Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft /asks/ "Crack this machine"

Posted by ryuzaki0 on from the they-asked-for-it dept.

zealot writes "Apparently Microsoft wants people to try breaking the security on this site, which is running Win2k w/ IIS. There are some "rules" of engagement. " Basically, because it's not behind a firewall, it doesn't count to throw huge numbers of packets at it, but there are multiple users accounts-change stuff, look for hidden messages, or "get something you shouldn't have".

2 of 683 comments (clear)

  1. Anti-Microsoft for no good reason? by rlm · · Score: 5
    Why do I see so many posts on here complaining because Microsoft is trying to get "free auditing" by asking everyone to attack their machine? Doesn't this fit entirely with the concept of Open Source? They're requesting assistance and criticism from the community rather than keeping it entirely closed. I mean, it's not handing out the source code, but it is a step in the right direction. I mean, shouldn't we all be happy that Microsoft is at least TRYING to improve their product before they release it rather than just giving us another piece of crap?

    If you don't want to help Microsoft out, that's one thing, but you can't deny that this is better for the hoards of people who will be running this thing.

    --
    -- Ryan
  2. Re:Smart move for Microsoft by Signal+11 · · Score: 5

    No, there is another outcome. Nobody takes the challenge. Challenges like this are generally dismissed in the security industry for a variety of reasons. Some of them are as follows...

    - Real Crackers aren't going to spend their time trying to get caught on a high-profile site.
    - Script kiddies don't have any scripts for the "new" OS yet.
    - It's new - so of COURSE it's going to take time to find the vulnerabilities. You think "one stunt, and that's it" is going to fix all their problems? You're more naive than I thought.
    - Past record. How long does Microsoft take to acknowledge, let alone fix, the problems they find? W2K *will* have bugs. All major programs have bugs. The question is - will they efficiently and quickly inform their customers, and provide comprehensive support to them - like the 4-color glossies they distribute say?
    - Many vulnerabilities are discovered at the console - and by looking at the source. It could be wide open, but you'd never know that from a remote perspective. Breaking into a system you've never seen or used remotely has about as much of a chance of success as me getting away with being called Rob Malda in this post.

    That's just what I can think of off the top of my head. Use your imagination. And most importantly: dismiss yet another one of Microsoft's tricks to get you to do their bidding. Clever Microsoft, but I thought you'd have learned by now that the 'net dispels FUD faster than a speeding salesman.

    --