Follow Slashdot stories on Twitter


Forgot your password?

Software Giants Seek Friends Among Hackers 95

Carl Bialik from WSJ writes "Big tech companies are engaging in a full charm offensive at the Black Hat hacker conference as they seek to convince hackers and security researchers to work with, not against, them, the Wall Street Journal reports. Among those being courted: HD Moore. The suitor is his erstwhile foe, Microsoft. From the article: 'Microsoft plans to wine and dine Mr. Moore at a party at the fancy Palms Hotel. A Microsoft security executive wants to meet with him to discuss his latest work. And earlier this year, the Redmond, Wash., company invited him to speak at a Microsoft-sponsored conference on security. "There were a few tense silences," says Mr. Moore, 24 years old, who lives in Austin, Texas. But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"
This discussion has been archived. No new comments can be posted.

Software Giants Seek Friends Among Hackers

Comments Filter:
  • by MrSquirrel ( 976630 ) on Thursday August 03, 2006 @03:20PM (#15841946)
    Microsoft: "Welcome Mr. Moore -- it's a pleasure to meet you in person. What's that? You want a hug?"
    *they hug* Moore: "Well, I must be going"
    *he leaves*
    Microsoft: "...wait a minute... HE STOLE OUR WALLETS!"
    • Too risky- MS might use the hug to knife him in the back.
    • by mmell ( 832646 ) on Thursday August 03, 2006 @03:43PM (#15842128)
      Embrace . . .

      Extend . . .

      (wait for it) . . .


      "Hi! I'm Clippy! I see you're exploiting loopholes in Windows. Would you like to:

      "* Tell your zombies to phone home for a head count

      "* Plant a malicious WMF at a popular web site to get more zombies

      "* Do some illegal file sharing (since all file sharers are black hats)

      "* I'm not a script kiddie and don't need any help

      " (CANCEL) (OKAY)"

    • by Anonymous Coward
      Seems all Microsoft's recent friends are their former enemies.

      They bought all the Linux anti-virus companies out there. Groove used BDB (from sleepycat now Oracle), and they bought them. Sun's their best buddy in the SCO affair.

      And in our company, they pay us to port our stuff from competing platforms to theirs.

      If only they treated their partners as well as their enemies, perhaps Micrsoft partner companies would be doing better. Instead they like competing with partners and befriending their enemies.

    • by GarryFre ( 886347 )
      Yep, I totally agree. Common sense and the ability to determine who would truly become a friend, and who will end up being a paid vandel is important. At the college where I worked, I caught a person hacking into the system, and I turned him in. My boss hired him on the spot to be in charge of security. I told my boss that I did not get the feeling that this person could be "Converted" by hiring him. At the time I was not a particulary good judge of character, and I still have more to learn. My boss did no
    • Such a good feeling, it thinks.

      What dog drives across the fish turtle pond, you say?

      Friends among Hackers or Hens among FRACKERS? (that was a Spoonerism...)

      They don't deserve HACKERS until the asshole businesses and advertiser learn to distinguish between HACKERS and CRACKERS and get over the "hidden" dislike of the second term. I'm sure if MOOKERS were the good guys and ROOKERS were the bad buys, the marketers and tech media would have NO problem whatsoever using "ROOKERS", despite the sexual connotation.
  • by strazzere ( 882662 ) on Thursday August 03, 2006 @03:23PM (#15841972) Homepage
    "You're less willing to publicly humiliate someone you know in real life,"

    Does that mean I should try harder until they buy me dinner?
  • Now the company has surpassed other software vendors when it comes to currying favor with researchers, says Jon Ellch, a 24-year-old researcher in Monterey, Calif. -- "at least in terms of the number of beers (it) bought for me."

  • What??? (Score:4, Insightful)

    by fullphaser ( 939696 ) on Thursday August 03, 2006 @03:26PM (#15841994) Homepage
    I don't think he just went soft like that, you don't go from black hat to employee in only a few months flat (or if you did you pish poor example of a black hat.) I think they payed him out the tail to promote their own agenda
    • I don't think he just went soft like that

      Courtship from microsoft would certainly cause me to go soft pretty quickly.

    • Re:What??? (Score:5, Funny)

      by ResidntGeek ( 772730 ) on Thursday August 03, 2006 @04:09PM (#15842339) Journal
      you pish poor example of a black hat.

      Not true. Black hats do anything they want to entertain themselves, with no regard to the law. They'd gladly take jobs doing what they do for fun. They're not like evil villains in the movies, who do bad things because they're bad people deep down inside, and need a good-looking hero to go kill them.
  • by quokkapox ( 847798 ) <> on Thursday August 03, 2006 @03:26PM (#15841995)

    Microsoft is quite [] capable [] of this [] all by themselves [].


  • Good job, Microsoft, just give the enemy more info on your employees and practices, that's a great idea. Why don't you just slap up an FTP site with a binary of Windows and hand him the URL? I'm sure he'll feel real bad about using what he learns for evil for a few days, until he decides it would be cooler to use it and be the undefeated champion of the black hat universe.
  • by Klaidas ( 981300 )
    But they are not the first ones to do this...
    Do you remember Mitnic?
    He offers security consulting services through his company Mitnick Security Consulting, LLC and has co-authored two books on computer security.

    (Source: Wikipedia)
    • Mitnick is a shithead. He broke the law, then got screwed in prison, now he milks it all he can. Cuz he's the notorious kevin mitnick. Oooh lala. He exploits the fact that people are lazy and incompetent. Not exactly news.

      That prick should go out and contribute something of meaning to society. I mean, other than his contempt for "the man."

      • "Mitnick is a shithead. He broke the law, then got screwed in prison

        Mitnick was held in prison with murders and psychopaths for four years eight months in solitary until he 'confessed'. The only people doing the screwing were journalist John Markoff and Tsutomu Shimomura. It was Markoffs sensationalist articles that caused Mitnick much noterity. What Markoff never told him was he was both working with Shimomura and also feeding information to the FBI. At the same time cultivating a friendship with Mitni
    • Do you remember Mitnic?

              He offers security consulting services

      Mitnick was hacker, now offering security...???!

      Translating it into MS case....???!
      They screwed everybody, now they are offering screwing-on-demand?

      Does that sound right?
  • by tomstdenis ( 446163 ) <> on Thursday August 03, 2006 @03:35PM (#15842073) Homepage
    I've been to dinner with people from Microsoft, Intel, AMD, Broadcom, Sandisk, the DoD, CRA (Canada), etc.

    It's fucking dinner.

    Wait till they offer him a grant, job or other swag to be impressed. If they gave him a grant to bash the shit out of Windows that'd be impressive. A $50 dinner on the strip is not (though free eats is good)

    • Wait a minute. You mean to tell us that you went out to dinner with folks from Canada Revenue Agency (tax collectors) and THEY paid? Something's fishy...
      • They were at a security conference (don't ask, I didn't) and we went out for supper after one of the sessions.

        The point is, not all dinners are formal meetings. I seriously doubt the CRA or DoD or the other half dozen groups I've gone out with for dinner or whatever were on official business. Hell, I work at AMD. Doesn't mean everyone I go out to dinner with is taking part in an official AMD sanctioned meeting. Means I work at AMD and I decided to buy dinner for a friend. Big deal.

        My point was that whi
    • He was offered a job at Microsoft, but he turned it down because he thought it would limit him.
    • The difference is, I doubt you're the kind of person Microsoft sincerely wishes would just disappear. Or at least shut up and sit down.

      Hey, even better, if you could get this guy on-side you could turn him around and point him at other peoples' products. Then he wouldn't even be a liability - he'd be an asset!

      Oh yes.

      On July 3, Mr. Moore got an email from Mike Reavey, a manager at Microsoft's security-response center. Mr. Reavey was concerned that Mr. Moore's latest project -- a high-profile effort to cata

  • Time for a Quote (Score:3, Interesting)

    by in2mind ( 988476 ) on Thursday August 03, 2006 @03:42PM (#15842125) Homepage
    The best way to destroy an enemy is by making them a friend.

    Abraham Lincoln

  • "You're less willing to publicly humiliate someone you know in real life," he says.

    Unless they're someone who really deserves it, in which case, I find it easier.

  • by kcbrown ( 7426 ) <> on Thursday August 03, 2006 @03:48PM (#15842170)
    But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

    The problem with this is that it's an illusion.

    Corporations are composed of not just a single person, but of many people, each of whom has an agenda. Most of those people tend to limit their thoughts about the decisions they make on behalf of the company to the benefits that decision may bring to the corporation and to themselves, and perhaps to the possible harm the benefits may bring to the corporation and to themselves. The last thing to enter their mind, in general, is the impact the decision may have on individuals outside the corporation. The more conscientious types may consider that, but such people appear to be rare, and such people in positions of great influence within a corporation appear to be especially rare.

    So while this person may being to believe that the corporation he's dealing with is somehow now more "human" as a result of his dealings with specific individuals, he's making quite a few bad assumptions, not the least of which is that the people he's dealing with have a large amount of influence over the actions of the corporation. That's almost certainly not the case, and yet the actual "humanity" of the corporation depends on it.

    The bottom line is that this guy (Moore) isn't nearly cynical enough, and is likely to get burned.

    The very purpose and nature of the corporation, to shield the corporation's stakeholders from the consequences of the corporation's actions, are exactly why the corporation can never be "human" in any meaningful way, except perhaps in a psychopathic sense. The numerous experiments (e.g., those involving simulated torture, imprisonment, etc.) that have been done in which the individual is shielded from the consequences of his actions are proof of how much of a person's humanity is lost from that. The corporation is a formal embodiment of that separation. In light of said experiments, the consequences should be obvious, and the typical behaviour of corporations is further proof.

  • Translation (Score:5, Insightful)

    by overshoot ( 39700 ) on Thursday August 03, 2006 @03:52PM (#15842192)
    they seek to convince hackers and security researchers to work with, not against, them

    In other words, "Shut the fuck up about all of the stuff you find until we quietly issue a patch. If we get around to it. Oh, and here's an NDA that gives us your nads if you talk in your sleep."

    • A few days later, Mr. Moore sent Mr. Reavey [a manager at Microsoft's security-response center] a wish list of changes he hoped for from Microsoft. Among them: Give researchers more information about vulnerabilities and tone down the bulletins blaming researchers for disclosing flaws.

      Mr. Reavey responded in an email that "change is a bit slower than you might think." But as a final point, he added, "I really appreciate the dialogue."

      So... tell us first, STFU & we're going to blame you if you open your t

  • by Itninja ( 937614 ) on Thursday August 03, 2006 @03:54PM (#15842209) Homepage
    Mr. Moore sips a latte on his veranda on a brisk autumn morn. Some movement in his peripheral catches his attention. 'What the hell is that?' he wonders aloud. He tries to flick the small red dot from the front of his housecoat. Then with sudden horror, he realizes that that little dot is a projection. A laser projection. From a Microsoft sniper hidden in the shadows and fog. As he falls, dying, his last thoughts are of his recent dinner with Microsoft execs and what a naive fool he was to believe they loved him.

    The assassin approaches the body and Mr. Moore. With a small shoulder radio he signals the job is complete.

    "That's right. We got him. You shouldn't have to worry about Michael Moore any more" the assassin gloats.
    "What?!" the voice on the line exclaims.
    "I said I tagged that fat ass. He's dead. Let's see him make another inflamatory documentary now!"
    "You killed MICHAEL Moore? Aw, crap...."
  • It's about time (Score:3, Interesting)

    by dave562 ( 969951 ) on Thursday August 03, 2006 @04:00PM (#15842253) Journal
    I have been saying this for a while and I'm glad that the executives in charge of things are one the same wavelength. The computer underground is full of brilliant people with the knowledge that will make products better. Microsoft doesn't even need to put people on the payroll. They can simply pay them as consultants. It's a great situation for everyone involved. Microsoft gets knowledge that the typical programmer who has gone the legit route through college and computer science will not have. The black hats get paid for their fresh sk33lz and the rest of the world gets a better, more secure product.
    • It would be cheaper to put him on the payroll.

      Too bad your headtop set wasn't set to receive the from the executives on the same wavelength.*

      *Unless said executives include Rob Glaser, Larry Ellison, or Jonathan Schwartz
  • It makes perfect sense to have an alliance going between the two. I am glad that Microsoft is taking all these initiatives to try and improve their software. They took over Sysinternals some time ago, which gives me a hope that I may not have to go googling to find tools for Windows and will in future find them in Windows.
    • More likely you'll have to google more to find good windows tools, as they'll take the good ones, strip out the good stuff and then add them to Windows, where they'll be only slightly better than useless.
      If you can't make something better, buy out the opposition and bury their product.
  • The problem with a collaboration such as this is Microsoft won't really be serious about it. If Moore tells Microsoft the real facts about Microsoft security and what they will likely need to do about it, in that truth are mostly things Microsoft really doesn't want to hear and they will just go into denial about it. Moore will end up frustrated, his contributions falling on deaf ears...

    On the other hand, in the meantime Microsoft will have distracted a potential foe, and Moore will have made some $$$, b

  • by Eudial ( 590661 ) on Thursday August 03, 2006 @04:20PM (#15842416)
    In the words of Admiral Ackbar: It's a trap! ;-)
    • To continue the Star Wars motife, here's what Moore and Microsoft are probably thinking about each other right now:

      Lando: "Yes I said closer! Get as close as you can, and engage those Star Destroyers at point-blank range!!"
      Ackbar: "At that close range we won't last long against those Star Destroyers."
      Lando: "We'll last longer than we will against that Death Star, and we might just take a few of them with us!"
  • Ah beer, the great greaser of wheels:
    Last year, Microsoft also invited researchers to give presentations to its employees at its own security conference. Now the company has surpassed other software vendors when it comes to currying favor with researchers, says Jon Ellch, a 24-year-old researcher in Monterey, Calif. -- "at least in terms of the number of beers (it) bought for me."
    • Now the company has surpassed other software vendors when it comes to currying favor with researchers, says Jon Ellch

      But what if you'd rather not have Indian food?
  • "You're less willing to publicly humiliate someone you know in real life," he says.'"


    Try me. I'd happily humiliate Microsoft at every opportunity even if I was sleeping with Melinda.

  • I got no problem with Microsoft taking him out.

  • ..and you've got us on your side ;)
  • Note the inclusion of Oracle and Cisco in this list.

    Oracle has one of the worst records on fixing vulnerabilities, running up to a year. I'm too lazy to google up the specific vulnerabilities.

    Cisco's record is worse []. I coudn't find the article I was looking for, but there was a recent case (in the last year IIRC) where an security researcher in a South American country notified cisco of an issue. After a period of time, he decided to go public (hazy on the details) and cisco did everything they could to shu
  • I'm picturing that scene in The Matrix where the agents are talking to Neo and he just gives them the finger.
  • by drmancini ( 712059 ) on Friday August 04, 2006 @05:57AM (#15845353) Homepage
    Ms: As you can see Mr. Moore we've had our eye on you for some time now. It seems that you've been living two lives. In one life, you're H. D. Moore a 24-year old geek, you have a social security number, you pay your taxes, and you help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias H.D. and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not. I'm going to be as forthcoming as I can be, Mr. Anderson. You're here because we need your help. My colleagues believe that I am wasting my time with you but I believe that you wish to do the right thing. We're willing to wipe the slate clean, give you a fresh start and all that we're asking in return is your cooperation in bringing a known system to a functional state. Moore: Yeah. Wow, that sound like a really good deal. But I think I got a better one. How about I give you the finger... and you give me my phone call.

Last yeer I kudn't spel Engineer. Now I are won.