Coffeehouse Thread

35 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Microsoft Begs To Be Hacked

Back to Forum: Coffeehouse
  • User profile image
    Deactivated User

    Comment removed at user's request.

  • User profile image
    W3bbo

    Lets not forget this one too

    Hmm, the site appears to have been taken down. How odd. Co-incidence? I think not!

    Slashdot follow-up here

  • User profile image
    Larry​Osterman

    W3bbo wrote:
    Lets not forget this one too

    Hmm, the site appears to have been taken down. How odd. Co-incidence? I think not!

    Slashdot follow-up here


    Um..  The /. article says that the contest ended June 8.  It's after June 8.

    Yes, it is a coincidence.  It's a coincidence that the contest is over Smiley

    No conspiracy here.

  • User profile image
    Sven Groot

    Maybe they should include a t-shirt:

    "I hacked Windows Server 2003 and all I got was a lousy Xbox.

    oh, and a t-shirt.".

    Tongue Out

  • User profile image
    Larry​Osterman

    Beer28 wrote:
    Does MS have a program of paying out for vunerability reports?
    I don't think I'm the only one that would hack windows for cash. I have the means too. Time is money, nobody should do this stuff for free.


    Please note that that contest had absolutely nothing whatsoever to do with Microsoft.

    It was from some magazine, and was in no way sponsored or supported by Microsoft.

  • User profile image
    ScanIAm

    Beer28 wrote:
    Oh, ok.


    Yeah, and that Iraqi gun buyback didn't work too well.

  • User profile image
    msemack

    Beer28 wrote:
    I just hate the idea of Microsoft getting people to do their software security audits for free.


    Most of the companies that report vulnerabilities are security consulting firms.

    Some of them are paid for their services.

    Other ones do it as a way to gain free press.  The Microsoft bulletins often include a comment like "Thanks to company eEye for discovering and reporting this vulnerability."

    Think about how many people read those bulletins, and how most of the people reading them are interested in security.  If I worked for a computer security consulting company, it would be a great way to get our name out to people interested in our services.

  • User profile image
    manickernel

    Beer28 wrote:
    Time is money, nobody should do this stuff for free.


    Beer, beer, beer...doesn't this contradict your whole philosophy of life?

    A good security analyst/vulnerability tester can bring in $125-$250 an hour. So if you have the time and competence is a great field to get into. 

  • User profile image
    DoomBringer

    Beer28 wrote:
    I just hate the idea of Microsoft getting people to do their software security audits for free.

    Isn't linux the same thing?

  • User profile image
    Michael Griffiths

    Beer28 wrote:

    Sure people should write public code for free, but they shouldn't help microsoft for free. There's no reason to. The public doesn't benefit. You're not helping humanity or even yourself by sending in exploit reports to microsoft and having them benefit from your time.
    That's all I'm trying to say.


    Oh, my.

    That made me laugh. Smiley

    Whatever happened to that argument that Microsoft had to keep patching pirated systems because the integrity of the internet depended on it? If you accept that argument, than how can you turn around and believe this?

    By reporting security holes, you're helping Microsoft to patch their systems... so malicious people don't exploit them and harm the public.

    Microsoft doesn't charge for downloading their patches... but oh, what's that? Some Open Source OSes do? They charge for support and downloading updates? My god! If you submit a patch to fix the vulnerability, go away and come back, you have to buy a subscription package to download the updates!

    Not all Linux systems, true, and not even most. But the ones that are trying to be productive... yes, they do generally.

    They give away the product and charage for the updates. It's the only alternative business model to Microsoft (ironically, its opposite), and the only one that works in an OSS enviroment.

    Interestingly enough, it's also a model Microsoft would quite like to adopt... software as a subscription.

    Beer28 wrote:
    If you patch linux or another free system like BSD, and your patch is applied to the main tree, then you come back a few months later after not using it and it's there, you benefit. Your additions to public software will be there for you to benefit from for time to come. If you submit a patch to microsoft, get rid of the system then you come back and want to use a new version with your vunerability patched, you actually have to buy your own patch back from them.

    That's silly. I mean, ultimately you'd be giving them something that they are going to charge for explicitly. That's the huge difference for me.



    But Microsoft isn't charging you for your patch... they are charging you for the amount of money it cost them to implement the patch, right?

    Certainly arguable.

  • User profile image
    Khamul

    I have removed my original text from this post due to fears that the it and the Code of Conduct may not be in agreement.

  • User profile image
    Steve411

    Pirates of the future! Arrrr, mateys!

  • User profile image
    sbc

    Not patching pirated systems would be a bad thing. Just because they have not paid for Windows, doesn't mean everyone has to be penalised by those machines sending out spam and viruses due to not being able to patch.

    Non security updates could be another matter though as not having them does not make a system less secure.

  • User profile image
    Loadsgood

    Beer28 wrote:
    It should be code named: "Judgement day", and they should release the update on Christmas day.


    Well that was a completly stupid and pointless comment.

    Your Linux advocatism (is that a word? It is now.) used to be smart and creative and actually make Microsoftians like you. But over the weeks and months, your comments have gotten worse and worse. Now they are just dribble worthless shizen. Nothing againest you, just the comments againest Microsoft are baseless and usually don't make any literal sense. Heh, if you left now people wouldn't be begging for you to come back like the last time.

    Beer don't over react to my comments and threaten suicide. Take them the way they should be taken, twice a day three times a week (Joking! Big Smile). Seriously you should use this as advice and change your fighting Microsoft ways to a more creative and truthful commentation on Microsoft. Promote Linux, but don't demote Microsoft because you don't like them. Compare the two and see what pros and cons both have and then use that info and tell us why Linux is so great and why we should switch to it.

    I just want you to use ideas like these to bring back the old Beer who made Linux look good. Not like a blabbering wacko from /. who just pushes people further away from Linux and towards Microsoft. If you don't want to do this, what can I do? Nothin' but if you do, life online will be the better for it.



    Do you dare change your "Microsoft == evil, no explanation available." ways?
    Loadsgood.

  • User profile image
    msemack

    Beer28 wrote:
    Sure people should write public code for free, but they shouldn't help microsoft for free. There's no reason to. The public doesn't benefit. You're not helping humanity or even yourself by sending in exploit reports to microsoft and having them benefit from your time.


    Yes, they DO benefit.  Did you read my post?

    It's free publicity for the company that discovers the exploit.  On top of that, it's free publicity in a very specific market segment.

    Think about how much business eEye has been able to drum up from their security work for Microsoft.  Anyone who reads Microsoft security bulletins knows their name.

  • User profile image
    AndyC

    Beer28 wrote:


    gotcha, I meant individuals instead of security auditing firms.


    So let me get this straight...

    I identify an issue and report it to Microsoft.

    Their security response team confirm the issue, isolate the responsible code, develop a patch and regression test it.

    It then gets released on Windows Update, upon which I download and install it.

    And you think I don't benefit?

  • User profile image
    AndyC

    Beer28 wrote:

    On the other hand I think they'd rather people keep on pirating software than using alternative systems. If they were so against piracy, they'd have put a stop to it a long time ago.


    On the contrary. Microsoft have considered doing something like this before, with both of the XP service packs. Both times they've backed down.

    There are too many problems with that approach. Firstly, what happens to all the customers who have inadvertantly purchased pirated copies (and yes, there are lots of them) do you just leave them to suffer? Secondly, what happens if the code designed to spot a "pirated" copy is flawed, misidentifying legitatate copies and disabling them (which was apparently common with one of the SP2 RCs).

    What's more, the minute those who are intentionally pirating Windows hear of this, they'll just make sure not to install that particular hotfix. So the only people getting hurt will be the genuine customers.

    It's not an easy problem to solve.

  • User profile image
    Sven Groot

    That's nonsense. If the system checks the signature of a file before loading it and someone wants to hack that file, they simply also need to hack the signature-checking code.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.