The Media on Microsoft's "Crack this..." ploy 162
Greyleaf writes " Check out this ZDNet story that sheds a bit more light on Microsoft's "security challenge" woes. It appears that Windows 2000 didn't even need any cracker help for its first crash and gives a brief mention is also given of the LinuxPPC challenge." MSNBC also picked up the story.
Re:What I would like to know (Score:1)
Not using NT, I wouldnt know what would cause an event.
Re:Come on now (Score:1)
Re:Use of the term 'Open' (Score:1)
IMO, probably both.
He just said no *internal* info (Score:1)
blink, blink (Score:1)
Jesus, I think I just walked through the looking glass, again.
Wondered that myself... (Score:1)
Not to mention that even when NT 3.51 was certified on 3 hardware platforms, it was only secure if it didn't have a floppy drive or network access.
Don't think it's a crash (Score:1)
From reading the other posts, it sounds like it's an automatic shutdown, not a crash. Therefore it's a feature :)
Same test sql SQL-Server 7.0 (Score:1)
Re:What I would like to know (Score:1)
Under most decent OSes, writes to a disk-full file on a normal filesystem will get bufferred in RAM until free space opens up; when the RAM's full, it has to start discarding those buffers, once it's pared down the cache and forced some processes out to swap. Maybe that's involved, maybe not. The suggestion that the machine has a lot of logging turned on so they could benefit from successful crashes has merit, though -- although I'd be logging it to a different machine with a huge pile of disks that was also logging all the net traffic. Oh well. "Poor MS."
Bull! a report from Kirkland two miles east. (Score:1)
BWAAAAAAAAHAHAHAHAHAHAHAA!!!!! (Score:1)
STILL not working! (Score:1)
Re: pushing everything into ring 0 (Score:1)
Re:well.. (Score:1)
Partial mirror (Score:1)
For those of you who haven't been able to view the site, there's a partial copy from my cache at:
http://www.instinct.org/~pgl/ww w.windows2000test.com/ [instinct.org]
if anyone can send me the other pages, I'll add them (pgl@instinct.org [mailto]).
--
The site is back up. (Score:1)
Just in case you weren't aware, it appears M$ has put the site back up.
happy hacking.
Is that legal? (Score:1)
Ben
What I would like to know (Score:1)
If somebody can fill in the details then it should be released as an official bug report. And it can then be as a vulnerability in existing versions of NT...
Cheers,
Ben Tilly
Absolutely not! (Score:1)
No, don't judge them by their language. Judge them by the same rules that you do everyone else. If they are delivering a product that will be competing in the server space, they should be hitting the same stability targets that everyone else does routinely. Particularly if the product is being marketed based on its stability!
Sincerely,
Ben Tilly
Re:You just have to love the ZDnet comments. (Score:1)
Put down that crack pipe!
Re:I cracked it! (Score:1)
Hardly. I sneezed outside last week, which caused those thunderstorms. Really. I saw Jurassic Park which explained the whole thing.
--
QDMerge [rmci.net] -- data + templates = documents.
Didn't anyone notice? (Score:1)
I don't know if MSNBC copied from ZDNet or the other way around, but either way it makes one wonder where these "journalists" are going for their info. Almost makes me wonder if someone is spoonfeeding it to them.
Re:Seattle: wimpiest weather city in history! (Score:1)
Re:Best excuse for a bug... (Score:1)
has schools scattered throughout the Redmond/Kirkland/Bellevue area and numerous problems arose. We also had highly unusual urban power failures, something that hasn't happened since a few years ago when we had 18" of snow. (Douglas Fir's don't like snow if you get my point.) This storm was highly unusual our area. Even with UPSs many many networks and ISPs in Seattle had trouble. Although I doubt that is the sole reason for the crash I would not ignore what MS has said regarding the weather.
Re:Best excuse for a bug... (Score:1)
Re:People will still buy it (Score:1)
1)Of course the interface. (duh)
2)Big time OLE "enhancements"
3)Nearly a complete rewrite of the kernel. Biggest part was the Win32 subsystem was moved into the kernal to increase performance. In WinNT 3.51 it ran seperatly, this is one of the reason why many people percieve 4.0 as less stable than 3.51.
4) Much much bigger and better hardware support.
5) Many new APIs
Whether this was good of course is open to discussion. But can I make a suggestion: you need to crawl back into the hole you came from before you embarrass the linux community with your stupidity. If you don't know anything about something don't talk about it like you do for godsakes!
New "Features" (Score:1)
Re:Best excuse for a bug... (Score:1)
Re:Nah (Score:1)
http://crack.linuxppc.org/ [linuxppc.org]
That's why... (Score:1)
Unless they pay ESR enough....
Dead, dead, dead... (Score:1)
This "challenge" is a sham. (Score:1)
So what do we have?
This is a sham. For a *real* challenge:
Standard install of Windows 2000, IIS, and Microsoft Office 2000, installed according only to information that comes with the manuals included with the software. NO OTHER INFORMATION can be used in configuring the machine.
Now, put THAT outside the firewall, and see how fast it gets cracked.
--
Not to mention hitting submit 3 times [nt] (Score:1)
"It's Brazilian"
Re:New "Features" (Score:1)
But, Windows IIS was nice enough to lock pages, while I was editing pages over smb at a clients site.
So unless they've updated IIS behaviors, you need to stop it in order to update the status page.
Re: "High Availability" (Score:1)
People will still buy it (Score:1)
Re:Beta and Switch (Score:1)
No, I don't work for the Enemy, but we have the beta ware at the office, and will be putting it through the wringer in the next few weeks...
Re:Didn't anyone notice? (Score:1)
If you've seen any Ziff-Davis computer-related magazine, it's pretty obvious that they grease up and bend over whenever Microsoft is involved. It should be no surprise if one just copies the other. Either way, it all comes from the same source: Microsoft's memetic engineering (i.e. PR) department.
---
Have a Sloppy night!
I could be wrong (Score:1)
Yeah, I know, it's really a lease. Yeah I know, it says it's beta. But if they hand it over in exchange for money, I say they sold it. And if the sell it, then I say that it's released software.
So no, I won't cut them any slack for beta software.
Re:Beta and Switch (Score:1)
Re:I for one... (Score:1)
Re:It's back up... (Score:1)
Weather Compatibility List (Score:1)
So when does the M$ Offical Weather Compatibility List (WCL) come out, and where do I get it? Trial and error can be a frustrating thing. However, I have learned that warm rainy evenings and hot humid Sunday afternoons are NOT good Service Packin' Weather conditions. God knows what a thunderstorm would have done to my Sexchange swerver!
"Open hype" (Score:1)
Most open source users who use open source operating systems do so becouse: It's open, free, Unix based, or Not Microsoft.
In all thies cases Microsoft dose not have a flicker of hope.
Windows isn't open, isn't free, is Microsoft and is so diffrent from Unix that it makes Dos look like a Unix wanabe.
Microsoft forgets to quickly it's bad name and expects casual open source users to switch to Windows as quickly as casual Mac users did with Windows 95.
In short I feel comfortable sitting back and laffing at Microsofts "open" marketting. It shows we are winning
Re:Best excuse for a bug... (Score:1)
Re:Best excuse for a bug... (Score:1)
Yep. They can be filled up (Score:1)
Why on earth they did not have them set that way to begin with is beyond me. That is always the first thing I do when I set a box up for the first time.
My guess is the same guys that set this machine up are the same guys that said "it is the weather".
Heh. Gotta love it
Mister programmer
I got my hammer
Gonna smash my smash my radio
Re:I could be wrong (Score:1)
Or perhaps it's a more recent build, if I read the articles right. Still, one would hope that by the time you got to Beta, the more recent builds would be more stable than the earlier ones.
Oh, and I especially liked the part about everything not coming up right when they rebooted.
Windows, your days are numbered. (And no, I'm not just talking about up time.)
Re:Beta and Switch (Score:1)
I'd almost believe the "thunderstorms" part. When your ego gets to be the size of a planetoid, you tend to attract the hostile attention of the gods, and then things like inopportune thunderstorms follow.
Re:Weather and "High Availability" (Score:1)
Re:Nothing new. (Score:1)
Microsoft announces ActiveOpen(TM) (Score:1)
Further details about ActiveOpen will be made available to Microsoft Certified Developers under NDA for a fee, Microsoft said.
Re:Best excuse for a bug... (Score:1)
However, a top-ten site like Microsoft should have more available to them then a simple UPS. Such places typcially use online power conditioning, electrically isolated systems, lightning arresters, and such.
One way or the other, Microsoft loses. If you are a e-commerce site, then it doesn't matter *why* your site goes down -- it is still down, and you still lose money. A $50 billion dollar software company could not create a site that stayed up. Would you trust *your* site to them?
Lol! (offtopic) (Score:1)
Ha ha! Is this an actual product? I seriously need one.
Re:Didn't anyone notice? (Score:1)
"(c) 1999 ZDNet. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of ZDNet is prohibited."
I'm not saying permission was given, only that the MSNBC version most likely originated at ZDNet.
Re:Use of the term 'Open' (Score:1)
The word open has a track record of being misused in exactly the way Microsoft does now: i.e. pretending to be a nice neighbor while retaining as much control/power as possible. On the other hand free has an matching track record of always being in need of explaining.
Between the two the pendulum will swing back and forth while the idea keeps working just fine.
Therefore, no! I'm not getting nervous! Words will continue to get misused and we will continue to explain the idea.
Re:BWAAAAAAAAHAHAHAHAHAHAHAA!!!!! (Score:1)
Re:Best excuse for a bug... (Score:1)
Re:"Open hype" (Score:1)
Not really. It's an appeal to the naive* public. No need to remind you that "Open Source" is getting a lot of positive press (MS FUD notwithstanding). MS knows that OS developers and enthusiasts won't fall for cheap buzzword ploys (as this site so clearly demonstrates). They also know that joe computeruser and his PHB will, especially with the media's cooperation.
*Note that naive is not meant as a put-down here... it just means that the general public is not well versed in the issues surrounding open source vs. proprietary software development, nor do I expect them to be.
--
by the same token (Score:1)
Mission critical...NOT (Score:1)
A thunderstorm took out the server? A periodic, naturally occuring, predictable phenomenon? Puh_lease!? They've never heard of a UPS? Backup telecom links? Give me a break. Microsoft wouldn't know a mission critical system if they had one.
Re:Best excuse for a bug... (Score:1)
The thing I don't understand is.... what use is a UPS in a thunderstorm? Sure, if you have a power outage, you're fine. However, you're screwed if you have a power surge of any kind (particularly if you get a direct hit). Also, if the phone lines are down, or the phone lines get hit, your network will be screwed anyway...
*shrugs* maybe it's just me, but with over 1000 lightning strikes in an hour, I'm not surprised that the machine got hit hard...
Simon
Re:uh huh (Score:1)
Try looking at the history of these things -- OSX only came out recently; MS has been working on Terminal server/client since at least 97 (which is when they licensed the WinFrame technology from Citrix).
Provided, of course, that that's what you're talking about.
Content sharing (Score:1)
So that's why the articles look similar - they're the same article!
Simon
I'm sure there were... (Score:1)
Not if it's raining out side geez.. So will the world get a guarentee that W2K will be stable only when it's sunny outside -with a slight breese- while I rub my stomach and pat my head??? Power failure is NO excuse...
Every major hi-tech company has a redundant power supply. How many millions does a large company loose if there's a surge or an outage. Don't tell me that when the power goes out in Redmond everyone takes the day off cause the MS campus has no power?
[sarcastic voice] ohh... is that thunder
Re:Far be it from me to snigger, but... (Score:1)
Re:Best excuse for a bug... (Score:1)
You're wrong. Go look at APC's web site and you'll see that all of their UPS's protech brownouts, blackouts, and surges up to several thousand volts or more, and most of them even come with a warranty that pays you if your stuff gets fried.
The cheapest UPS you can buy is usually better than just plugging in your computer!
Re:What I would like to know (Score:1)
In this case I bet it was Slashdotters saying "First Crack!"
Re:Is that legal? (Score:1)
Therefore, all this networking BS is a moot point as far as certification is concerned, because as soon as you plug in that modem or network card, there goes your certification!
I've played with these C2 tools that MS puts out. After they get through with a system, your job as an administrator is not fun at all. You'll have so much reading (in the form of audit logs) that you run the risk of going insane! That, and users asking for more (temporary) rights so they can... click the start button, empty the trash, etc.
For those of you really concerned with security, this appears to be Microsoft's interpretation of C2:
Useful computer, huh?
Sorry for the sarcasm, I got a little carried away there.
Re:Is that legal? (Score:1)
Re:The site is back up. (Score:1)
I don't know what kind of security test this turned out to be, but I fully intend to use this as a reliablity test if/when the PHB start asking for win2k
Come on now (Score:1)
Oh, but weather has a lot to do with it! (Score:1)
The casks should be turned at least once a fortnight, to ensure that no bits have become lodged in the crevices.
Upon bottling (preferably into extremely flat, aluminum flasks), the barrel residue can be separately processed into a second aging batch. The result will be slightly more refined, and should be served in smaller SP glasses (for "Service Packs" -a term of uncertain origin). These are not typically available in cases, and are much prized by collectors.
timothy
I've seen this before (Score:1)
Yeah, but I survived the thunderstorms... (Score:1)
Re:Best excuse ... it was raining in Seattle (Score:1)
Seriously, if you can't hack the rain, move back to New Mexico, Bill.
24/7 and 99% (Score:1)
Far exceeeding usual MSFT standards.
I will make it legal (Score:1)
Where, oh where... (Score:1)
Arithon
"Trying to explain his technological approach to divisive issues, Al Gore has to delay a telephone interview twice because of problems with his cell phone."
-- Wall Street Journal
Ultimate Hack (Score:1)
I think this just puts a modern spin on what fire-and-brimstone preachers have been saying for decades... God is the ultimate hacker. Phear G0D!
MS better get something in the rules about "acts of god" real quick - I'd expect floods or locusts next. ;)
Good excuse (Score:1)
Well I must admit that the excuse on the weather is about one notch up on BR's "Wrong type of leaves on the line" excuses...
However, I for one am glad that two of the main news site (for me anyway) have picked up the story and publically denounced. What did Microsoft honestly expect ? A wave of applause and motivation from possibly the most anti-Micros~ group of people ? They chose to ignore the fact that crackers have previously ignored high-profile offers from the media, even with an incentive. Surely the whole point of cracking is for the thrill and the fun of being able to get in ? I wouldn't know, of course, but being paid for it is more likely to make it a chore.
What are the odds that come the press release -
"Windows 2000 stood up to x hackers trying to hack the system blah blah blah"
Re:Best excuse for a bug... (Score:1)
Now when they bring it back up under normal whether and it falls over dead, THEN you can resume.
P.S. I'm not a MS troll...
ZDNN, news and Slashdot (Score:1)
While Slashdot is basically Press Releases for Nerds and their reaction to those press releases, ZDNN (I would imagine one or two beat reporters) considers it a viable source of opinion for a "community."
While it is neat to be able to so directly influence a respected news organization, it is kind of unsettling that the collective opinions of people overreacting to press releases are considered gospel opinion for the open source, geek, or digerati community.
Personally, I would prefer that ZDNN find another way, probably more time-consuming, I admit, to gauge the opinion of what they consider Slashdot to represent. At least for a while.
Or maybe the Slashdot user community should spell out exactly who they are in some sort of declaration. Are we nerds? Are we IT professionals? Are we the technocracy? Do we speak for the open source community? Like it or not each of those has different implications, but I'd rather pin ZDNN down to one of them than to just gauge unscientifically the reaction to a given news event based on a handful of fanatical ACs that managed to have an opinion stuck somewhere in their "first post."
Who are we? None of the above, I expect. So why should ZDNN feel so confident in using Slashdot as a reliable source?
Re:Nah (Score:1)
uh huh (Score:1)
JediLuke
Re:Mission critical...NOT (Score:2)
I cracked it! (Score:2)
I for one... (Score:2)
Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty
The site is back down. (Score:2)
How's the weather up there today?
("Mst Cloudy" with scattered showers early this afternoon, otherwise partly cloudy).
Guess that excuse won't work this time.
D
----
Well, we did get in, right? (Score:2)
Nice try, but I think it's important to note that in a test where they held all the marbles, the relatively small part of the Slashdot community that took the test seriously had little trouble getting in.
After all, if it was just thunderstorms, they'd be repeating the test now - right?
D
----
Re:What I would like to know (Score:2)
Maybe this is a new Windows 2000 bug?
D
----
Far be it from me to snigger, but... (Score:2)
1. Sitting back and waiting for the machine to crash by itself doesn't count.
2. If it does go down by itself, it's for periodic (every half hour) maintenance.
3. It's not a crash, it's a prank paging.
Hmmm, God's a Cracker? (Score:2)
Eternal struggle between good and evil, anyone?
Beta and Switch (Score:2)
Over the years, I've becomme convinced that in software industry terms, "beta" simply means "we haven't started selling this version yet". All software is in development, or "beta", even after it is released to the store shelves. The only difference is semantics.
I'm pretty sure MS has put out their "release candidate" of W2K now. If so, they should be pretty darned close to "stable" as its going to be. Furthermore, lets remember that this is a Microsoft installation on Microsoft picked equipment. This is not some untraned admin trying to install W2K on some obscure hardware. If Microsoft themselves are unable to put out a stable test case, what does that say about W2K? This comes to the second point...
If MS' technology is not ready to be publically viewed "up on the internet", why are they launching an obvious publicity stunt on it?! This shows a serious lack of judgement.
Granted, this all might be just bad luck for Microsoft. But "unstable beta software" and "thunderstorms" hardly explain it away.
MS set up a nice little publicity snare and promptly stuck their foot in it. Expect the Marketing department to roll in and declare that they're not twisting in the air by their foot, but are actually flying.
Sun? I think not! (Score:2)
Open Software Foundation (hence OSF/1 if you dinna recall eh), OpenWindows, OpenLook, it's all corporate speak for "Our Unix is Open, but it's better than their Open Unix."
And BTW, OpenWindows came from Openok which was an AT&T development picked up and mutated by Sun, not something Sun came up with on their own.
If you ask me, MS is being terribly retro with this allusion to 80's era Open Systems Computing whilst peddling a Closed System. In that respect, they're very similar to those OSF corporate suits.
-M
You just have to love the ZDnet comments. (Score:2)
Use of the term 'Open' (Score:2)
Are they riding Open Source hype or are they getting ready to embrace and extend the Open Source term?
Nothing new. (Score:2)
No one is surprised that the test box crashed. I mean, people who've been using Microsoft machines for years think computers are
The only real reason people switch brands in the tech world is accountability if you ask me:
(1) If you're running Windows and someone hacks/crashes your box, you just tell your superior that it was Microsoft's fault. You can tell him lots of big companies use it (business types love name dropping) and so its not your fault something went wrong.
(2) If you're running Linux you
Just my social take on this whole mess.
SirSlud
NT Event log settings (Score:3)
In a C2 configured system, auditing system of Windows NT provides an option to the administrator to shut down the system when security audit log is filled up. To enable this, use the following key value in the registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Lsa:
Type: REG_DWORD
Value: 1
With this setting, the system will shutdown itself when the audit log full is detected. The value in the registry is reset to 2. When the system is rebooted, it only allows the administrators to log on to the machine (locally or remotely). They will be required to clean the audit log (or archive it), reset the value to 1 and reboot the system before any other user is allowed to log on.
The log is whatever size the administrator chooses. By default, the logs are limited to 512KB (Max setting 4,194,240 KB), and events older than 7 days get overwritten (this can be turned off). It is very easy to change these settings, and obviously Microsoft has done this. Then (as above) NT automatically crashes when any of the event logs fill up (System, Security, or Application).
For those of you interested enough to read this document, it is referring to NT4 service pack 0. A lot of the holes that it would have you manually patch are automatically fixed when you apply the various service packs. (Remote access to the registry, for example.)
My favorite quote from this .doc: "...the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop..."
I'm sorry, these pictures [min.net] are so good I gotta post a link again. Hey, it deals with NT security, right?
Note: I'm not a MCSE, but I play one at work.
Best excuse for a bug... (Score:3)
Ok, I am really impressed by this guy. I've been working in this industry almost twelve years now, I have not once thought to blaim problems with my software on the weather. I'll have to remember this.
"Sorry, boss. The weather was too dry when it went to QA".