Slashdot Mirror
CrackThisBox Updates
Tsu writes "Well, our good friends over at the Win2K Test Site have, unsurprisingly, stolen an idea from the competition: they've released their Administrator password. Meanwhile, the linuxppc people now have a guestbook up. "
The best way to keep a box secure is to have as much downtime as possible!
This is the invention of the century! Just imagine how many DoS and cracker attacks your site could avoid by being down 80-90% of the time!! I think that Microsoft has realized this important security concept a long time ago and integrated it into their products long before it gained wide acceptance.
In the past, the instability of Microsoft products was the laughing stock of all but the poor computer illiterate masses ("my computer's cupholder broke"). But Bill Gates had a vision.
Now I can see that Microsoft boxes are more secure than any non-MS OS, even OpenBSD or LinuxPPC! I mean, if I, a legitimate user can't even connect to the box then how can a cracker break into it? The amazing potential of this technology staggers the imagination.
And OS technology is advancing all the time. See, in the beginning, MS Windows 1.0 had pretty low downtime. But as Microsoft gained more experience in the fields of Bloatware (trademark of Microsoft) and Instability, its newer products featured more and more security. (By the way, Bloatware is a security concept that uses large amounts of bogus data to hide the few relevant files so a possible intruder can't find them and it also makes a product look like it has a ton more features since it comes on 48 CD's instead of a floppy
Right now the latest and most secure MS product is Windows 98. From firsthand experience I can tell you that it does a marvelous job of keeping intruders out, although i have to save my work more often and I've become partially color blind -- my eyes have stopped seeing the color blue because I used to see it all the time.
Windows 2000, the upcoming Microsoft product will have even more amazing security. So far I've tried going to the w2k test page and the security measures there boggle the mind. I was unable to connect 90% of the time! Now logic will dictate that if I can't connect then some mean coke-drinking disk-slinging PERL-addicted maniac cracker won't be able to break in and do nasty things to the box and the $200+ OS on it.
Now isn't that better than some free OS that is always up? Microsoft, thank you for making your OS so secure!
PS. I think that by year 2002 Microsoft will bring us an OS so advanced that it will have a 100% downtime. Now that's what I call cutting-edge technology.
Want your box to be secure? Switch to an MS OS. Get faulty routers & switches. Move to a rainy area. That's the Microsoft way.
For the humor deprived: this was a joke. I think that if Microsoft wants to survive the next couple years it needs to get its act together and strive for quality instead of releasing a new version asap to bring in quick cash.
--diarrhea
Eat shit! A hundred billion flies can't be wrong!
Can anyone mirror this windows2000test site on a Linux box? It never seems this NT site is up and running.
*snicker*
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
Every bug you report and every enhancement you suggest to Microsoft, whether in this test or in their office suites, saves them lots of money in quality control and lost sales. It brings them one step closer to crowding out all their competitors. And, to add insult to injury, they will probably increase the prices later because their product is better, based on your suggestions.
I'd concentrate on testing and bug reporting for Linux. That way, you yourself are the beneficiary of your bug hunting; you don't pay for it twice.
Microsoft's claim is that commercial, for profit development is better. Well, then let them pay for their quality control themselves. Trying to weasel quality control out of their customers is just tasteless in my opinion.
> Even NT4 has several "command lines to a TCP session" utilities in the resource kit
... from laughter.
Ah, like the wondrous UNSUPPORTED telnetd? The one with warning labels all over it? The one that crashes the moment you disconnect? I was quaking in my boots
And if you honestly consider server manager to be a usable admin tool, then wow you have low standards. How about user manager? Boy sure would be neet to get account status from the list. Of course the list when you have a thousand users tends to take eons to refresh, unless you go to low-bandwidth in which case you can't see any of them.
Every time I attempt to use an MS tool, I end up muttering over and over "what a joke. what a fucking joke". Then the Microsofties then blame me for not tolerating crap, it's a failing in me, why can't I praise it for being GUI?
Joke. And every ISP knows it.
I've finally had it: until slashdot gets article moderation, I am not coming back.
I have finger, qotd and chargen turned off on my box. I need chargen for a test, it's a one-line script using netcat.
And finger is a security nightmare when it works as designed, let's not even get into the lousy implementations of it.
I've finally had it: until slashdot gets article moderation, I am not coming back.
> Ooops, sorry, can't script a GUI!
Yes you can. If there's one thing MS has actually done reasonably WELL, it's made most of its newer GUI components scriptable from its scripting engine, which is also a modular architecture targeting a backend. Basically you're writing in Windows-Script, and VBScript, JScript, and even PerlScript. Python also works well in this area too. (Before you screech about PerlScript, Perl also supports Apple Events, it's never been a least-common-denominator thing). Then Macs have AppleScript, so it really leaves Unix and X toolkits out in the cold. Motif is kinda scriptable, but it's a joke. All the other toolkits are stone age.
NT's plenty scriptable, it just has a command shell that isn't capable of doing it on the fly, a scripting front-end that still requires three-letter file extensions to determine the language (and actually pops up a bloody SPLASH SCREEN), and of course you can't redirect I/O from status windows and such.
I wonder if Notepad STILL has a tiny file size limit? Been what, 10 years?
I've finally had it: until slashdot gets article moderation, I am not coming back.
Bleh, I left some words out. The various languages like vbscript, jscript, python, perlscript all TARGET the back-end, the sort of "windows-script" (which is laughably primitive, but seems to be enough so far).
I've finally had it: until slashdot gets article moderation, I am not coming back.
Not everything on your redhat box is editable from the command line. Try managing your RPM database by hand. Whups, it's a berkeley db database, ain't it?
I might note that although solaris's pkg* tools suck, that the database, such as it is, can be hand-edited such that I can put a new file under the ownership of an existing package or remove a single file from package control.
I've finally had it: until slashdot gets article moderation, I am not coming back.
Orgs I've worked in licence MS stuff per Seat (not per Server/Workstation), so adding servers and the like have a minimal software cost. The big problem with NT Workstation is that it has an arbitrary limit on network connections (256?) that makes it unusable for application serving.
I really doubt many MS shops will run telnet (running to the server room keeps you in shape!) -but it's an option.
--
Business. Numbers. Money. People. Computer World.
At time of writing windows2000 is all 203 but hey...i understand this test runs for a month
1.) Windows 2000 is in beta. Expect bugs, lots of them. 2.) Windows 2000 in my experience is far superior to anything previously released by Microsoft. I use mswin2k several hours every day. It's stable, and great. (UNIX is still better :-) ) 3.) Be less confrontational. "they copied linuxppc by posting the root password"? c'mon! you could say linuxppc copied Microsoft by starting the same sort of contest. Big deal. 4.) Quit the bashing on their guestbook, their site isn't the place for maniacal linux evangelism, it's a site to test out Windows 2000. It's ridiculous when I actually want to try and READ something useful. 5.) The Linux evangelism has to tone down, it's ridiculous, it didn't help the Mac, and it isn't going to help Linux. Linux isn't the Be All, End All. One could say NT is a much richer web-serving platform. I know persnally from tests, when you take 2 identical x86 boxes loaded with ram and cpu, the NT boxes prevails on file-serving capabilities. Both OSes need a lot of work. And I supppose all of Linux's hardworking developers must get peeved when end users get into petty flame wars...You're only hurting them. 6.) Microsoft isn't evil, Bill Gates isn't the devil. They're a business, they're out to make money, that's what businesses do, this is America, this is where it happens.
> Read "The Microsoft Files" if you have any doubt about Gates' Napoleonic excesses.
Read "The Plot to Get Bill Gates" for another POV. Can't be any more biased than the first.
I've finally had it: until slashdot gets article moderation, I am not coming back.
Anyone? --
-- The opinions expressed are not necessarily those of the fictional entity who may or may not have expressed them
Peter Drucker is a well-known management guru. I read http://www.amazon.com/exec/obidos/ASIN/0887306187/ qid=934124320/sr=1-14/002-7959264-563220 5 Innovation and Entrepreneurship some years ago and thought it was quite good. The link has a few reviews, although if you want to buy one of his works, I'd recommend getting the omnibus edition ($22.95 for three of his works including I&E).
D
PS Anyone know why links don't work in comments anymore? Sigh.
----
Well, the main reason for NT is to make Microsoft money, and to crush Unix. (I'm honestly not sure which is more important to Bill - he has a vindictive streak a mile wide, which is a major reason so many of us hate him).
The reason people buy in on NT is that there are billions of applications and server programs for it. It's pretty easy to write database-driven web sites in ASP or Cold Fusion, which I think is the main reason NT has acquired market share as a web server. Of course it's also easy to write the same applications using mySQL and PHP-FI or mod_perl, but these technologies are not well promoted in the marketplace.
I tried to convince one of the people I work with to consider PHP/FI. He said that he hadn't heard of it and it didn't have "market power". He wants to use the technologies that have "market power", whether they work or not. I guess the idea is that if clients have heard of a technology, it's an easier sell for him. I told him Apache is the number one web server. He wasn't convinced. Any idea how to convince him? I don't think he's a true PHB, but he does see things from a business perspective, not technical.
D
----
Sadly, nothing really interesting. A Microsoft Windows logo, an ugly greyish colour scheme, and a tiny amount of information about the challenge. The layout conformed to the ultra-boring Microsoft graphical and layout standards.
Strangely enough, on the one time I was able to access it, it was running really fast - maybe people were giving it a break. But I have tried many, many other times (including yesterday evening) without getting through. You're bound to be disappointed if you put much effort into it.
Someone did put up a mirror, though.
D
----
You can buy a third-party telnet tool for $ 189.
Yes, it provides you with the standard command.com shell and nothing more.
It can be useful to do things like remote pkzipping of files.
I believe you can get the Bash shell for NT, but you apparently have to add the whole suite of Unix command line tools in order for it to work.
Incidentally, please reply to this message if there's a free or at least cheaper NT telnet tool out there - I'm loath to pay $ 189 for it, and there are times when it would be helpful.
D
----
Put it this way - the company who tried to get rich selling a $200 telnet daemon for NT got put out of business about a year ago by Microsoft when MS released a free Telnet server.
Admittedly, users/seat licences still cost money.
--
Business. Numbers. Money. People. Computer World.
We don't need tons of "crackers" putting HTML and Javascript tags in the guestbooks of each site. Yes, it's funny that both sites have been spammed with tags to pop up windows, spin in infinite JavaScript loops, etc, and redirected (to both porn sites and freebsd.org - cool) with meta tags.
But unless you can tickle their cgi into running system commands and giving you a shell (or downloading/running BO2K) then it's all pointless. Microsoft figured it out and filtered out tags eventually; LinuxPPC will too.
The DOS attacks are annoying, but not completely worthless - it's interesting to see LinuxPPC pages come up after as much as a minute under the network spamming, while MS is unpingable for hours on end.
No - what I'd like to see is a page with traceroute stats - a script to probe their networks (routers, other computers on the same subnet, etc) repeatedly and save the results. Someone on Linux Today asserted that he could ping both MS's routers and other computers in the same 255.255.255.0, during the period when they "were having router problems". If he's right, then Microsoft is just plain lying to a whole lot of reporters and to the public - but we could hardly say so without evidence. If the script hit the main web pages regularly, that would be good too - there have been periods where the MS server was pingable but IIS wasn't responding.
I'd like to see this for both servers, of course. Someone said crack.linuxppc.org wasn't pingable once, but I tried 5 minutes after his comment was posted and both ping and Netscape (although slowly) got through.
It would be important to summarize the stats, of course. Neat graphs of things like percentage of dropped pings and timed out HTTP requests would be cool.
I'd do this myself, but I'm tired and lazy. If anyone else wants to do it with Perl and LWP, though, I'll help.
It's just lame ass script kiddies trying to (misguidedly) look cool by sticking meta-refresh tags and javascript into the guestbook. Not a crack (it just messes with YOUR browser, not the server); just lame and inconvenient.
Simon
Coming soon - pyrogyra
--
(And LinuxPPC has always worked just fine, stupid javascript tricks aside.)
--
You are perfectly correct, but what you cannot do is edit the rpm database information by hand, as you need something specialized to read the rpm db, that being the rpm command itself in most cases. I'm not knocking it, I am saying that editable text files are overrated in some instances.
.reg file, throws it into vi, then uploads it back. You'll get some nice bonuses of atomic transactions too, it'll either upload or it won't at all (at least I believe that's how it works).
As for the previous person's comment about the registry, you should be able to write a script that exports the registry into a
Mind you the usual stupidity I run into with NT is institutional ("it doesnt come with the OS and it doesnt cost $10,000 or more so it must be an unstable hack"), and the fact that it has no decent out-of-the-box remote admin tools. Perhaps W2K will fix that, let's see if it can be kept from falling over as well.
I've finally had it: until slashdot gets article moderation, I am not coming back.
W2K has a telnetd built in. Where'd you get the $200 figure?
--
Business. Numbers. Money. People. Computer World.
You can use Back Orifice as a telnet tool - set it up to bind a port to command.com, and then telnet to that port. Not so hot as far as security goes, of course, but you could write your own BO2K plugin that does authentication if you wanted.
As for bash, Cygnus has a whole UNIX environment for Windows - bash, DJGPP (gcc port), grep, ls, cat, and everything else.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Well, even though crack.linuxppc.org hasn't actually been cracked, it would appear to the casual observer that it has been. That, to me, seems to say that LinuxPPC can be great and secure, but it doesn't do you any good if you're going to run crappy CGI guestbooks on it. Maybe the LinuxPPC guys need to hire an admin...
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I notice that the MS astro-turfers are out in force this evening, spreading their own brand of joy (not!).
:-). If you want a real blast, go to msdn.microsoft.com and do a search on "SMS". Read the directions for how to install Office 2000 via SMS. Gosh, they figured out how to make their client machines run 'mirror' from a special-duty ftp site then run a script to install any new programs, what will they 'invent' next?!
Anyhow: NT *CAN* be remotely administered, but it is (of course) an additional product, and it doesn't work all that well due to the fact that NT wants you to reboot every time you sneeze. ("Your mouse has moved -- please reboot to make this change effective", heheh). Go look up SMS on Microsoft's site. It's a laugh. They are touting features like "capable of installing software onto remote machine" . Gosh, didn't know you needed extra software to do that with Microsoft software (Melissa, anybody?
-E
Send mail here if you want to reach me.