple different computers on a couple of different platforms with a couple of different browsers. No luck.

Whether it was slashdotted or hacked, they look stupid either way.

Re:microsoft.com is also using NT5 Beta. crack it!

[TerryMathews]

Nothing says that Microsoft even has to usea piece of commercially-available software. For that matter, they could be using a doctored-up copy of Linux/Apache. Have some of their programmers make it look like Nt. Keep changing the version that it says it is to keep us on our toes.




Terry

Security through obscurity?

[jbf]

1. Where's the source? =)
2. If you can't even look at crashdumps and disassemble (ie if you don't have a copy of win2k), isn't it rather hard to execute arbitrary code?

Site is Dead Alerdy

[zaw]

The site is DEAD!

win2k down already?

[lokai]

Well, it seems i'm the first post in response to this article.. however, its kinda funny. The URL mentioned won't even pull up. Damn, that was quick.

lokai

Re:win2k down already?

[Darksky]

try hitting reload on /. i'm afraid u r FAR from the first post, there are around 450.

Damn!

I wasn't able to retrieve my keyboard log from a custom install of BO2k before they took it down!

Well unless they reformat, when it comes back up I might be able to get in.

Re:Damn!

[Sangui5]

How did you get in? All of the ports are closed.

www.windows2000test.com down???

[bomek]

I tried to connect to this site and internet explorer and netscape timed out!!!

Someone probably hacked it or they only reboot it for the seventh times today

Don't give M$ free debugging!

[IGnatius+T+Foobar]

Why would we want to spend our time debugging Microsoft's software, for FREE? That time would be better spent writing, documenting, and debugging free software alternatives. Unless Microsoft is planning to open-source W2K, they shouldn't expect free software people to give away their time for it.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

HAHAHAHAH

For that reason alone (/. effect), I have a feeling that they didn't know what they were getting into when they
did this.

Is this for real?

hypocrites?

[insane4no1]

i am sorry but this is not microsoft taking a step in the direction of becoming open source. yes we should be afaird of helping them. we help them to make this a better produce, then this happens: they can say that they use the open source community to make their products giving them a better image in the media; they will also be able to claim that their product is stronger because of the test (whether they actually fix any of the bugs or not) and continue to dominate the market. both ways only contribute to microsoft's dominance, niether will really make it a better company, or make win2k a better product, and it will that much harder for a decent stable os like linux to find its share in a market that desperately needs it. so are we really hypocrites to be afaird of the new big brother?

Re:They're asking the Internet to debug for them !

I thought you guys were just in this to make software better? All that free and open jazz.. Funny how quickly things change.


What a sad group of people...

Is it down already?

[Alex+Zepeda]

Perhaps GST/Wenet just sucks beyond belief, but for whatever reason I can't resolve www.windows2000test.com. Hmm. Oh well :^)

Their nameservers are currently dead

[weave]

Hmm, can't get to www.windows2000test.com at all now. Both of their name servers (ns1.winisp.net and ns2.winisp.net) are not responding to queries.

I wonder if ns[12].winisp.net is running win2k!

Even if win2k *just* running IIS *was* bulletproof, what good does it do if you can't get an IP address to get to it! :)

software firewalling??

[austad]

Even though this machine is outside a firewall (supposedly), it must have some sort of software firewalling running on it. When I did a portscan, I noticed it taking an unusually long time, and when it tries to connect to a port, it's not even getting the response that it cannot connect. Connections are being ignored on these ports. Does win2k have software firewalling built in (like Linux)?

Anyway, that was as much effort as I'm going to put into it. If MS wants to pay me a normal consulting rate, I'll be happy to mess with it some more. I've got better things to do on my Linux box...

disappeared!

[mackga]

From the trinux box in the corner, I can't even traceroute the site. Telnet doesn't even give a trying......Ping just sorta sits there. Huh, must of vanished :)

non-existant machine?

[Agrajag]

[agrajag@shift agrajag]$ nslookup www.windows2000test.com
Server: uni00rh.unity.ncsu.edu
Address: 152.7.1.3

*** uni00rh.unity.ncsu.edu can't find www.windows2000test.com: Non-existent host/domain
[agrajag@shift agrajag]$

hmm... anyone know why this machine seems to have disappeared?

It's waaayyyy down.

[Sangui5]

Not only is 207.46.171.196 (windows2000test.com) not responding, but 207.46.175.250 (the maching to which windows2000test.com appears to route all of its traffic) is also down. I e-mailed the MS ppl. if 207.46.175.250 is fair game, but I imagine that they are a little busy at the moment.

Has ANYBODY been able to get into ANYTHING at ANY time other than http ports? Some guy said everyone had download access to some msdca directory or something, but I haven't heard of anybody else getting in. If no ports are open then whats the point?

Re:It's waaayyyy down.

the guy that mentioned the msadc thing was me...
i also requested that someone give me a dir listing off of an IIS 5 machine so i could actually try some other stuff but nobody responded... oh well.. and if the server could have actually stayed up for while i could have tried some more stuff but as we all know the server crashed and burned... feel free to email me at tech@newsources.net

Anti-Microsoft for no good reason?

[rlm]

Why do I see so many posts on here complaining because Microsoft is trying to get "free auditing" by asking everyone to attack their machine? Doesn't this fit entirely with the concept of Open Source? They're requesting assistance and criticism from the community rather than keeping it entirely closed. I mean, it's not handing out the source code, but it is a step in the right direction. I mean, shouldn't we all be happy that Microsoft is at least TRYING to improve their product before they release it rather than just giving us another piece of crap?

If you don't want to help Microsoft out, that's one thing, but you can't deny that this is better for the hoards of people who will be running this thing.

Re:Anti-Microsoft for no good reason?

It's common courtesy when asking somebody
to analyze your product for free that you at
least help them by giving them information.
For example, if you want the academic crypto
community to analyze your new whiz-bang
crypto algorithm, you have to reveal the
algorithm. That's the only way to advance
the art.

IMHO, if Microsoft wants to have a closed
system, then they have to live with the
disadvantage of *expensive* peer review.
A good response by the cracker community
would be to attack a private copy of W2K in
secret and wait for Microsoft to claim
victory over crackers. Even better would
be to attack Microsoft's development
facility, liberate a copy of the source
and post the *fix* to a couple security
holes. (GPL'd of course... ;)

Re:Anti-Microsoft for no good reason?

[BlueAdept]

It only matters that "The OS gets fixed a bit" as you put
it, if you infact use the OS. Personally I have not
used Windows for the last 3 years and intend to stick
with Linux. It's frustrating from time to time that windows
gets better device support from manufacturers, but only because
that's changing and I want it to change faster!

I'll exchange functionality for reliability any day, and MS
really does need to be competing rather than running a cartel
I view Linux as the start of that process, Look how far the PC has come since IBM stopped being the only company making them.

Re:Anti-Microsoft for no good reason?

[Rasputin]

Doesn't this fit entirely with the concept of Open Source?

No. It in no way fits the concept of Open Source. Are they providing source code for *anything*? No. Are they giving anyone a chance to examine or critique their methodology? No.

Microsoft is just doing what they always do - "letting" the user community debug their applications. I guess this time we should be happy that they aren't charging us for the privilege.

How much will MS really learn from this?

[sigma]

I think that it's generally accepted that there is (was) some significant sniffing done on the site, leading people to believe they'd be able to use it to track down any bugs.

I think the data that MS gets from this won't be as useful as many people think, if only by the sheer number of crack attempts. When a hundred people are connected at the time the server craps out, is there really someone who will go through every crazy GET request in the last minute to try to reproduce the error?

While I favor the "hack my box" idea in general, MS's implementation of this is not as beneficial as it could be. I'd rather see this on the final release candidate of NT, with something resembling a useful server (POP3, file sharing, etc).

site dead?

the site doesnt even load a page right now... did someone get it already?

hahaha

It's just fine, but it's been compromised...

Quite neatly by the way. There's a whole different site (from a security firm) installed on the server. Your challenge is to figure out how to access it, and how it got there !

Go on kiddiez... you might actually have to think for a few minutes (but not that hard actually)...

The images for the home page are toast, and the asp that provided your graffiti page is also history. Thank god.

Why are we even trying??!?!

[Johnny+O]

We should be helping to make Linux better, not wasting time with Micros~1 products.
"Kepp moving... Nothing to see here, you lookyloos"...
Ignore it...

Jeez.

[Gray]

Quit whining.. If any other OS manufacture had done this (I assume some have) it would be smiles all around..

But when MS does it, it's an evil plot to get data for the FBI and market to everything...
I'm sure the NSA and DOD have already setup dummy servers to do that sort of thing ages ago and MS has plenty of marketing databases as it is.. One more isn't going to violate you any worse..

I mean, dislike the MS empire as much as the next guy, but I mean, yack..

I'm thinking it won't be cracked.. The admins are probably too on the ball (they wrote the thing) and it's pretty hard to develop a real bug attack without having the OS on a local box to play with.

After they release it on the other hand, I'm sure it'll fall like everything else..

Re:Jeez.

[Darksky]

they HAVE been cracked.... they can' even keep the site up!

Doh! did someone bring it down?

[doomy]

I just tried to access it, out of curiousity and it seems like it wouldnt let me get through. Not even a ping or traceroute...
--

...And Thar she Goes...

I tried to go to the site, to no avail...it was /.'ed...no response from the server. Glad to see the future is so rosy...for REAL OS's

Mindcraft study

[DrSpoo]

Well, I guess this puts an end to the Mindcraft fiasco. My friends, Windows 2000 is 0xDEADBEEF.

Re:Mindcraft study

Lookit the ape, dancing around on the dead calf it killed....

Re:Mindcraft study

yer an AIX user arent you?

Its a windoze machine

[surfsalot]

leave it alone. It will bring itself down, it doesnt need any help!

and why the hell would we waste any good exploits by telling microsoft about them beforehand :)

Re:Its a windoze machine

[Johnny+O]

Ahhh yes indeedy! I like that, but....
With this challenge, they are probably scrutinizing every packet coming across to that box.
Whenever it is alive that is...

Re:What an ugly pile of sites

[boinger]

Most M$ sites are getting worse. Try looking at product comparisons in the electronics section of sidewalk.com with a Netscape browser - It /used/ to work fine, but they changed it to be /incorrectly/ tagged HTML in the tables. M$IE conveniently misinterprets it to where it looks okay, whereas Netscape "reads" it properly, thus producing a hideous page where you have to scroll sideways for several screens between columns of text.

I still can't figure out why they'd do that. It's not like people who use Netscape don't see the load of banner ads, too.

*sigh*

----------------------
It's too bad stupidity isn't painful"

Broken guestbook

[Dilbert_]

Not only is the JavaScript broken, but try typing an apostrophy or quotation marks in the guestbook... They disappear when you submit your message, so you come out looking like an idiot who "cant" even spell...

down?

[EdMcMan]

Odd, I can't seem to resolve the test server's name. Is my isp being stupid, or is the dns server on the test server? :P

here's an idea

ok, be really evil and determine how to screw it up, then withhold how you did it. wait until they release the full version to customers, then destroy it. it would be horribly wrong, but funny nonetheless.

MS Disclaimer

[jecpwx]

From the guestbook:

MSW2K Development Group
Netscape is not supposed to work in here. Niether is IE 3.0 or earlier. We are sorry for any problems this might have caused.

Yeah right.

james

Heh.

For a minute there I thought you said "I love getting a pay for day-trading". :-)

Nameservers are down?

I can't see the site at all because I can't resolve its address.

Nameservers are:

NS1.WINISP.NET. 172530 A 207.46.170.2
NS2.WINISP.NET. 172530 A 207.46.170.3

traceroute:

12 icpmdistc7503-h6-0.cp.msft.net (207.46.190.5) 339 ms (ttl=245!)
13 iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136) 319 ms (ttl=244!)
14 *
15 *
16 *
17 *

*poof*

[Cebert]

I was joking to myself while reading the page, that
it'd be pretty humourous if 15 minutes after being
posted to Slashdot, the drive the page is on was
totally wiped clean. Guess that'd be a little security
problem. ;) (I was just imagining the looks on their
faces in the office. :)) "What the -- !"

Looks like someone already got to it: MS designers

[pluteus_larva]

Well, on my Mac running Netscape it already looks like it's been trashed, but I guess it wasn't designed for non-M$-standard machines...

Benefits of OpenSource without the commitment

If an OpenSource company asks me to hack into their software, I will happily do it primarily
because *I GET BACK THE BENEFITS OF MY WORK*.

It's open source. They *have* to give the improved product back. Win-win.

Also, don't forget that if the product is OpenSource to begin with, I save a drastic
amount of work since I have the benefit of getting to look for weaknesses in the code rather than
just thrashing about.

Why on earth would I want to spend an evening doing hit-and-miss quality assurance on something
that I would later have to pay to obtain??

Identifying Criminals?

[nascent]

So what are the chances that M$ is doing this to lure out competent hacker-types? You already know they're behind a lot of the campaigns to report piracy...I wouldn't be surprised at all to see that they use this to get names of people to "research" and monitor.

status...

Has anyone checked the status of that system?

It has had a lot of "router problems", and had to be rebooted at least once...

Praise Gates...

-----------------
Status


Current Status: UP


8/3/99 Events


3:22pm - Network connections down due to router failure,
possibly related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure

Re:Has anyone seen this?

The rules say nothing against hacking by raindance.

BETTER STILL... an Open Source answer

[leonbrooks]

Everyone visit this site and point a copy of ISIC at that box. Call it operation SnowStorm, and re-read the IP from DNS at least hourly. The resulting continuous failure would not be interesting, but it would keep the box off air, maybe permanently, and may indeed kill boxes between it and the world.

Better yet, can we (collectively) afford a box for Rob to put a clone of SlashDot on (two hot-swappable drives and caddies, mirror SlashDot onto a drive, put it in the SlashClone box, let fly and repeat if/when it dies) and do the same to that box, sending the resulting damage reports to the Linux-Kernel mailing list? At least the web-site would look better...

Re: ARe there really any SMALL kernel faults

think about it :)

Just look on status!

[Frodo]

Look on their status page:

Current Status: UP


8/3/99 Events


3:22pm - Network connections down due to router failure, possibly related
to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure


You tell me the server that is rebooted twice a day (once because log is full!!) and something fails to start on reboot, and has networking problems four times a day - it is the notion of secure robust web-server?!?! Am I missing something??

its back

[toaster13]

the bitch is back!

Who give a fuck.

Who give a fuck what MS want us to do.

Re:Who give a fuck.

For some reason y'all seem to.

it's already broken

[Roundeye]

I've tried connecting to the site, and the rules
page with 3 different browsers on 2 different machines running two completely different
operating systems. All I ever get is "you are not
authorized to log in."

Excuse me, but, while that might be secure, it's
pretty fuckin' useless as a web server.

She's LIVE!

Aye, they've rebuilt the core to fix the "Malicous DoS attack" I guess, as of 6 EDT it's live again.

Good luck, MS.

DT

Re:She's LIVE!

But note -- the guest book is now gone! I guess they got tired of the redirects...

DNS

[Micah]

I can't even get it to DNS resolve. What gives? Surely noone hacked their DNS servers.... ???

It's back, but still no telnet.

[Sangui5]

So whats the point.

Re:It's back, but still no telnet.

[DDYZero]

But theres oh so many ports open now, try:
nmap -sU -O -R 207.46.171.196

BackOrifice on port 31337, now THATS taste...

A couple network details

[fR0993R-on-Atari-520]

Here goes:

IP address: 207.46.171.96
DNS: NS1.WINISP.NET 207.46.170.2
NS2.WINISP.NET 207.46.170.3

Interesting : when a traceroute is done on any port besides the standard traceroute port (?), it will trace to 207.46.175.250 then bounce back and forth between that and 207.46.175.249.

Code to see what happens with a mock HTTP packet is in the works, as is code to see what happens with non-standard ports, ARP broadcasts, router hacking, blah blah. Anybody else have any good ideas?

Can someone send me a copy of Windoze2000 beta?

fR0993R
-------

The server is back online! but...

they are limiting guestbooks entries! They will not allow more than five entries per IP address! Silly.. they don't trust their own software..

Need Specs

[drudd]

I applaud Microsoft's intentions behind this test, but it really won't benefit its end customers.

Howabout releasing some specs as to what hardware this machine is on, and what security settings they are using.

We're not even certain they haven't made unfair modifications to their code (say randomly changing usernames and passwords if someone brute hacks them). Is this a realistic level of security which can be maintained by the average sysadmin, or will you need to hire half the NT 5.0 development team.

Say someone does crack this system. Or everyone fails? Then what? Are we going to recieve detailed data on what people tried and succeeded/failed? If not we have no assurances that Microsoft will even attempt to fix any security holes they find.

Essentially Microsoft has created a marketing gimick, nothing more.

Doug

Re:Need Specs

Well it's better to have something break now instead of a month after the release. It's a good thing though. I can't believe so many people are going nuts over this. No matter what MS does it *has* to be wrong. Makes you wish some people would grow up.

Re:Need Specs

[drudd]

Howabout when it breaks now, they don't fix it and it also breaks a month after the release?

If you read my comment, I agree that this is a nice idea *in theory* but there's really no guarantee that Microsoft will bother to do anything but slap this on a couple of press releases and ship the same beta-quality software they always do.

Doug

since DNS is broken..

207.46.171.196

We need the DUKE!

We need a duke port ... please

hmmmm

Seems to me that id Software did the exact same thing with crashtest.idsoftware.com and they didn't catch half the flak Microsoft is getting.

Of course I didn't see anything about a bounty either. If Microsoft was paying people to crash the server maybe that would be a little more fun :-)

The Fallacy of Cracking Contests

[Brent+Nordquist]

An article in Bruce Schneier's excellent "Crypto-Gram" monthly newsletter. Now this will probably make next month's newsletter too. :-)

The Fallacy of Cracking Contests
--

Re:The Fallacy of Cracking Contests

[jonathanclark]

The best products/systems/protocols/algorithms available today have not been the subjects of any contests, and probably never will be. Contests generally don't produce useful data. There are three basic reasons why this is so.

You'd think Bruce didn't read his own book. Cracking contest have always been an important part of cryptography and security. All of the major crypto algorithms have been through a cracking contest of some sort or another. Initially these contest remained amoung peers and had values of $10 or $1000 attached. Today many of them are still going with prizes of $1,000,000 (for ECC). Until the recent string of contest with actual prizes, there has been very little incentive in the private/research sector to create special devices for DES. There would be no "group cracking" attempts, which, while not advancing the science of cryptography, have been usefully in show the need for crypto-ban relaxation.

Contest are about getting people interested. There are lots of things to try to break. In order to entice people study your system you have to have a great value in breaking it because it's widely used. But for new system, there is little reason to try because most people want to spend their time on something else with more value attached to it. Announcing a contest and marketing it, creates that needed value. If someone breaks W2000, they will no doubt get some play in the press and be heralded as the ultimate cracker by some... which is exactly why crackers crack. It's an ego thing not a money thing.

When someone announces a contest, everyone screams snake oil and that no good will come of it. Though some "contest" have no value other than a marketing device, many of them are genuine attempts to improve security. I will be introducing my own "cracking contest" later this year. I'd rather have someone break it than not, because that shows me that people are actually putting real thought and effort into it.

What's the IP?

Dang! The DNS update hasn't propagated out here.
[A tiny little backwater called Boston MA]
I even tried two local colleges.

What's the IP?

javascript continues

For a simple page like this what is the point of making it execute a javascript?

And what, again, is the point of making javascript that only works with 1 of 5 Java enabled clients?
(from reading this thread).

The script was broken, it's still broken, and as far as anyone can tell it's done on purpose.

Thanks MS.

-kabloie

Re:They're asking the Internet to debug for them !

[ThePlague]

This comment is valid, and did not deserve to be moderated down.

It's dead as a door nail

[WestonP]

I was screwing with it and it looks like I killed it with a cheap and easy buffer overflow. It stopped responding right after I sent it a ton of ASCII code 255 characters. Time of death: Approx. 1:45PM MST 8/3/99

did they give up?

[Darksky]

did we break them? mwahahahaha!

People to kill list

He just made it.

Mozilla works fine

Mozilla works fine

God, My evenings and weekends are now gone.

[Flak]

Ok, I grew up in the Information age. I hack. I can get into a Windows machine in under an hour. I tried this one. No luck. They fixed all the old problems. I say one of use out here will find a neato hole in the redmond armor fast. But I bet it will still be more sucure than SCO, or HP-UX.

10:45am - Reboot because the System log was full

[muffel]

10:45am - Reboot because the System log was full
Buahahaha... 'nuff said

Network connections down due to router failure, possibly related to thunderstorms and power failures in the area

yeah sure, thunderstorms... (well, I guess you could call it that)

Firewalled & DNS

[syNaK]

They've not disabled the ports - they're
firewalled, otherwise we'd get an instant
"Connection Refused" so it's M$ not playing
fair yet again.

Re:microsoft.com is also using NT5 Beta. crack it!

>oops.. microsoft.com appears to no longer be using NT5 Beta. I swear that it was about two weeks ago. According to Netcraft, microsoft.com is now
> running "NT3 or Windows 95". Do you think Microsoft would revert from NT5 Beta to NT 3.51??

Why not crack it anyway?

Wouldn't it be hilarious...

..if they used the iMac colors?

"Now you can get blueberry screens of death"

Publicity machine

[earwicker]

I'm not exactly informed on the subject of win2000 as the only times I touch windows seems to be during my evil summer jobs; otherwise, i stick to meine Powerbook und meine pure linux celery. but here are some opinions, free and unsolicited.

0. Huh. They make this log message sound so natural. I hear logrotate being installed now.

10:45am - Reboot because the System log was full.

1. In trying to "crack" the server, ye can either use known attacks or you can shoot randomly in the dark. Now, dear Microsoft has asked us specifically not to hand the keyboards to the trillion monkeys (all chiquita powered) so we can assume that the only meaningful attacks are ones with known program flaws (in IIS or NT). Chances are, anyone who has the knowledge to properly take advantage of, much less find a buffer overflow would NOT be wasting time in the contest but either already a MS employee, developer, or tester. Not everyone dreams of being called 3l33t hax0r or whatnot.

2. Very simple installation. IIS and NT--I mean win2k--and some sort of guestbook cgi--or asp or isapi app or something. I could put the passwords to all of my accounts, the source code to my linux installation, and still be safe without any firewallish protection IF the only services running were plain http, NTP, and qmail/sendmail (evil sendmail configs not withstanding).

3. I agree that the majority of security problems on operational machines comes from misconfiguration. It is my understanding that hax0r tools like BO2K take advantage of user config errors--made much easier by NT's (in my understanding, the only NT that I've touched being a couple of firewalled thinkpad systems) half-assed multi-user design. This is pretty much a cookie-cutter stamped installation maintained by a whole team of Microsofties. Unless they deliberately misconfigure--which would be odd considering they would need to have a vulnerability to exist for this to be an effective technique without resorting to the monkey militia--I assume that this installation is rather airtight.

Umm... losing count so i'll start over. Like hell I'm scrolling back. 2 hour train ride ahead of me and it's already very very late. Actually screw the numbers. I believe the only attack that may yield something useful is monkey madness. Either way, MS gets something to boast about.

MS is not the evil evil enemy... though it is damn fun to call them that (even more so to call their employees incubi and succubi and such. screwtapes and wormwoods). Linux is good because of the hacker mentality: the spirit to learn and improve for their own sake. Those who use Linux because its c00l may be following the way of MS. I use Linux because I like seeing the code and trying to hack up my own little pieces of code.

Damn this. nevermind, i have to go pee.

H.C. earwicker from Tokyo
err. off the top of my head: "well either you know or don't you kennet. every telling has a taling and that's the he and the she of it. Look, look the dusk is growing. Her branches lofty are taking root. And her cold cher's gone ashley. Filou, filou? What time is at? It saon is late..." indeed. Home at 9 at this rate. and only really worked for like 5 hours today.

hatred of MS?

Actually, the idea of selling a library of useful routines (an OS) was a novel concept.

Mr Gates created an entire industry. Like it or not, he has changed the world, and not even his harshest critics claim that there are any real dead bodies. Metaphorical deaths (BSOD)do not count.

Windows has provided a defacto OS standard that has advanced computing considerably. While it may be time for the Model T to give way to the volkswagon, hatred is not appropo.

Let's just wave to Bill as we go by.

NOT putting code where mouth is: where's the code?

[leonbrooks]

If they were putting their code where their mouth was, the full sources for every piece of software on the machine would be available, prefereably from the machine itself.

move up the chain!

At least ONE machine in your traceroute listing is a wide open box.

...
Port State Protocol Service
68 filtered tcp bootpc
79 open tcp finger
137 filtered tcp netbios-ns
138 filtered tcp netbios-dgm
139 filtered tcp netbios-ssn
520 filtered tcp efs
2001 open tcp dc
6001 open tcp X11:1

Nmap run completed -- 1 IP address (1 host up) scanned in 133 seconds

Keep it cool

[Spazmoid]

I dont know if anyone from here is doing it. But keep it cool on the guestbook. We lose progress when all big business sees is a bunch of flaming morons who look like Drunk hormonal 15 year olds.
Business need to see that we are a valid, large, and growing piece of the market for things to get better. Thats just the way business works. The better we behave the more people will listen.

Second NIC? Why not a floppy drive...? HEY...!

[leonbrooks]

If anyone breaks this machine, why not set it up to write a copy of BO2K to any floppy that appears in the drive, and see what happens next? (-:

Now you see it, now you dont.

[Kerg]

It's gone again.

Oh well, I'm going home. The microserfs don't wanna play wif me.

It's Worse Than That - He's Dead Jim, Redux!

3:29 PST. As a door nail.

This isn't really testing W2k security

Heh the only port open on this box is tcp 80, open up Netbios if they really want to test w2k "security". All this proves is that windows 2000
is as secure as the latest version of IIS.
Bleh.

Don't do it!

[cout]

This is Microsoft's feeble attempt at using the public to fix their bugs, in a manner similar to open source, but without actually having to give away their code. If we give in, we are only helping Microsoft, not hurting them. So don't do it!

From the Guestbook

Microsoft Windows 2000 Development Group 8/3/99 9:12:46 AM
We would like to thank all of the Slashdot (/.) users attempting this challenge. We have been receiving 907.74 added average hits per 30 min. period and attribute those extra hits to the kindness of the Slashdot Webmasters that posted this challenge. Thank you again!

Broken pages all around

[biya]

Following that link, I get a lovely javascript error window stating thus:

JavaScript Error: http://www.windows2000test.com/,line 91:

It's broken. Well, at the very least it's probably 'IE4.0 Compliant'.

Windows is not defined.

How apropos.

Using my leet hax0r skills, I clicked on View/Page Source in Netscape and found this line:

Windows.style.display = "";

followed shortly thereafter by this one:

(openbracket)DIV id=Windows noWrap

Oops! Forgot that closing bracket there... doncha hate that? (For all practical matters, this page is likely broken in IE4 anyway. I wouldn't know, since I don't have it on hand to use.)

Anyway, after going to their "ground rules page" and reading the warning against using skript kiddie tactics (in page source again), I stumbled across a few particular lines.

"Instead, find the interesting "magic bullet" that will bring the machine down."

What, let the server run all by itself for +45 days?

"There are hidden messages sprinkled around the computer. See if you can find them."

"BILL IS GOD", "DOJ SMELLS FUNNY", "3R33T HaX0RZ UZE W1N98!$#@!@!!!!111"

Actually, does that broken DIV thing back there count as one of the hidden messages? Am I an 31337 H4X0R now?

(Come to think of it, would microsoft ever admit to having the thing broken if someone actually did? Either way, they get free network security testing done or get bragging rights for whatever marketing campaign they have planned for this. Frankly, even if I knew how to go about 'cracking' a server, I'd be more concerned with my own. Microsoft is not lacking in cash reserves, let them do their own testing...)

---

A good thought, but yours is "stock." (MS=tweaked)

[qnonsense]

Your challenge to break into a LinuxPPC stock install (with nothing running) is NOT anallagous to Microsoft's challenge.

There is no way in hell that the W2K server MS is putting up for this challenge is stock installed. It's probably been tweaked by MS engineers over the past two weeks to lock out any possible attack.

When your server is cracked and theirs isn't, they will point to this as an example of W2k being more secure than Linux (which I doubt very much). This can't be allowed. Someone (maybe from Red Hat or from Debian or from *BSD) should take a week and secure one of thier servers and then let anyone go at it. Then we'll see whose server lasts longer.

Hey idiot

That's "crackers", not "hackers". And a vast majority of the slashdot readers are not crackers.

Lynx still reigns supreme.

[miahrogers]

Well if we can't access theirs sites in *nix machines we should try to acess them in our windows machines (most of us have at least one of them lying around). And thanls to god we still have at least one telnet clinet lying aroun d in windows. OR you can always access the site in lynx. Like i did.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

An indefensable DoS attack. And if you play with the source IP addresses, the software won't know they're all coming from the same location.

You cannot open a TCP connection with a fake address. All you can do is TCP_SYN flood (which is already well known, and only marginnaly different than ping flood). More your ISP (or the ISP of your ISP, or etc... is very likely to nuke packet with fake IP), so you may not even able to TCP_SYN. And you cannot do that for long, for you are risking being discoverd.

Anybody read the rules and the status?

[st.n.]

Has anybody read the "rules" and the "status" on their page? They state:
See if you can change any files or content on the server. If you manage, no foul or rude statements please.

Isn't that funny? Do they really believe people will follow this rule?

And even better, on their status page you find:
8/3/99 Events
[...]
10:45am - Reboot because the System log was full

I guess they haven't learnt anything yet - still having to boot for the tiniest reasons.

- Stephan.

FAT32 kernel

A small "kernel fault"? Isn't Internet Explorer
part of the kernel in W2k?

It's like buying a used car, isn't it? They tell
you the small drawbacks the car has (compare:
"small kernel fault") but hold back about bigger
damages. So the customer thinks: Okay, it has
this little uncute thing, but that's okay.

This is marketing.

This is a *test* of security, not a *proof*

[throx]

When looking at a test like this, you have to remember it can never "prove" the system is secure. That is a very difficult mathematical task that (as far as I know) is pretty much impossible for any modern operating system.

What this sort of test can only do is increase the confidence in the system. If someone breaks in then they have a good look at the areas of code that facilitated the breakin. If someone crashes the system they have a good look at the logs.

On the whole it is a good thing to do from Microsoft's point of view, and as an NT user, I think it is a good thing to do on behalf of their customers - after all they do realise how much certain people hate them and may as well try to leverage that for their advantage.

If the machine doesn't get broken into, does it mean anything? Not really. The best MS can hope for is that the machine really does get hacked a few times so they can figure out where to concentrate their final testing runs before release. The only thing that can really mean anything is if the machine crashes every few seconds from any old script kiddie's attack. That means Win2k is pretty badly broken and needs lots more work.

jw

Re:Who's the idiot

He used the word "hacker" correctly.

He was referring to hackers helping companies to secure their websites, often freely volunteering.

He also said "defacing", and implied the companies didn't ask for them.

This reminds me of a great Simpsons...

[cg]

Not that I am big into the whole M$ conspiracy
and all of that big brother stuff, but an earlier
post suggesting this is an attempt to
track crackers (or something to that effect) reminded
me of the Simpsons episode where the police sent out
notes to people they wanted to catch
saying they had won a boat and to pick it up at the police station.
Maybe it isn't all that germaine to the
subject, but it maid me chuckle...

Who's the idiot

He used the word "hacker" correctly. He was referring to hackers helping companies to secure their websites, often freely volunteering.

Petulant Penguin Children with no skillz

Look people, there are rules of engagement. You do know how to play games, don't you? As the notes state, there is a magic bullet.
I now have an idea what exactly that is, and will be trying to make use of it later, I have my own work to do in the interim. If you lot could stop the 'My dad's bigger than your dad' pissing competition and work constructively, it might prove interesting.

Router failure?

[apsmith]

Check out their status page - it claims 3 router failures as the source of trouble ("Network connections down due to router failure") - has somebody been cracking their routers instead of the machine itself? A router going down 3 times in one day seems way too much of a coincidence for me (they blame thunderstorms and electrical glitches - haven't they heard about UPS's?).

Java Fix

I saw on one of the threads a way to access the site! No java errors! The claimed to ues

"opera 3.60 + java plugin to go there, seems to work fine..."

Maybe that will help some of you dead set against IE4/5.

Re:Java Fix

Sure. Let me fire up Opera on my Ultrasparc here.

Oh wait, I can't.

Luser.

It's baaaack.

Back up again, _apparantly_, according to the new status page, they were having some router problems. (Thunderstorms, power failures..you'd think they'd have a UPS but hey, not like it's a real-life server setup anyway, right?) --And that's as far as I'm gonna go down THAT trail.

I hope people restrain themselves this time - that Guestbook is sickening.

And what's the highest messages for a thread on /. ?? This one passes 55x (I think) with this post.

Re:They're asking the Internet to debug for them !

[Megaweapon]

What, that I enjoy MST3K and this is a favorite quote from Dr. Forrester?

Internal firewalling, downtime

Its 6:42PM EST, 8/3/1999. This site has been down for several minutes now. Its been responding to pings and was available earlier today, but now it is down again. Obviously they are once again completely disregarding stability, as one would expect from microsoft.

Also, I noticed that this machine simply does not answer on most ports both UDP and TCP. It also does not respond to various ICMP messages, as if the machine was behind a firewall. However, internal firewalling has been around for years in other operating systems, perhaps it finnally exists in windows. So, the machine may not neccesarily be behind a firewall as it might appear, but is rather filtering packets on its own. Can anyone with the win2000 beta confirm whether or not it has this feature? If it does not, then they are blatantly lying about the machine not being protected by a firewall. I know under NT4, you can not even get the machine to not answer on port 135.

Re:Internal firewalling, downtime

[Serk]

NT5 (I still refuse to call it Win 2000, although W2K does sound about right) does indeed offer IP filtering... I'm currently running RC1, and you can filter by TCP Ports, UDP Ports, and IP Protocols..... I haven't played with this part of it yet, but it also appears to enable encypted IP connections between NT5 computers, and local on the fly encryption for files... (Not that I trust MS to not have a backdoor)

I hate to say it, as I still can't stand MS as a company, but from what I've seen of NT5 so far, I'm rather impressed. My current installation has been up since Friday nite, and I've changed many networking settings, installed/uninstalled many programs, etc, and it hasn't crashed or rebooted yet. (I know, Friday-Tuesday isn't a very impressive uptime, but this IS an MS product I'm talking about here.)

Sorry, this document does not validate as HTML 4.0

[muffel]

Oh my, how pathetic their HTML is. (See the checker results)
How can you trust a company to write clean reliable code, when they're not even able to put together a decent page of HTML?

back up again

[fr0g]

its baaaaack

Re:back up again

Yeah, but is that, "fr0g31337@hotmail.com", your real email?

That dosn't make any sense...

[delmoi]

If they wanted to disable Netscape, they could have just set some settings in the browser, to block all incoming HTTP reqests comming from any kind of mozilla

I think the "spesific reasons" that they talk about is the fact that they screwed up, and are stupid.

Typical "it's not a bug, its a feature" thinking.

plus some people are saying it dosn't work right in IE ether...
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:That dosn't make any sense...

[delmoi]

(also, I dont' think this is real....)
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Comparison with Apple Contest

[stevenj]

Apple ran a contest much like this a couple of years ago; it was open for about a month or so and offered a cash prize to break-ins (but not DoS attacks). In the end, no one was able to claim the prize and Apple gained lots of bragging points. It became an instant selling point for Apple PR and Mac advocates.

When the contest ended, Mac advocates took it up and sponsored their own contest. This ran for some time and again wasn't claimed; more bragging rights. Then, they ran another contest and upped the prize...this time, someone was able to break in using a security hole in a webserver plugin (that linked to a database--to their credit, they had set up the server to do something real, not just serve static pages). The prize was claimed, the hole was fixed, and then the contest started up again...and was quickly hacked via yet another plugin bug, as I recall.

After this, there were no more contests, and you didn't hear people touting the security so much anymore.

The moral of this story is that if someone claims their prize, Microsoft will lose more than they gain. It fixes one security hole, but there will always be others. And, their webserver got cracked--no bragging rights, and embarrassing no matter how they spin it.

Router failure???

[Axe]

Due to whether???
Jerks.

The life of www.windows2000test.com

[Sangui5]

We are gathered here today to today to mourn the passing of www.windows2000test.com.

www.windows2000test.com led a short life, but one full of activity. It is this action that we should remember, how pleasantly he served those static web pages, and the cute manner in which he [beep]ed out naughty words, like compe[beep]ion. We should remember how he went missing for a while, and then came back, opening up to us with several ports. We should focus on these positive things, not that somebody stuck a knife in those ports and twisted it with 30 minutes, but on how trustingly www.windows2000test.com invited us in.

I know that many of you will find his passing difficult to cope with, and I only wish I could do more to ease your grief.

Broken DNS?

[Kirth]

whois -h whois.internic.net windows2000test.com

gives:

Domain servers in listed order:
NS1.WINISP.NET 207.46.170.2
NS2.WINISP.NET 207.46.170.3

Querying one of those makes:
> server NS1.WINISP.NET
Default Server: NS1.WINISP.NET
Address: 207.46.170.2

*** NS1.WINISP.NET can't find www.windows2000test.com: No response from server

ns2 doesn't answer at all. Did you slashdot their
nameservers? ;) Anyone know their IP?

NT5 beta?

[jesdynf]

Just for kicks, I ran the site through www.netcraft.co.uk, which identifies systems and servers.

It ID'd windows2000test.com as running MS/IIS 5.0 on "Windows NT5 beta".

I admit to a profound ignorance of most anything MS does, develops, sells, or establishes, so I don't know if this is interesting or not.

I do seem to recall that Win2K is using something closely resembling the NT kernel, except that it isn't, or there are two versions, or... something.

It just seems somewhat interesting, I guess -- I don't even know if that's an internal designation, or Netcraft's judgement of the response. Take it as you will.

The System registry

[delmoi]

Before teh System.ini hack came out, there was a registry crack. I'd be willing to bet that the registry hack works on NT as well as 9x. (but of course, not 3.x)
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:What an ugly pile of sites

[Detritus]

The wizards at Microsoft don't even support older versions of Internet Explorer. I've recently done several installations of Windows NT 4.0 Workstation, which installs IE 2.0. Microsoft's web site is totally non-functional with this browser. You would think that they would make it easy to download and upgrade to IE 5.0. I didn't have any trouble using IE 2.0 to download the latest version of Netscape.

Self-Audit of Linux Security...

[technos]

Hmmm.. Slap a Linux box out on the net, secure it, and then ask crackers to mash on it.. I've got the hardware, anyone got the bandwidth?

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

Strobe? You mean nmap don't you? Yes you do. ^_^
Well, maybe, only because it would flood it, which is agianst the rules.
Brocheck

What is the point?

[subretro]

Windows will always be insecure and unstable. If I found an exploit, I would wait a couple months and exploit it to its fullest extent.

Its future is cloudy, sense much danger if Win2k is trained as an OS. wReckless is he!

Routing problems

[Phroggy]

Looks like their router is looping around in circles, thus making the site inaccessible (again):

6 199.ATM7-0.XR1.SEA1.ALTER.NET (146.188.200.101) 93.535 ms 71.709 ms 69.333 ms
7 195.ATM4-0.GW3.SEA1.ALTER.NET (146.188.201.25) 53.357 ms 53.401 ms 50.472 ms
8 157.130.177.154 (157.130.177.154) 71.568 ms 60.022 ms 58.255 ms
9 207.46.190.82 (207.46.190.82) 58.480 ms 61.652 ms 78.364 ms
10 iuscb11ixc7502-a0-00-1.cp.msft.net (207.46.129.8) 63.725 ms 55.144 ms 50.187 ms
11 iusd27nt5c7201-a2-0-1.cp.msft.net (207.46.168.68) 52.739 ms 49.825 ms 48.650 ms
12 207.46.175.250 (207.46.175.250) 52.931 ms 78.532 ms 85.338 ms
13 iusd27nt5c7201-f4-0.cp.msft.net (207.46.175.249) 59.106 ms 61.572 ms *
14 207.46.175.250 (207.46.175.250) 83.234 ms 51.434 ms 53.155 ms
15 iusd27nt5c7201-f4-0.cp.msft.net (207.46.175.249) 50.808 ms 60.722 ms 70.323 ms
16 * 207.46.175.250 (207.46.175.250) 51.603 ms 50.167 ms
17 iusd27nt5c7201-f4-0.cp.msft.net (207.46.175.249) 75.220 ms 60.949 ms 55.586 ms
18 207.46.175.250 (207.46.175.250) 51.696 ms 51.206 ms 88.515 ms
19 iusd27nt5c7201-f4-0.cp.msft.net (207.46.175.249) 65.363 ms 76.381 ms *
20 207.46.175.250 (207.46.175.250) 115.147 ms 137.363 ms 125.027 ms
21 iusd27nt5c7201-f4-0.cp.msft.net (207.46.175.249) 111.239 ms 67.210 ms 52.556 ms
22 207.46.175.250 (207.46.175.250) 54.301 ms 52.426 ms 63.224 ms
23 iusd27nt5c7201-f4-0.cp.msft.net (207.46.175.249) 49.652 ms 54.781 ms 55.462 ms

MS is trying to use you, and not pay you! Resist!

[segmond]

It takes time and hardwork to hack an OS, this is not a fucking movie, you don't sit down, key in a few strokes and have a site owned. It also takes dedication, and God knows that I rather spend my time mucking around with Nix or electronics than hax0ring winblowz OS. If I was getting paid for it, it might be different, I think Microslut logs all the packets that goes through, if you own them, they will replay the attack and fix it, Thus I encourage you to ignore their pleas to help them improve security, rather I ask that you DoS their machine, just to piss them off. ... and if you know of a way to get in, don't get in, wait!, let them go and boast to the world that windows2000 is the most secure OS, then hit them hard afterwards. fuck MS.

Hmmm...

[_Splat]

Does it seem suspicious to anyone that Microsoft's 'router' has failed several times in one day? Routers don't do that. Thunderstorms? What ever happened to their UPSes + generators.. It's not like Microsoft can't afford them or anything.
Also, why bother trying this? They will log all of our attempts, and anything they find will work against us having a w2kNuke to use on those dumbasses that try to connect to our Linux computers with Back Orifice.

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

You are so F*ing right! Screw em. Flood the duck out of them! Show them what a Linux machine w/lots of bandwidth can do! LOL

Bye bye, Micro$oft.

People!

[Axe]

You would not leave it running?

beta testing

[davedavedave]

I won't install Win2k on my machine to beta test it, so why the hell should I beta test their security.

Seems to that if they can't find the bugs themselves they should do the decent thing and not release it :-)

Yes, big thunderstorms in Seattle.

[cpeterso]

I live near Seattle and can attest that there were huge thunderstorms earlier today. At my work, we nearly lost power a couple times. I'm not sure how bad weather would affect just their router and not their server, though..

Re:Just cancel cookies to stuff things up

[Nok]

hit cancel when they send you a cookie and see things stuffup right before your eyes

Cracking MS Site

I'm not about to crack into their site and then send them the information on how I did it, for free! Those idiots think they can keep people working for free to do the research they should be paying for. Stop feeding the monkey! Tell Microsuck to shove it. If they can't code their way out of a paper bag then screw them. They are fated to go the way of the dinosaur. Their lame coding practices (stealing then screwing up other peoples work) should have caused their extinction long ago, but they always find some subhuman lemmings to keep incessantly diving in to the Microsoft pool (and drowning).

slashdot effect in force at 3:50 pm. PDT

The rules website did not survive the slashdot effect. Just tied multiple time to get in with IE 4.0. Server not responding. I hope for there sake the test server is in better shape.

Not Really Interesting

So, MS likes to get free boundary condition testing on its IIS/NT TCP driver. Let's be as anal as we can and find buffer overflows... A little on the boring side for me. Add to this it's bound to be a debug kernel that'll give em a nice stack trace.. Too easy!
Eerr, Lets make it interesting, Would M$ like to put MS Transaction Server, MSMQ and have a machine fully configured to use DCOM in a domain forest for people to hack?
Hmm, I Think not! PR Exercise. Go on MS give us a box with Viper, MSMQ ready for DCOM. http's just too boring. Go on! Just try...

Re:Not Really Interesting

[Kahunga+the+Behemoth]

I'm not an Anonymous Coward!
If the machine only shows signs of life on port 80 it's not a very interesting prospect. Finding problems with IIS doesn't require cracking a new NT machine. It's really a test of a competent systems administrator. Further emphasis on the PR aspect!

Has anyone seen this?

[moonboy]

The following was on their status page. Looks like they have been having a few "problems". I guess they could pass off any delays/problems/cracks/etc. to "problems" like these. You think?


Status

Current Status: UP

8/3/99 Events

3:22pm - Network connections down due to router failure, possibly related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure


----------------

"Great spirits have always encountered violent opposition from mediocre minds." - Albert Einstein

here it is

[Sangui5]

but it won't do you any good. The server is DEAD.

207.46.171.196

It doesn't need our help

[bjb]

Wait, have any of you looked at the status page?

Status


Current Status: UP


8/3/99 Events


3:22pm - Network connections down due to router failure, possibly
related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure

.. The thing is crashing fine on its own (or at least they're not admitting when something does get cracked) .. at least put a decent router on the damn thing, you silly 100 billion dollar company!
--

When did hackers start requiring invitations?

I thought just putting up a web site was an invitation for people to hack it. Asking them is like putting a sign on your chest saying "please mug me, make my day." Nobody would go for that.

Local cable company did something similar...

A while ago I heard of a technique used by my local cable TV company to find people stealing service by building their own boxes. They used the same kind of technology used for Pay-Per-View channels to send a message to each house that had cable lines laid but no service contract. While all the paying users saw a commercial, the ones stealing cable with home-built boxes saw a message that they had won a free tee shirt, and to call a certain number. They were asked for their name, address, etc. when they called, all of which they happily gave thinking they would have a free tee shirt mailed to them. Instead, the names and addresses were turned over to the county police and a good number of people had something to explain to a judge soon thereafter.

Just to emphasize, I heard this from a friend and have no way of verifying it. I personally think it's at least close to correct, but to keep myself safe from libel charges, etc. I have refrained from making any identifying statements as to what company or region is involved.

--Me

The site will remain uncrackable...

..mainly because it _IS_ behind a firewall.

Let me paste the text from my initial scans.

The following is a traceroute from my hosts to windows2000.com as if I _would_ leave in my
peers ;)


8 199.ATM7-0.XR1.SEA1.ALTER.NET (146.188.200.101) 143.469 ms * 252.588 ms
9 195.ATM4-0.GW3.SEA1.ALTER.NET (146.188.201.25) 148.365 ms 149.046 ms 149.636 ms
10 157.130.177.154 (157.130.177.154) 148.690 ms 150.032 ms 248.992 ms
11 207.46.190.82 (207.46.190.82) 148.777 ms 149.989 ms 149.094 ms
12 iuscb11ixc7501-a0-00-1.cp.msft.net (207.46.129.7) 216.968 ms * 256.297 ms
13 * iusd27nt5c7201-a2-0-1.cp.msft.net (207.46.168.68) 144.507 ms *
14 207.46.175.250 (207.46.175.250) 148.849 ms * 163.483 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Right there in black and white...line 14 returns no udp/tcp info. All ack's on echo replies are being denied.

This means that Microsoft is implicitly denying tcp packets. I thought this host was wide open. Hmm let me try something else.

Next pasting-------------------------------------

This is a simple scan from saint formerly satan
against www.windows2000test.com (207.46.171.196)

[root@nessus saint-1.4]# ./saint
Security Administrator's Integrated Network Tool
Portions copyright (C) 1998 World Wide Digital Security, Inc.
Portions copyright (C) 1995 by Satan Developers.
SAINT is starting up...
*** xxxxx.xxx.adelphia.net can't find 207.46.171.196: Server failed
bin/udp_scan: are we talking to a dead host or network?
Usage: ostype.saint target


Obviously Targeted info has been redirected....


The machine just before this win2000 box is definately the router for that subnet.

Pasted Text--------------------------------------

[skippy@nessus skippy]$ telnet 207.46.175.250
Trying 207.46.175.250...
Connected to 207.46.175.250.
Escape character is '^]'.
Copyright (C) 1998 Extreme Networks
WINISP EXTREME!
By John Hollowell
And
The WINISP Team!
TAKE THE HIT FOR THE TEAM!
login: anonymous
password:

login:


Simple telnets and ftps to the box are rejected. Services not running or being discrarded at the firewall.

I am scanning various TCP ports for activity.

Using nmap to discover destination services...

I find that the following information is very _interesting_ to say the least.

I think that other /.'ers can appreciate any words that come from the mouth of Saddam Gates...

"Apocalypse now..."

Pasted text----------------------------------

[root@nessus src]# nmap -sT -P0 -o ./windows2000.txt -v -e ppp0 207.46.171.196

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Initiating TCP connect() scan against (207.46.171.196)
Adding TCP port 56 (state Firewalled).
Adding TCP port 794 (state Firewalled).
Adding TCP port 362 (state Firewalled).
Adding TCP port 719 (state Firewalled).
Adding TCP port 1495 (state Firewalled).
Adding TCP port 310 (state Firewalled).
Adding TCP port 409 (state Firewalled).
Adding TCP port 415 (state Firewalled).
Adding TCP port 1509 (state Firewalled).
Adding TCP port 1019 (state Firewalled).
Adding TCP port 254 (state Firewalled).
Adding TCP port 2023 (state Firewalled).
Adding TCP port 2043 (state Firewalled).
Adding TCP port 7005 (state Firewalled).
Adding TCP port 1015 (state Firewalled).
Adding TCP port 1545 (state Firewalled).
Adding TCP port 5530 (state Firewalled).
Adding TCP port 1513 (state Firewalled).
Adding TCP port 5191 (state Firewalled).
Adding TCP port 126 (state Firewalled).
Adding TCP port 116 (state Firewalled).
Adding TCP port 1666 (state Firewalled).
Adding TCP port 909 (state Firewalled).
Adding TCP port 135 (state Firewalled).
Adding TCP port 222 (state Firewalled).
Adding TCP port 549 (state Firewalled).
Adding TCP port 394 (state Firewalled).
Adding TCP port 184 (state Firewalled).
Adding TCP port 502 (state Firewalled).
Adding TCP port 140 (state Firewalled).
Adding TCP port 1473 (state Firewalled).
Adding TCP port 678 (state Firewalled).
Adding TCP port 844 (state Firewalled).
Adding TCP port 1550 (state Firewalled).
Adding TCP port 874 (state Firewalled).
Adding TCP port 572 (state Firewalled).
Adding TCP port 825 (state Firewalled).
Adding TCP port 605 (state Firewalled).
Adding TCP port 1528 (state Firewalled).
Adding TCP port 1397 (state Firewalled).
Adding TCP port 157 (state Firewalled).
Adding TCP port 735 (state Firewalled).
Adding TCP port 920 (state Firewalled).
Adding TCP port 295 (state Firewalled).
Adding TCP port 23 (state Firewalled).
Adding TCP port 165 (state Firewalled).
Adding TCP port 541 (state Firewalled).
Adding TCP port 104 (state Firewalled).
Adding TCP port 490 (state Firewalled).
Adding TCP port 393 (state Firewalled).
Adding TCP port 61 (state Firewalled).
Adding TCP port 2064 (state Firewalled).
Adding TCP port 73 (state Firewalled).
Adding TCP port 7326 (state Firewalled).
Adding TCP port 424 (state Firewalled).
Adding TCP port 5190 (state Firewalled).
Adding TCP port 967 (state Firewalled).
Adding TCP port 1026 (state Firewalled).
Adding TCP port 118 (state Firewalled).
Adding TCP port 229 (state Firewalled).
Adding TCP port 1669 (state Firewalled).
Adding TCP port 49 (state Firewalled).
Adding TCP port 927 (state Firewalled).
Adding TCP port 998 (state Firewalled).
Adding TCP port 1542 (state Firewalled).
Adding TCP port 609 (state Firewalled).
Adding TCP port 834 (state Firewalled).
Adding TCP port 10082 (state Firewalled).
Adding TCP port 478 (state Firewalled).
Adding TCP port 904 (state Firewalled).
Adding TCP port 1482 (state Firewalled).
Adding TCP port 237 (state Firewalled).
Adding TCP port 912 (state Firewalled).
Adding TCP port 2401 (state Firewalled).
Adding TCP port 403 (state Firewalled).
Adding TCP port 1241 (state Firewalled).
Adding TCP port 367 (state Firewalled).
Adding TCP port 3086 (state Firewalled).
Adding TCP port 805 (state Firewalled).
Adding TCP port 303 (state Firewalled).
Adding TCP port 766 (state Firewalled).
Adding TCP port 944 (state Firewalled).
Adding TCP port 169 (state Firewalled).
Adding TCP port 1399 (state Firewalled).
Adding TCP port 1987 (state Firewalled).
Adding TCP port 6148 (state Firewalled).
Adding TCP port 1178 (state Firewalled).
Adding TCP port 901 (state Firewalled).
Adding TCP port 654 (state Firewalled).
Adding TCP port 469 (state Firewalled).
Adding TCP port 9535 (state Firewalled).
Adding TCP port 668 (state Firewalled).
Adding TCP port 1421 (state Firewalled).
Adding TCP port 75 (state Firewalled).
Adding TCP port 5300 (state Firewalled).
Adding TCP port 706 (state Firewalled).
Adding TCP port 78 (state Firewalled).
Adding TCP port 338 (state Firewalled).
Adding TCP port 813 (state Firewalled).
Adding TCP port 1009 (state Firewalled).
Adding TCP port 625 (state Firewalled).
Adding TCP port 7 (state Firewalled).
Adding TCP port 1505 (state Firewalled).
Adding TCP port 1490 (state Firewalled).
Adding TCP port 506 (state Firewalled).
Adding TCP port 1470 (state Firewalled).
Adding TCP port 1499 (state Firewalled).

And the list goes on...

# Log of: nmap -sT -P0 -o ./windows2000.txt -v -e ppp0 207.46.171.196
Interesting ports on (207.46.171.196):
(Not showing ports in state: filtered)
Port State Protocol Service

None because they all _HAVE_ definately been firewalled off.

Should I scan behind the firewall?
Now this is a question of morals and ethics...
Right Bill?

What the fsck I think I am in the mood for a little challenge...

Heh, heh, heh...oops!

They must have active firewall admins at the console...All acks to my source address are being denied now. I could come from different hosts until I finally get through but I think I'll just leave it alone. As everyone can see from the info above I have used no scripts to attempt to crack the workstation. I was merely just accepting the invitation to look and try.

Thanks Hemos, TACO, Cowboy and the gang...


Any comments or suggestions can be sent to

attempted by portslider at
mercenary_4_hire@hotmail.com

I will try to answer as many as I can.

Sorry in advance but I do not provide hacking/cracking information to anyone. So don't ask.

Re:The site will remain uncrackable...

[Sangui5]

Because you aren't trying to crack *the* site.

It's down. 207.46.175.250 is just the machine before www.windows2000test.com. It can have a firewall, as it isn't the machine we've been invited into. 207.46.171.196 is. The reason your traceroute didn't get past 207.46.175.250 is that 207.46.171.196 is down _and therefore can't reply to any packets at all_.

Re:The site will remain uncrackable...

Obviously you know nothing about networking..

Come back and talk when you do.

Geez

UPS?

[Axe]

And just on this particular router?

And a box with only port 80 open?
Real life test?

I say bullshit.

Microsoft's Version of Peer Review

[Portero]

I think Microsoft is simply trying to get some of the benefits of Open Source without opening up.
Then they may market this as "See. Peer reviewed
without Open Source, plus nobody really knows
how to take advantage of it because the world doesn't have the source"
I actually have people at work that believe that
its better to not release source because they think the product is more secure that way :)

Re:Why this is BS (Get yourself a Wk2 Beta!!)

'should give out copies of win2k to l0pht and ...'

Perhaps you should goto the actual Win2k beta site, and you will see that 1. yes they sell the beta cd's (beta RC0 now), and 2. goto any MS conf on w2k and they give you the beta's.

Those of you who bash MS, but dont even know anything about their products and services, such as technet, MS Security Bulletin's, etc and all of their corporate promotional programs, are just showing your own ignorance.

MS products suck quite badly in many ways, but some of them dont, and quite simply I and many others like me make a heck of a lot of money because of those facts!!

- Random
- Linux at home, Windows at work..
(Because I DONT PAY FOR IT)

Internal Server Error

This gave me an "Internal Server Error"


#!/usr/local/bin/perl
use LWP::UserAgent;
use HTTP::Headers;
use HTTP::Request::Common;
use MIME::Base64;

$url_string="http://207.46.171.196/comment.asp";

$ua = LWP::UserAgent->new;
$url=new URI::URL($url_string);

my $url_q=new URI::URL($url);
my $query;

# $ua->proxy(['http', 'ftp'],"insert herexxx");

$http_res = $ua->request(HTTP::Request::Common::POST $url,
Content_Type => 'form-data',
Content => [ State => "universe",
Country => "universe",
Username => "Howdy",
Comment =>$query]);

print $http_res->content;

Re:DoS attacks "don't count"? FU! ping -s 65000 -f

Can't flood the f*ck out the there machine, flood 207.46.175.250 the machine which is the last machine on route to it hehehehehehe*

Re:D'oh! shes down hard now

[delmoi]

No, they said spesificaly that the server was *not* behind a firewall...
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Wow...down again..

[Axe]

Who did it?

Or, no...

[Axe]

do they have replacemant always ready...Just 8 min downtime this time...

Re:What an ugly site -- not really. It's READABLE.

[Reziac]

Well, it's no work of beauty, but I'm not interested in beauty, I'm interested in how well I can read what's on ANY site. I was just at the test site, using Netscape 3.04 on Win3.11 (Workgroups), with javascript and image-loading turned off -- and everything worked fine, and it was READABLE at 640x480 on a 15" monitor.

I did read their log. That poor router and the local power company sure getting a lot of blame :)

She's Baaaaaaaack

[toaster13]

Well its 3am and i'm running on nachos and jolt but i'm pretty sure www.windows2000test.com is back up (unless i'm halucinating again...). Apparently it was down due to "rewiring" and some strange kernel dump over at redmond. Don't you think they could have scheduled the wiring at a better time??

W0000 No postings

[Chevelle]

Has it been cracked yet?