Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft /asks/ "Crack this machine"

Posted by ryuzaki0 on from the they-asked-for-it dept.

zealot writes "Apparently Microsoft wants people to try breaking the security on this site, which is running Win2k w/ IIS. There are some "rules" of engagement. " Basically, because it's not behind a firewall, it doesn't count to throw huge numbers of packets at it, but there are multiple users accounts-change stuff, look for hidden messages, or "get something you shouldn't have".

6 of 683 comments (clear)

  1. LinuxPPC asked crack this machine! by jcarr · · Score: 4

    Ok. Here is a stock LinuxPPC 1999 Installed machine: crack.linuxppc.org (aka micrsoft.is.lame.linuxppc.org)
    It's running apache only. If no one gets in for awhile, we will start adding services( sendmail is first)
    (You might have to wait for DNS to update in an hour - the IP is 169.207.154.108

  2. Re:Anti-Microsoft for no good reason? by tgd · · Score: 4

    The difference is that the results are being used for their corporate benefit and no one else's. They patch their system, you better believe they're not going to give me the sources for that patch.

    They're just grandstanding and posturing, trying to prove that Windows 2000 is secure. Its win-win for them -- free high-level security testing (which unlike Beta testing, is something that is generally VERY expensive to contract out for), if it gets cracked, then they get an early warning and time to fix the problem, and if they don't their marketroids will have that nugged to get their paid-off "independant" columnists to write about.

    All while people are wasting time to save Microsoft money developing a product that they're going to charge exorbanant licensing fees for.

    Seems kind of stupid for anyone to waste their time on it. Get your own copy of Windows 2000, crack THAT, and post THAT exploit all over the net. That puts Microsoft in their place, and doesn't help them screw people over even more.

  3. Smart move for Microsoft by EngrBohn · · Score: 4

    Two possible outcomes:
    - Nothing breaks it, and this becomes a marketing high-point for Microsoft - It gets broken, and Microsoft engineers now have solid data (vice anecdotal) as to where the problems are. Especially if this was compiled with the debug option switched on.
    Christopher A. Bohn

    --
    cb
    Oooh! What does this button do!?
    1. Re:Smart move for Microsoft by Signal+11 · · Score: 5

      No, there is another outcome. Nobody takes the challenge. Challenges like this are generally dismissed in the security industry for a variety of reasons. Some of them are as follows...

      - Real Crackers aren't going to spend their time trying to get caught on a high-profile site.
      - Script kiddies don't have any scripts for the "new" OS yet.
      - It's new - so of COURSE it's going to take time to find the vulnerabilities. You think "one stunt, and that's it" is going to fix all their problems? You're more naive than I thought.
      - Past record. How long does Microsoft take to acknowledge, let alone fix, the problems they find? W2K *will* have bugs. All major programs have bugs. The question is - will they efficiently and quickly inform their customers, and provide comprehensive support to them - like the 4-color glossies they distribute say?
      - Many vulnerabilities are discovered at the console - and by looking at the source. It could be wide open, but you'd never know that from a remote perspective. Breaking into a system you've never seen or used remotely has about as much of a chance of success as me getting away with being called Rob Malda in this post.

      That's just what I can think of off the top of my head. Use your imagination. And most importantly: dismiss yet another one of Microsoft's tricks to get you to do their bidding. Clever Microsoft, but I thought you'd have learned by now that the 'net dispels FUD faster than a speeding salesman.

      --

  4. Why Hackers might be kvetching... by DLG · · Score: 4

    Microsoft offers a server and asks that folks take a shot at gaining access to things Microsoft wouldn't want folks to have access to in a commercial product.

    Some people yelp, "Screw Microsoft, let em do their own dirty work."

    Others tut tut, "This is just like Open Source! This is a step in the right direction."

    What to do!?! Is Microsoft challenging us to stick by our Morals? Or are we being "used" by a corporate entity. Even worse, are the logs of this attempt at hackign the system going to represent evidence?

    #1. If you can't avoid a simple tcp/ip packet sniffer from tracking you down, then you are unlikely to be the ones the FBI cares about.

    #2. If you believe that this is closer to open source than before, try a breath deep too. Oxygen is good. Yes.. It burns stuff... Anyone can torture test any product they buy. There is nothing open source about that. The issue of Open Source is that modifications we as hackers might make after finding bugs, are owned by the community, as is the original software to some extent. The notion that this method of security analysis is any different than normal practice of Microsoft is laughable. The question is HOW the software is being tested, not WHO is testing it.

    #3. I will note that it is rare for a Linux machine to HAVE to be advertised to be crashed. That is because if you want to test out a security flaw you can create your own test machine with no cost. Thats the joy of OPEN SOURCE. You can truly know what you are getting, try it before spending money, and even fix problems yourself rather than having to wait for a company to respond to your bug report.

    #4. I still have doubts that this product ever will exist. The fact is that if no one hacks the software, then Microsoft can claim their non-released software that probably will not be really implemented before some serious bug fixing, is secure within the context of 1999's security issues and protocols. With new services being added regularly and custom software being thrown into the mix, this is relatively vapor ware benchmarking...

    Whatever,
    dlg

  5. Anti-Microsoft for no good reason? by rlm · · Score: 5
    Why do I see so many posts on here complaining because Microsoft is trying to get "free auditing" by asking everyone to attack their machine? Doesn't this fit entirely with the concept of Open Source? They're requesting assistance and criticism from the community rather than keeping it entirely closed. I mean, it's not handing out the source code, but it is a step in the right direction. I mean, shouldn't we all be happy that Microsoft is at least TRYING to improve their product before they release it rather than just giving us another piece of crap?

    If you don't want to help Microsoft out, that's one thing, but you can't deny that this is better for the hoards of people who will be running this thing.

    --
    -- Ryan