Slashdot Mirror
Microsoft Cracked
jhughes was the first
to note an article on
Microsoft being cracked that (ironically enough) appears on msnbc. Not any of their "Main" sites, but it happens. Its an odd story about a lovesick cracker. Very strange.
← Back to Stories (view on slashdot.org)
It looks like that, since MS was compromised, that flipz has done a job on some other pages of note - many being military boxen, most on NT :) Here is attrition's "record" on flipz - it includes all the sites he(she?) has compromised and it also has what all of the pages look like. Neat stuff, imo ;)
-- BlueCalx | http://nickd.org/
My post appeared first at #3 or 4... for some reason, for a period of time it was actually the FIRST post you'd see on the list... and now it's here. All of the posts appear to fluctuate somewhat, I don't know why, but perhaps one of the Slashdot Engineers can explain it.
Eviscerati.Org: All Hail the Eviscerati
it's not that my post came first, because #8 is of course after #6, it's that it _appeared_ before #6 on the list. I don't know why that is, just as I don't know why at one point my post (#8) appeared to be the first one on the list. I suspect it's some weird after affect of all this moderation/karma/metamoderation stuff.
Or perhaps it's a distortion in the space/time continuum.
Eviscerati.Org: All Hail the Eviscerati
it says this is the first time any ms web page got hacked but that isn't true.
i _very_ clearly remember microsoftoffice98.com or microsoftofficeformacintosh.com or SOMETHING being hacked on halloween of last year. It said something like "happy halloween bill gates" and had a scull, or something. did anyone see this? attrition.org has no reference to it.
ANyway the point here is that a microsoft site _has_ been hacked before, and i've seen it, although it's possible that (like this recent hack) it wasn't hosted by the people running the main microsoft cluster of IPs or whatever.
anyone notice that msnbc called Attrition a "reliable computer security site "? Nice to see the media taking note, for a change, of people who don't work for antionline. (although i wish attrition would add a search function to their hack mirror, or at least make it an option to download the whole thing as one long file so i can just command-f..)
I guess we'll all be wondering forever what the hell "uncertainty.microsoft.com" was.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Just because a person or group broke into 11 websites doesn't make them hackers. It just means they found 11 websites vulnerable to one of the many rootshell.com exploits.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
..or does anyone else find it weird and disturbing that script kiddies merrily try to hack vandalised HTML into everything from government sites to the military, but they are supposed to be afraid of _Microsoft_ retribution? What's that about? I would have thought that such people would be more worried about _military_ retribution, or government retribution. Do they know something we don't? If it's a lot of nonsense, why is MSNBC putting it forth as an explanation?
I smell a new service release coming out REALLY SOON now....
Check out Magic Firesheep!
I don't think we need to invent terms. Invented labels invariably either 1) don't catch on or 2) become self-parodies. Languages evolve naturaly, when a sufficient portion of the population collectively "decides" that a new term is warrented. Why can't we just say what happened:
A web page was (defaced/altered) by an unauthorized person?
Yeah, it's bland, but it gets the point across without falling into this whole cracker/hacker (f)lamewar again.
That sounds good to me. I was mainly objecting to the term "cracker" being inappropriately used in this context, and trying to suggest an alternative. "defaced" is certainly fine as well.
To get back to the article, I personly find it disheartening that this poor kid (I assume) who's been playing around is worried about being arrested for what amounts to causing someone to take five minutes to restore a backup. Yes, his actions are immature, and yes there's too much of this kind of thing going on, but fuck, the punishment should fit the crime. He deserves detention or summer school, not jail-time.
Definitely - there seems to be a level of paranoia about 12-year-old "superhackers" that makes people think they're a danger to society. The punishment should be the same as punishment for any other sort of vandalism that caused about $2 in damage that's easily fixed. Whatever punishment you'd give to somebody who sprayed shaving cream on your car is what you should give to this kid...
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
That sounds like a work by Tennesee Williams...
You know, That hacker slang, at least on the surface would be a good way to keep info fromechelon... but when you think about it wouldn't be hard for the NSA to pickup on stuff like that as well.
That's why I think that h4x0rz 5l4n9 is really an NSA plant, no "real" hacker would use terminology like that, so the NSA, after relizeing that it's servers couldn't keep up with all the 5kr1p7 k11d1s convinced them to start using a 'creative' spelling of target, therby saving them thousands of CPU cycles examining skript kiddie conversation!
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
From the article:
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known.
---
:-)
I wonder if the author did that on purpose, or if it was a happy coincidence?
Eviscerati.Org: All Hail the Eviscerati
And an army recruiting billboard? And the sign at the entrance of a military base? I kind of see what you're saying, but it doesn't hold up.
The point is, these are essentially high profile, low-utility systems which have little to do with the inner workings of any organization... anyone who has a clue has recovery plans for fixing a defaced site, and most have watchdogs to check if it's been changed. Notice how most of the defaced sites stay up a matter of hours?
The point is that the breaches are irrelevant in terms of compromise of security - like I said elsewhere, when someone publishes some proprietary information that's of use to someone on the 'net after cracking someone's systems, I'll be impressed. Until then, it's graffiti, and should be treated as such.
Actually I have no special affection for Microsoft. I do happen to use MSNBC for a news source often and I have been reading news there for quite a while, and whether you believe it or not, I find many of their news stories to be less biased than those that I have seen at other news sites such as CNN. Don't try and psychoanalyze me here.
Maybe rather than affection, it's more of a lack of the blood thirsty hate towards microsoft many slashdotters so easily portray.
I know Microsoft has created flawed programs, I have a great dislike for Windows, but I still use it alot because it allows me to do everything I want to do on the computer(although it would be nice to be able to do it without having my computer explode in my face every few days). I am also a fan of alternate operating systems which I use occasionally, mostly to play with and see what they can do (BeOS & Linux especially) because competition is what it's all about. And while Microsoft might have used their monopolization to get away with selling faulty software or to help knock off competiters, this still doesn't add up to a big conspiracy. Uncontrolled and unchecked capitalism maybe, but not a conspiracy. We could all plainly see what they were doing. However, from reading MSNBC for a long time, I have read numerous articles there that have taken jabs at Microsoft and problems with their software.
The thing that annoys me most is the slashdot double standard. I see pointless offtopic flames moderated to 2 even though (because, more likely) they were unfounded attacks on Microsoft or some other thing that isn't pro-Linux. If someone were to have this attitude to something involving Linux, everyone goes off in a blind rage without even seeing both sides of it. I call it unclassy advocacy.
However, I do not expect anyone here to accept my opinion, I am probably just involved in the big conspiracy against all Linux users and anyone pro-OSS and I just want to spread FUD all over the world to insure your destruction.*sigh*
-Ashen-
What would happen if someone were to hack attrition.org, and deface the defaced pages archive?
I wish I had a nickel for every time someone said "Information wants to be free".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Cracking *IS* that bad, and it's a very juvenile mindset to think otherwise.
At what point in time did it come into your tiny little mind that other people in the world should bear the cost of what you do.
Wonder how much our corporate lawyers, plus my overtime, plus the cost of reinstalling the OS on all the boxes, plus the cost of having to delay product releases because we had to divert 12 people to sifting through all the data by hand to verify it's integrity.... boy you know corporate lawyers, Senior SA's, management sure do work pretty cheap these days... ANY defacement and you are into THOUSANDS of dollars in lost time, slipped projects, overtime, customer loyalty, oh.. but that's harmless... *THWACK*
Back in my days I may have gotten freaky on a BBS but I understood that *I* was doing something wrong, and was ready to step up if the ax man ever came, and not make lame ass excuses (lucky for my stupid ass he didn't, damn stupid looking back). But you... you seem to think that it's your god given right to thrash other people's property, things they might have put their heart and soul into and want to walk away claiming it's only something harmless, if you're going to do something stupid at least have enough BALLS to take responsibility.
Stupid ass AC, coward fits you well!
I know you thought you were being cute by taking the previous poster literally, but you might want to take a look at Dell's financials.
If you did, you'd know that in the last month of the quarter (July), Dell's internet sales reached $30 million per day. With an average of over a million dollars per hour, it should come as no surprise that they'd be pulling in "millions" for some 30-minute periods during normal U.S. business hours.
And that's just pure sales, that's not even counting the costs of any future business lost by frustrated buyers who might switch or develop loyalties to IBM or Compaq.
Cheers,
ZicoKnows@hotmail.com
But Apache does exist, and has for quite a while, on NT. So running Apache on NT isn't unheard of, and likely is smarter than IIS...
:-)
I doubt there are more bugs found in Linux, but when a bug is found it isn't broacast on news.com or slashdot like every bug in any MS product.
I sure hope not! I mean, what, the entire bit that composes what Linux is, cannot even boot a system, can not function with code contributed from GNU to make Linux usable, and what composes Linux is about 1/2 the size of my first hard drive (think MFM). If Linux has half as many bugs as, say, MS Office.. a massive 100s of megabyte program, my god. Imagine the carnage!
"Open Source?" - Press any key to continue
Hell, I don't care whether MS had no important data where he cracked, but that so many of the government agencies he cracked might have. The DOE only forced the ational labs to put in firewalls after congress go on their backs, and LLNL *finally* did that. Those people running it are lazy, incompitent people who lie to cover theimselves and regular steal equipment. The stories I've heard that go on in LLNL.. it just isn't sane.
"Open Source?" - Press any key to continue
BOOM "What was that?" "Oh, nothing really, just GE blowing up MS"
Where as MS hitting GE would be rather quiet.
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
Not only that, but unless GE has either avoided or abandoned NT, MS could probably bring GE (or any other company, for that matter) to its knees via a couple of well placed back doors. What can GE do? Make radioactive light bulbs?
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
The defaced page is her e. It is a little boring.
Share bicycle touring info worldwide: http://wheretocycle.com
Has anyone else noticed that whenever there's bad new about Microsoft, MSNBC always seems to be the first to report it? Do you suppose that at the first sign of something that might result in bad press, Microsoft immediately gets MSNBC the story, thinking that at the very least, it can use the situations to bolster the network's credibility?
--
Wage Slave Journal
Hmm. The never-ending hack/crack debate. One the one hand, using "cracked" is obviously inappropriate, since the term already had a meaning in computer security prior to its application in 1984 to people who break into computers. It has, for as long as anybody remembers, described people who break the copy protection of software. This usage far predates the usage cited in the Jargon File (which itself admits to the 1984 date).
On the other hand, the term "hacked" is obviously inappropriate in this case. This system intrusion was merely the work of a script kiddie, it appears, and hence is not any sort of hacking.
We need a verb that means "broken into by a script kiddie," so as to differentiate from "broken into by an intelligent security expert" (which I'll continue to call "hacked") and from "breaking the copy protection of" (which I'll continue to call "cracked."
I personally prefer to use the term "hax0red," which, helpfully, is what they often call it themselves, so it should not be hard to have this term adopted. This differentiates from mature, intelligent people, who use "hacked," to describe their work (whatever that work may be, be it kernel hacking or NT hacking) and the script kiddies who use 3l33t sp33k to describe their work. It also allows "hax0r d00d" to be used as a convenient synonym for "script kiddie."
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
William Henry Gates III, owner of the most successful software publishing business ever, and some say arguably the richest man on earth, startled office workers and the world today when he was found to have been cracked right in his office.
One worker, willing only to speak under conditions of anonymity, described the scene as follows, "He was wearing these terrible blue polyester trousers, bending over his PC fiddling with these wires, when it happened."
Others described it bright like a Halloween moon, with the crack almost down to his O-Ring.
Disturbing co-workers and his wife, Melinda Gates, alike, she is said to have promised to throw out his whole wardrobe today and replaced it with straight cotton. When asked, she had no comment.
Dr. Timmothy Farnsworth, a PhD. in both physics and a proctolgist with over fifteen years researching polyester effects on backsides, had this to say on the matter, "It's a well known fact that polyester drops down past the ass when a subject bends over. At first scientists assumed it was related to a genetic hip deficit trait carried by plumbers, electricians, and other blue collar workers, but now we know that it is in fact caused by the polyester material itself. Though we still don't know why. Current theory holds that polyester carries a special static electrical quotient, which along with a strong anti-anus gravitational repulsion effect, causes trousers to drop no matter who bends over."
Regardless, no official at the Redmond campus is commenting, but we're sure Mr. Gates is as red as his O-Ring after this embarrassing affair.
Worse than an untouchable, when I reincarnate I'll be lucky to return as bacteria.
Somebody put that in a sig block quick! :)
--
I'm not criticising Slashdot for posting this, but the media in general for their obsession with these petty defacements.
At what point did the LA Times stop reporting every incidence of graffiti which had felled the barbed wire security of another billboard? Really.
These silly kids are being portrayed as part of "hacker" groups that no one but the members themselves has ever heard of, and aren't really calling any further attention to the lack of security on most corporate networks - just to the destructive tendancies of kids with too much time on their hands, who somehow become representative of *all* computer kids. That's productive.
I'm tired of it, it's boring, and if we ignored it, it would almost undoubtedly go away - after all, the thrill is in seeing your name in lights, isn't it?
Nor have they have been yet - the 131.107 address range is a lab that is in a seperate physical location than the MSN/MS.com/MSNBC servers reside in, and are not under the same administration. These servers were likely set up by an individual or small group not familiar with the standard build specs used in production. It's not suprising they were vulnerable.
Possible, but seems very convoluted. Even for Redmond.
=VERY= unlikely. Microsoft are listed as a highly prominent target, and (despite what the article may say) crackers aren't renown for being cowed by the threat of retribution.
This feels more likely. Windows NT is not the paradigm of security. Besides, what is "Microsoft" seems to change with every report. Microsoft's Hotmail has been cracked, as has (I think) MSN. I'm sorry, but it's not exactly the first time Microsoft has had a server cracked.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I think that this is a perfect example of system administrators not taking the time to install each of the patches that make NT server the most secure platform known to man.
Ok, but you have to take into account how many machines are running which OS. Macs rarely get cracked, but then there aren't many of them out there running webservers.
:)
, it's a bit more interesting. Assuming sites are hacked at random, (which is probably a very bad assumption) NT is hacked a bit more than Linux, Solaris even more than NT, and FreeBSD is in fact pretty low. If I did my math right. :)
I tried to include some tables in here but I can't remember how to switch to a fixed-width font, so we'll skip it.
But if you try to normalize the "hacked" percentage based on the distribution of the OS in the webserver population (http://leb.net/hzo/ioscount/data/r.9904.www.txt)
Remember back in the early 90's when stalkers were the rage in hollywood? If only there was an internet in 1992 this guy would've gotten busted not for cracking but for posting a love letter.
The Police will never catch him then, will they?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
ACK!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Heh. The ultimate hack will be if someone can gain access to all of the NT servers supposedly controlling BG's big mansion in Seattle.
I can see it now..... "HONEY! THE GARAGE ATE THE BABY!" "WILLIAM!!! I TOLD YOU TO STOP LEAVING YOUR FAVORITE NERD NYMPHOS WEB SITES ON THE 100 INCH SCREEN!!!!" "Dear, I swear....it wasn't me!"
Ah....dreams......