Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Media on Microsoft's "Crack this..." ploy

Posted by ryuzaki0 on from the dumb-pr-stunts dept.

Greyleaf writes " Check out this ZDNet story that sheds a bit more light on Microsoft's "security challenge" woes. It appears that Windows 2000 didn't even need any cracker help for its first crash and gives a brief mention is also given of the LinuxPPC challenge." MSNBC also picked up the story.

2 of 162 comments (clear)

  1. NT Event log settings by Raetsel · · Score: 3
    From Microsoft's security site comes this bulletin (it's a Word document). Page 30 (of 37) has this to say about crashes and Audit Logs

    • Shutdown option on Full Audit Log

      In a C2 configured system, auditing system of Windows NT provides an option to the administrator to shut down the system when security audit log is filled up. To enable this, use the following key value in the registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Lsa:

      • Name: CrashOnAuditFail

      • Type: REG_DWORD
        Value: 1

      With this setting, the system will shutdown itself when the audit log full is detected. The value in the registry is reset to 2. When the system is rebooted, it only allows the administrators to log on to the machine (locally or remotely). They will be required to clean the audit log (or archive it), reset the value to 1 and reboot the system before any other user is allowed to log on.

    The log is whatever size the administrator chooses. By default, the logs are limited to 512KB (Max setting 4,194,240 KB), and events older than 7 days get overwritten (this can be turned off). It is very easy to change these settings, and obviously Microsoft has done this. Then (as above) NT automatically crashes when any of the event logs fill up (System, Security, or Application).

    For those of you interested enough to read this document, it is referring to NT4 service pack 0. A lot of the holes that it would have you manually patch are automatically fixed when you apply the various service packs. (Remote access to the registry, for example.)

    My favorite quote from this .doc: "...the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop..."

    I'm sorry, these pictures are so good I gotta post a link again. Hey, it deals with NT security, right?

    Note: I'm not a MCSE, but I play one at work.

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
  2. Best excuse for a bug... by ucblockhead · · Score: 3

    A Microsoft spokesperson attributed some of the difficulties to thunderstorms in Seattle on Tuesday but had no comment on the site's status by press time.

    Ok, I am really impressed by this guy. I've been working in this industry almost twelve years now, I have not once thought to blaim problems with my software on the weather. I'll have to remember this.

    "Sorry, boss. The weather was too dry when it went to QA".

    --
    The cake is a pie