Slashdot Mirror

← Back to Stories (view on slashdot.org)

CrackThisBox Updates

Posted by ryuzaki0 on from the have-we-beat-this-to-death-yet? dept.

Tsu writes "Well, our good friends over at the Win2K Test Site have, unsurprisingly, stolen an idea from the competition: they've released their Administrator password. Meanwhile, the linuxppc people now have a guestbook up. "

3 of 414 comments (clear)

  1. Microsoft has taken security to a whole new level! by diarrhea · · Score: 3


    The best way to keep a box secure is to have as much downtime as possible!

    This is the invention of the century! Just imagine how many DoS and cracker attacks your site could avoid by being down 80-90% of the time!! I think that Microsoft has realized this important security concept a long time ago and integrated it into their products long before it gained wide acceptance.

    In the past, the instability of Microsoft products was the laughing stock of all but the poor computer illiterate masses ("my computer's cupholder broke"). But Bill Gates had a vision.

    Now I can see that Microsoft boxes are more secure than any non-MS OS, even OpenBSD or LinuxPPC! I mean, if I, a legitimate user can't even connect to the box then how can a cracker break into it? The amazing potential of this technology staggers the imagination.

    And OS technology is advancing all the time. See, in the beginning, MS Windows 1.0 had pretty low downtime. But as Microsoft gained more experience in the fields of Bloatware (trademark of Microsoft) and Instability, its newer products featured more and more security. (By the way, Bloatware is a security concept that uses large amounts of bogus data to hide the few relevant files so a possible intruder can't find them and it also makes a product look like it has a ton more features since it comes on 48 CD's instead of a floppy :).)

    Right now the latest and most secure MS product is Windows 98. From firsthand experience I can tell you that it does a marvelous job of keeping intruders out, although i have to save my work more often and I've become partially color blind -- my eyes have stopped seeing the color blue because I used to see it all the time.

    Windows 2000, the upcoming Microsoft product will have even more amazing security. So far I've tried going to the w2k test page and the security measures there boggle the mind. I was unable to connect 90% of the time! Now logic will dictate that if I can't connect then some mean coke-drinking disk-slinging PERL-addicted maniac cracker won't be able to break in and do nasty things to the box and the $200+ OS on it.

    Now isn't that better than some free OS that is always up? Microsoft, thank you for making your OS so secure!


    PS. I think that by year 2002 Microsoft will bring us an OS so advanced that it will have a 100% downtime. Now that's what I call cutting-edge technology.


    Want your box to be secure? Switch to an MS OS. Get faulty routers & switches. Move to a rainy area. That's the Microsoft way.




    For the humor deprived: this was a joke. I think that if Microsoft wants to survive the next couple years it needs to get its act together and strive for quality instead of releasing a new version asap to bring in quick cash.

    --diarrhea

    --


    Eat shit! A hundred billion flies can't be wrong!
  2. What I'd like to see by roystgnr · · Score: 3

    We don't need tons of "crackers" putting HTML and Javascript tags in the guestbooks of each site. Yes, it's funny that both sites have been spammed with tags to pop up windows, spin in infinite JavaScript loops, etc, and redirected (to both porn sites and freebsd.org - cool) with meta tags.

    But unless you can tickle their cgi into running system commands and giving you a shell (or downloading/running BO2K) then it's all pointless. Microsoft figured it out and filtered out tags eventually; LinuxPPC will too.

    The DOS attacks are annoying, but not completely worthless - it's interesting to see LinuxPPC pages come up after as much as a minute under the network spamming, while MS is unpingable for hours on end.

    No - what I'd like to see is a page with traceroute stats - a script to probe their networks (routers, other computers on the same subnet, etc) repeatedly and save the results. Someone on Linux Today asserted that he could ping both MS's routers and other computers in the same 255.255.255.0, during the period when they "were having router problems". If he's right, then Microsoft is just plain lying to a whole lot of reporters and to the public - but we could hardly say so without evidence. If the script hit the main web pages regularly, that would be good too - there have been periods where the MS server was pingable but IIS wasn't responding.

    I'd like to see this for both servers, of course. Someone said crack.linuxppc.org wasn't pingable once, but I tried 5 minutes after his comment was posted and both ping and Netscape (although slowly) got through.

    It would be important to summarize the stats, of course. Neat graphs of things like percentage of dropped pings and timed out HTTP requests would be cool.

    I'd do this myself, but I'm tired and lazy. If anyone else wants to do it with Perl and LWP, though, I'll help.

  3. Not exactly by mattdm · · Score: 3
    Not exactly -- they just neglected to secure the guestbook. Nothing on the actual machine has been touched. But definitely a mistake on the linuxppc people's part.

    --