The Media on Microsoft's "Crack this..." ploy

Greyleaf writes " Check out this ZDNet story that sheds a bit more light on Microsoft's "security challenge" woes. It appears that Windows 2000 didn't even need any cracker help for its first crash and gives a brief mention is also given of the LinuxPPC challenge." MSNBC also picked up the story.

Re:Mission critical...NOT

[jd]

The UPS recently had Windows CE installed. Unfortunately, due to someone playing minesweeper on it at the time, the switch-over took rather longer than expected.

I cracked it!

[ai0524]

I would like to official take respnosibilty for cracking the W2K test site. I used a new method called 'stealth psychic brute force' where by the sheer force of my will I was able to bring the site. It was my telekinesis that caused the lightning in Seattle that lead to this disaster. I personally willed the electrons along the path towards the machine. When these electrons travelled through the processor controlled by W2K code the crash occurred. If these electrons did not flow into the machine, it would not have crashed. I understand Microsoft is evaluating this type of attack and will release a hotfix to fix it. This hotfix is rumoured to recommend that the machine be unplugged in high load situations.

I for one...

[Neph]

Would just love to hear from Gerald Holmes on this.

Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty

The site is back down.

[daviddennis]

A network error occured: Unable to connect to server ...

How's the weather up there today?

("Mst Cloudy" with scattered showers early this afternoon, otherwise partly cloudy).

Guess that excuse won't work this time.

D

----

Well, we did get in, right?

[daviddennis]

I seem to recall reading several comments that BackOrifice got installed on the machine. They're trying to sweep that under the rug by implying that the thunderstorms killed the server.

Nice try, but I think it's important to note that in a test where they held all the marbles, the relatively small part of the Slashdot community that took the test seriously had little trouble getting in.

After all, if it was just thunderstorms, they'd be repeating the test now - right?

D

----

Re:What I would like to know

[daviddennis]

I have a Windows NT 4 system I use for work. Whenever I reboot the machine, it complains "The Event log file is full". But it doesn't seem to cause the system to crash.

Maybe this is a new Windows 2000 bug?

D

----

Far be it from me to snigger, but...

[rde]

Rules of engagement:
1. Sitting back and waiting for the machine to crash by itself doesn't count.
2. If it does go down by itself, it's for periodic (every half hour) maintenance.
3. It's not a crash, it's a prank paging.

Hmmm, God's a Cracker?

[Wah]

I guess this is what happens when you leave the contest open to EVERYBODY...

Eternal struggle between good and evil, anyone?

Beta and Switch

[_Sprocket_]

At first I got a chuckle out of this. Of course, I find lots of things funny even if they're not supposed to be. So on the odd chance that this WASN'T a humor piece....

Do remember that this is _beta software_, coming from microsoft, a company that considers beta "software not ready for release". As opposed to the linux community, where everyone uses beta.

Over the years, I've becomme convinced that in software industry terms, "beta" simply means "we haven't started selling this version yet". All software is in development, or "beta", even after it is released to the store shelves. The only difference is semantics.

I'm pretty sure MS has put out their "release candidate" of W2K now. If so, they should be pretty darned close to "stable" as its going to be. Furthermore, lets remember that this is a Microsoft installation on Microsoft picked equipment. This is not some untraned admin trying to install W2K on some obscure hardware. If Microsoft themselves are unable to put out a stable test case, what does that say about W2K? This comes to the second point...

They should be excused for the technology not being ready to fully go up on the internet, especially since they technically aren't done writing it yet.

If MS' technology is not ready to be publically viewed "up on the internet", why are they launching an obvious publicity stunt on it?! This shows a serious lack of judgement.

Granted, this all might be just bad luck for Microsoft. But "unstable beta software" and "thunderstorms" hardly explain it away.

MS set up a nice little publicity snare and promptly stuck their foot in it. Expect the Marketing department to roll in and declare that they're not twisting in the air by their foot, but are actually flying.

Sun? I think not!

[mdvkng]

Sun may be pretty "open" with their use of "Open" but it's not their invention or monopoly. Lots of the over30's may remember the whole "Open Systems" corporate Unix related hoopla of the late '80's, it comes from that.

Open Software Foundation (hence OSF/1 if you dinna recall eh), OpenWindows, OpenLook, it's all corporate speak for "Our Unix is Open, but it's better than their Open Unix."

And BTW, OpenWindows came from Openok which was an AT&T development picked up and mutated by Sun, not something Sun came up with on their own.

If you ask me, MS is being terribly retro with this allusion to 80's era Open Systems Computing whilst peddling a Closed System. In that respect, they're very similar to those OSF corporate suits.

-M

You just have to love the ZDnet comments.

[HSinclair]

System is Up! How about ZDNet post a small sidebar with this info. They make is sound like the system is down and staying down. Sounds great on a bash-Microsoft story, but very misleading for a neutral news story (if that exists anymore)!

Hackers are bastards anyway. If you are, don't you have something better to do than mess with other peoples computers. Get a job, get a life, go find a real woman instead of that deflated one under your bed....

To Mike West... no, there is no such thing as an objctive story from ZDNet when it comes to Microsoft. This became obvious to me when they wrote that 'story' a while back about how big, terrible Microsoft dared to make the Java VM an optional component of IE5's minimal installation. It was obvious to anyone who had 2 brain cells to rub together that it was a (poorly and easily countered by truth) manufactured piece of MS-bashing. And now I see ZDNet has stooped to quoting hacker groups as if they were legitimate sources of information. How sad.

What a fabulous (and extremely brave) move by Microsoft. Bravo. This kind of open challenge takes enormous guts and nerve that few in the technical realm are capable of endorsing. Now hopefully others (the UNIX mafia -- SUN, IBM, HP are you watching, listening - do you have the chutzpah?) will follow suite. Lets only hope that rampant mediocrity does not blindside technical brilliance and innovation. ..DM..

Cheap shots at MS are easy enough. I'm sick and tired of all these whiny, self-proclaimed gurus talking about "big brother" being so clumbsy and inept. Microsoft has been the most significant factor in the information technology revolution. I make the really big bucks because of MS, and I love to develop using MS. A lot of what I am hearing amounts to sour grapes and really insignificant mud slinging. Especially, those of you who think that only Unix, or some look alike thereof are real, Get a life!

Use of the term 'Open'

[DanaL]

Is anyone else getting nervous about how M$ is starting to pepper their press releases with the term 'Open' more and more. They are pushing for Open messaging standards, their W2K site was an Open test.

Are they riding Open Source hype or are they getting ready to embrace and extend the Open Source term?

Nothing new.

[SirSlud]

Microsoft has been shooting themselves in the feet for years now. Tests like these won't bring the giant down and won't cause their meat and potatoes market segment (ie the business peeps who make the tech decisions) to wither away.

No one is surprised that the test box crashed. I mean, people who've been using Microsoft machines for years think computers are /supposed/ to crash on a regular basis. Obviously this kind of marketing won't turn a Linux user into a Microsoft user, but I highly doubt you could find anyone who's looked at the past few months of scrambling my Microsoft and decided to switch to Linux.

The only real reason people switch brands in the tech world is accountability if you ask me:
(1) If you're running Windows and someone hacks/crashes your box, you just tell your superior that it was Microsoft's fault. You can tell him lots of big companies use it (business types love name dropping) and so its not your fault something went wrong.

(2) If you're running Linux you /can't point at anyone/ when something goes wrong. This is what makes the business people shy from it. There's no one to blame when it fails. What they completely disregard is the fact that Linux will fail you far less often than WinSomething and that when it /does/ fail, you can /fix it/.

Just my social take on this whole mess.
SirSlud

NT Event log settings

[Raetsel]

From Microsoft's security site comes this bulletin (it's a Word document). Page 30 (of 37) has this to say about crashes and Audit Logs

• Shutdown option on Full Audit Log

  In a C2 configured system, auditing system of Windows NT provides an option to the administrator to shut down the system when security audit log is filled up. To enable this, use the following key value in the registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Lsa:

  • Name: CrashOnAuditFail
  • 
    Type: REG_DWORD
    Value: 1
    

  With this setting, the system will shutdown itself when the audit log full is detected. The value in the registry is reset to 2. When the system is rebooted, it only allows the administrators to log on to the machine (locally or remotely). They will be required to clean the audit log (or archive it), reset the value to 1 and reboot the system before any other user is allowed to log on.

The log is whatever size the administrator chooses. By default, the logs are limited to 512KB (Max setting 4,194,240 KB), and events older than 7 days get overwritten (this can be turned off). It is very easy to change these settings, and obviously Microsoft has done this. Then (as above) NT automatically crashes when any of the event logs fill up (System, Security, or Application).

For those of you interested enough to read this document, it is referring to NT4 service pack 0. A lot of the holes that it would have you manually patch are automatically fixed when you apply the various service packs. (Remote access to the registry, for example.)

My favorite quote from this .doc: "...the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop..."

I'm sorry, these pictures are so good I gotta post a link again. Hey, it deals with NT security, right?

Note: I'm not a MCSE, but I play one at work.

Best excuse for a bug...

[ucblockhead]

A Microsoft spokesperson attributed some of the difficulties to thunderstorms in Seattle on Tuesday but had no comment on the site's status by press time.

Ok, I am really impressed by this guy. I've been working in this industry almost twelve years now, I have not once thought to blaim problems with my software on the weather. I'll have to remember this.

"Sorry, boss. The weather was too dry when it went to QA".