Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Microsoft Cracked 299

jhughes was the first to note an article on Microsoft being cracked that (ironically enough) appears on msnbc. Not any of their "Main" sites, but it happens. Its an odd story about a lovesick cracker. Very strange.
This discussion has been archived. No new comments can be posted.

Microsoft Cracked

Comments Filter:
  • I have a frriend who worked at MS. During the orientation they spit out a bunch of stats about the network. One of those was that there are 2,000 + serious hacking attacks on MS's networks everyday. (The speaker did not define what "serious" was.)
  • <FLAME>

    And 99% (by your estimation anyway) call an "External Modem" a "Blinky Thing". And 99% call a "Network Card" a "thing that connects your computer to somebody elses computer". And 99% call "RAM" "space", and "Hard Drive" "space", completely oblivious to the difference.

    Sorry, but just because people with little or no relation to a subject mislabel it does not mean that it is time to relabel it. So "close" the "web", turn off your "hard drive" and "screen", and go find someone else to bother with your name changes.

    </FLAME>

  • Anything above a ping :-)
  • NOT. Scatological humor is lower than puns on the comedy scale. Hmmph!

    Xlib
  • When the UNIX Y2K problem occurs in 2036, any unices not running on 64 bit systems (or at least 64 bit time_t's) will roll back to this date.
  • "They" is wrong for the singular due to the fact that its plural. At least to my ear, that sounds just as bad as "He or she", which is awful in and of itself.

    Why is it such a big deal to use "he" by default? I know Spanish does and I'm pretty sure most other Romance langauges do, as well. It's a generic term for a single person. "She" is specific to females, ships, and some computers (though some psychoanalysts would probably have interesting comments on the last use). "He" can refer to someone or something that is definitely male (" When Alberto Thomba won his third gold metal in the GS, he proved that his career was not yet over.") or in a generic sense ("He who slings mud looses ground.").

  • Terms like 'Cyberjacking' or 'Webjacking' have already been taken by the media for describing techniques of 'stealing' webhits - taking sitenames that are very similar and dumping false META tags in your code just to get search engine hits. So. Y'know, you can try it, but the mass media gets better exposure than a lone slashdotter. :)

  • It's amazing, a company that can't make a secure OS to save itself seems to actully do a pretty good job at securingh it's own sites. Blind luck? who knows! :)
  • I suggest 'fucked'. For two reasons.
    1. It's probably the only chance for most of these kiddies to fuck anything.
    2. There's something about the headline "Microsoft Well and Truly Fucked" that appeals.
    3. Three. Three reasons. When was the last time you got to rant at someone saying "they're fuckers, not crackers!"?


    LOL, I second that suggestion.

    Bob, the "fuckers" broke in again. :-)
  • by BlueCalx- ( 59283 ) on Tuesday October 26, 1999 @01:31PM (#1585710) Homepage
    It looks like that, since MS was compromised, that flipz has done a job on some other pages of note - many being military boxen, most on NT :) Here [attrition.org] is attrition's "record" on flipz - it includes all the sites he(she?) has compromised and it also has what all of the pages look like. Neat stuff, imo ;)
  • I had a thought. I know that not everybody writes this stuff the same way, but would some Perl guru want to give a l33tsp33k to english converter a try? I'd do it, but I'm not a Perl guy.

    Then I could really say that something about that unintelligeble dialect actually impressed me. Heh.

  • Yes it's all a big conspiracy. They want you to think they have journalistic credibility, and when they've finally lured you in they will begin telling you lies and you will believe them and you will all become slaves to Microsoft and their people controlling media!

    Why does everything have to be a conspiracy theory around here? If CNN's network got hacked, who do you think would probably be the first to report it?

    "OH OH!@ SOMETHING WITH MICROSOFT! MUST BE A CONSPIRACY!!@$" Don't forget that there is also the NBC part of MSNBC. Microsoft for the most part just helps provide technology, there is no big microsoft censor checking all the news making sure that it is inline with their way of thinking. Furthermore, many of the reporters are private contractors who write articles and submit them to be published and are paid individually for each article. One journalist who often writes articles for the technology section of MSNBC, Krakow, is a big linux fan and often writes positive articles about alternative operating systems. No more than what CNN would do, no less. So let's just lose the whole big Microsoft conspiracy bit.

    -Ashen-
  • My post appeared first at #3 or 4... for some reason, for a period of time it was actually the FIRST post you'd see on the list... and now it's here. All of the posts appear to fluctuate somewhat, I don't know why, but perhaps one of the Slashdot Engineers can explain it.

  • The problem with the MS sites crack-wise is that they are very careful and have some truly state-of-the-art firewalls and proxies and whatnot, not to mention I'd wager everything is being load-balanced and round-robined, making it even more of a headache.

  • What a well articulated rebuttal!

    If there was ever any doubt in my mind that people like you should run the world, it was just eleveated! thank you!
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • it's not that my post came first, because #8 is of course after #6, it's that it _appeared_ before #6 on the list. I don't know why that is, just as I don't know why at one point my post (#8) appeared to be the first one on the list. I suspect it's some weird after affect of all this moderation/karma/metamoderation stuff.

    Or perhaps it's a distortion in the space/time continuum.

  • it says this is the first time any ms web page got hacked but that isn't true.

    i _very_ clearly remember microsoftoffice98.com or microsoftofficeformacintosh.com or SOMETHING being hacked on halloween of last year. It said something like "happy halloween bill gates" and had a scull, or something. did anyone see this? attrition.org has no reference to it.
    ANyway the point here is that a microsoft site _has_ been hacked before, and i've seen it, although it's possible that (like this recent hack) it wasn't hosted by the people running the main microsoft cluster of IPs or whatever.

    anyone notice that msnbc called Attrition a "reliable computer security site "? Nice to see the media taking note, for a change, of people who don't work for antionline. (although i wish attrition would add a search function to their hack mirror, or at least make it an option to download the whole thing as one long file so i can just command-f..)

    I guess we'll all be wondering forever what the hell "uncertainty.microsoft.com" was.
  • Hacks from http://www.attrition.org/mirror/attrition/os.html:

    _ _ 08/1999

    _ _ Win-NT - 106 - 35.93%
    _ _ Solaris - 77 - 26.10%
    _ _ Linux - 68 - 23.05%

    _ _ 09/1999

    _ _ Win-NT - 82 - 32.54%
    _ _ Linux - 72 - 28.57%
    _ _ Solaris - 62 - 24.60%


    Installations from http://leb.net/hzo/ioscount/data/r.9904.www.txt:

    _ _ _ _ _ _ _ _ _ _ _ _04/99_ _%recog
    _ _ _ _ _ _ _ _ _ _ _-------_ -------
    _ _ _ _ _ _ _ _Linux_ 295003_ _ _28.7
    _ _ Windows 95/98/NT_ 253520_ _ _24.6
    _ _ _ _Solaris/SunOS_ 194281_ _ _18.9


    By putting the 08/1999 hacking numbers with the 04/1999
    server os numbers we get the following hacks per host:

    _ _ Win_ _ _0.042%
    _ _ Solaris 0.040%
    _ _ Linux_ _0.023%

    Not very scientific but interesting. Of course OpenBSD
    kicks everyone's ass. Linux really should have someone
    doing source code audits.

    Sorry for the screwed up underscores. Slashdot made me do
    it. Set your brower to a fixed width font for best results.
  • Maybe Microsoft does have a security strategy. Don't make a system secure at all, and then people will leave your site alone because it is not a challenge to break into. ;)
  • Just because a person or group broke into 11 websites doesn't make them hackers. It just means they found 11 websites vulnerable to one of the many rootshell.com exploits.
  • ..or does anyone else find it weird and disturbing that script kiddies merrily try to hack vandalised HTML into everything from government sites to the military, but they are supposed to be afraid of _Microsoft_ retribution? What's that about? I would have thought that such people would be more worried about _military_ retribution, or government retribution. Do they know something we don't? If it's a lot of nonsense, why is MSNBC putting it forth as an explanation?
  • Now you see this wouldn't be happening if MS was using G4s. :)

    Ozwald
  • by Anonymous Coward
    Instead of cracking into a page and defacing it, why not another strategy. Why not instead make the site look broken. A piece at a time, make changes to the site to drive the users of the site crazy. Then when you detect activity by the sysadmin or webadmin to really investigate your the problems, post your hacked page. With subtlety, it could go on for months. And we all know how much web surfers love broken pages. Break the M$ Java script, make the search engine behave oddly. So many possibilities. That is power and cleverness folks. Just a thought...
  • Offtopic:

    Interesting how this post (#8) was moderated up to Score: 3 - Funny, but post #6 [slashdot.org], which came first, was moderated down as Score: 0 - Redundant.

    How was 6 redundant?

  • by wrenling ( 99679 )
    I smell a new service release coming out REALLY SOON now....
  • You mean the bun is the lowest form or humor?
  • by Trepidity ( 597 ) <`delirium-slashdot' `at' `hackish.org'> on Tuesday October 26, 1999 @01:43PM (#1585730)
    I don't think we need to invent terms. Invented labels invariably either 1) don't catch on or 2) become self-parodies. Languages evolve naturaly, when a sufficient portion of the population collectively "decides" that a new term is warrented. Why can't we just say what happened:
    A web page was (defaced/altered) by an unauthorized person?
    Yeah, it's bland, but it gets the point across without falling into this whole cracker/hacker (f)lamewar again.


    That sounds good to me. I was mainly objecting to the term "cracker" being inappropriately used in this context, and trying to suggest an alternative. "defaced" is certainly fine as well.

    To get back to the article, I personly find it disheartening that this poor kid (I assume) who's been playing around is worried about being arrested for what amounts to causing someone to take five minutes to restore a backup. Yes, his actions are immature, and yes there's too much of this kind of thing going on, but fuck, the punishment should fit the crime. He deserves detention or summer school, not jail-time.

    Definitely - there seems to be a level of paranoia about 12-year-old "superhackers" that makes people think they're a danger to society. The punishment should be the same as punishment for any other sort of vandalism that caused about $2 in damage that's easily fixed. Whatever punishment you'd give to somebody who sprayed shaving cream on your car is what you should give to this kid...
  • this is all true but..

    from what i've heard there were storms in Redmond so we can't blame any of this on Microsoft :)

    matisse:~$ cat .sig
  • You can bet that the Washington Post would report it if someone spray-painted graffiti on the White House.

    I can see the headlines now, "House of Bill Defaced"

    #include "stdflamethrower.h" - stolen from another /. poster

  • Do you remember that whooshing noise you heard just before posting? It was the sound of the joke flying right over your head.
  • an odd story about a lovesick cracker

    That sounds like a work by Tennesee Williams...

  • Oh, come off it. You expected me to counter psycho-babble with more babble? Puhleeze.

    Well, yes, or at least a well reasoned responce. it is possible to not post at all, you know.
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • You know, That hacker slang, at least on the surface would be a good way to keep info fromechelon... but when you think about it wouldn't be hard for the NSA to pickup on stuff like that as well.

    That's why I think that h4x0rz 5l4n9 is really an NSA plant, no "real" hacker would use terminology like that, so the NSA, after relizeing that it's servers couldn't keep up with all the 5kr1p7 k11d1s convinced them to start using a 'creative' spelling of target, therby saving them thousands of CPU cycles examining skript kiddie conversation!
    "Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
  • Another non-functioning site was uncertainty.microsoft.com The purpose of that site was not known. --- Hmmm, I'm not sure myself. :)
  • Notice the part about the site being hosted on an NT server? (well of course microsoft uses microsoft software). How long have we been sayin it? LOL but seriously, cracking is bad. If these crackers would stop it for a while then the media would give up on that word "hacker" for a while and the people/media would have time to adjust to the word cracker.

    Anyway, however you call them, they're not good. Even attacking microsoft (which, if i were in a normal mood, i would advocate) is against my morals, and that's all i have to say about that, cept *nix on any NT users. lol that's a really bad pun.

  • Don't you think nuclear weapons and nuclear processing plants and equipment are exciting? No? What about lightbulbs? Everybody likes lightbulbs.
  • From the article:

    ---
    Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known.
    ---

    :-)

    I wonder if the author did that on purpose, or if it was a happy coincidence?
  • Cracking is actually good although right now it may seem bad. If it wasn't for petty crackers showing off or just exploring we'd be vulnerable to a much greater range of attacks. Right now while the net is still young is the time to find out about such problems and fix them.

    But really anybody who puts critical or highly private data on a web server should be beat with a stupid stick! Sure someone can backtrack through your SQL server (or whatever you use) but it is highly unlikely if you have it set up right that they could use the same hack to get into that server also. The worst they might do is mess w/ your data which if you audit your SQL calls and have a history of old data backed up you should be able to parse out any data entered after a given time. The only data likely to be lost is data entered during or after the attack and we /hope/ that good admins would recognize an attack quickly. :) If your systems are vulnerable to enough attacks to jump from a web server to the SQL server and so on you really need better software and/or a better admin. :)
  • Several months ago on the Register they had captured a crack where someone had replaced the text: 'Please help us find bugs in Windows 2000' with 'Please help us find bugs in Bill Gates Ass 2000' on their beta page.

    Don't they mean the same thing? I think it was just the webmaster trying to clarify the sentence.
  • Burglary is actually good although right now it may seem bad. If it wasn't for petty thieves showing off or just exploring we'd live in a world where we could leave our doors unlocked. Right now while civilization is still young is the time to find out about such problems and fix them.

    But really anybody who puts critical or highly private data inside their home should be beat with a stupid stick! Sure a skilled safecracker could break into your lockbox (or whatever you use) but it is highly unlikely if you have it hidden under the floorboards in your bathroom. The worst they might do is mess w/ your children which if you have homing beacons surgically implanted in them you should be able to find them in very little time. The only items likely to be lost are those too small to engrave serial numbers and we /hope/ that good pawn dealers would recognize such items quickly. :) If you don't have quarter-inch boiler plate steel covering your windows, a fifteen foot razor-wire fence surrounding your property and so on you really need better security and/or a pack of pit bulls. :)

  • How about a bit more tolerance?

    Chilli

  • > Probably too busy enjoying Baywatch.

    You mean BabeWatch or BoobWatch (although Xena is getting pretty bad in that later department :-)
  • It has been noted that f0bic *must* be a guy... (attrition.) But! who's to say that flipz isn't *ALSO* a guy? I heard gay people do exist... perhaps they can use computers eh? ---right-handed, heterosexual, middle-class, non-ADD, non-dyslexic, white male. I'm a minority.
  • Brak: usually about a body of water, indicating a differing content of salt, i.e. in a rivermouth.

    also brak is the state of mind immediately following a hangover, the feeling your brain has been replaced with feathers.

    all dutch :)
    //rdj
  • Why is it such a big deal to use "he" by default?

    I'm not sure that it is; and in fact I think I do unconsciously. But the fact that we use language unconsciously is the fact that gives it its power.

    So consider the following question: if 'she' was the accepted default, would you be just as happy with that, and would you be prepared to defend it?

    I actually think the best strategy is using 'she' just as much as 'he', although it jars if varied within a single piece of writing.
  • I don't know about what they're using for firewalls, but their whole public network used to be BSDI based. It is only fairly recently they started using their own software.

    Subject: I'm happy again!
    From: nickkral@caa32.alumni.berkeley.edu (Nick Kralevich)
    Date: 1995/08/24
    Message-ID:
    Newsgroups:comp.os.linux.advocacy,comp.os.os2.ad vocacy,comp.unix.advocacy,alt.flame.ms-win dows,comp.os.ms-windows.advocacy

    [Subscribe to comp.os.linux.advocacy] New!
    [More Headers]


    Check this out:
    ----- Begin -----
    diamonds:~> telnet www.windows.microsoft.com
    Trying...
    Connected to www.windows.microsoft.com.
    Escape character is '^]'.


    BSDI BSD/OS 2.0 (wl6.windows.microsoft.com) (ttyp1)

    login:

    ----- End -----

    Or download.windows.microsoft.com.

    Apparently Microsoft put up a much of WWW servers for the Win95 stuff. And guess what those servers are running!

    I guess Microsoft really does suck! Long live Linux and Unix!

    Thanks to wpaul@ctr.columbia.edu (Bill Paul) for pointing this out on
    Take care,
    -- Nick Kralevich
    nickkral@cory.eecs.berkeley.edu

  • NT claims to be secure, as posted on it's Linux "Facts" page. This proves that NT security is CRAPPY, proving them wrong. If NT is as secure as M$ claims, then why do they get hacked anyways? They own the software, know what it's source contains, and yet they are unable to fix loopholes in it.
  • And an army recruiting billboard? And the sign at the entrance of a military base? I kind of see what you're saying, but it doesn't hold up.

    The point is, these are essentially high profile, low-utility systems which have little to do with the inner workings of any organization... anyone who has a clue has recovery plans for fixing a defaced site, and most have watchdogs to check if it's been changed. Notice how most of the defaced sites stay up a matter of hours?

    The point is that the breaches are irrelevant in terms of compromise of security - like I said elsewhere, when someone publishes some proprietary information that's of use to someone on the 'net after cracking someone's systems, I'll be impressed. Until then, it's graffiti, and should be treated as such.
  • Actually I have no special affection for Microsoft. I do happen to use MSNBC for a news source often and I have been reading news there for quite a while, and whether you believe it or not, I find many of their news stories to be less biased than those that I have seen at other news sites such as CNN. Don't try and psychoanalyze me here.

    Maybe rather than affection, it's more of a lack of the blood thirsty hate towards microsoft many slashdotters so easily portray.

    I know Microsoft has created flawed programs, I have a great dislike for Windows, but I still use it alot because it allows me to do everything I want to do on the computer(although it would be nice to be able to do it without having my computer explode in my face every few days). I am also a fan of alternate operating systems which I use occasionally, mostly to play with and see what they can do (BeOS & Linux especially) because competition is what it's all about. And while Microsoft might have used their monopolization to get away with selling faulty software or to help knock off competiters, this still doesn't add up to a big conspiracy. Uncontrolled and unchecked capitalism maybe, but not a conspiracy. We could all plainly see what they were doing. However, from reading MSNBC for a long time, I have read numerous articles there that have taken jabs at Microsoft and problems with their software.

    The thing that annoys me most is the slashdot double standard. I see pointless offtopic flames moderated to 2 even though (because, more likely) they were unfounded attacks on Microsoft or some other thing that isn't pro-Linux. If someone were to have this attitude to something involving Linux, everyone goes off in a blind rage without even seeing both sides of it. I call it unclassy advocacy.

    However, I do not expect anyone here to accept my opinion, I am probably just involved in the big conspiracy against all Linux users and anyone pro-OSS and I just want to spread FUD all over the world to insure your destruction.*sigh*

    -Ashen-
  • NT claims to be secure, as posted on it's Linux "Facts" page. This proves that NT security is CRAPPY, proving them wrong. If NT is as secure as M$ claims, then why do they get hacked anyways? They own the software, know what it's source contains, and yet they are unable to fix loopholes in it. (Yes, I forgot to mention any Linux flaws, I guess I learned from M$)
  • Hi all

    Doesn't Microsoft make money because of the slashdot effect?

    They sell advertising on a per-hit rate, so if they make up whatever news about MS getting cracked or anything Un*x or Linux, millions of Slashdotters flock there to fill their already-full coffers.

  • actually microsoft blamed storms in redmond on their "crack this" server going down. think before you post please.

    matisse:~$ cat .sig
  • NT claims to be secure, as posted on it's Linux "Facts" page. This proves that NT security is CRAPPY, proving them wrong. If NT is as secure as M$ claims, then why do they get hacked anyways? They own the software, know what it's source contains, and yet they are unable to fix loopholes in it. (Yes, I forgot to mention any Linux flaws, I guess I learned from M$ about posting "Facts")
  • What would happen if someone were to hack attrition.org, and deface the defaced pages archive?

    I wish I had a nickel for every time someone said "Information wants to be free".
  • by grumpy_geek ( 97488 ) on Tuesday October 26, 1999 @02:15PM (#1585788)
    Cracking *IS* that bad, and it's a very juvenile mindset to think otherwise.

    At what point in time did it come into your tiny little mind that other people in the world should bear the cost of what you do.

    Wonder how much our corporate lawyers, plus my overtime, plus the cost of reinstalling the OS on all the boxes, plus the cost of having to delay product releases because we had to divert 12 people to sifting through all the data by hand to verify it's integrity.... boy you know corporate lawyers, Senior SA's, management sure do work pretty cheap these days... ANY defacement and you are into THOUSANDS of dollars in lost time, slipped projects, overtime, customer loyalty, oh.. but that's harmless... *THWACK*


    Back in my days I may have gotten freaky on a BBS but I understood that *I* was doing something wrong, and was ready to step up if the ax man ever came, and not make lame ass excuses (lucky for my stupid ass he didn't, damn stupid looking back). But you... you seem to think that it's your god given right to thrash other people's property, things they might have put their heart and soul into and want to walk away claiming it's only something harmless, if you're going to do something stupid at least have enough BALLS to take responsibility.

    Stupid ass AC, coward fits you well!
  • Dell does millions of dollars of business in half an hour on the web?

    I know you thought you were being cute by taking the previous poster literally, but you might want to take a look at Dell's financials.

    If you did, you'd know that in the last month of the quarter (July), Dell's internet sales reached $30 million per day. With an average of over a million dollars per hour, it should come as no surprise that they'd be pulling in "millions" for some 30-minute periods during normal U.S. business hours.

    And that's just pure sales, that's not even counting the costs of any future business lost by frustrated buyers who might switch or develop loyalties to IBM or Compaq.

    Cheers,
    ZicoKnows@hotmail.com

  • But Apache does exist, and has for quite a while, on NT. So running Apache on NT isn't unheard of, and likely is smarter than IIS...

    I doubt there are more bugs found in Linux, but when a bug is found it isn't broacast on news.com or slashdot like every bug in any MS product.

    I sure hope not! I mean, what, the entire bit that composes what Linux is, cannot even boot a system, can not function with code contributed from GNU to make Linux usable, and what composes Linux is about 1/2 the size of my first hard drive (think MFM). If Linux has half as many bugs as, say, MS Office.. a massive 100s of megabyte program, my god. Imagine the carnage! :-)
  • umm.. according to flipz he isn't gay. He kind of said that in one of his cracks [attrition.org]. I'd be more inclined to believe him than a bunch of people trying to figure out whether fObic is male or female, and same with flipz. I honestly don't care. I agree with flipz, its pretty lame cracking minor sites, and I'll go further with that the big ones are only impressive by how weak they are. Definately crackers like flipz (who doesn't look like some script kiddy) should be doing the cracking legally.

    Hell, I don't care whether MS had no important data where he cracked, but that so many of the government agencies he cracked might have. The DOE only forced the ational labs to put in firewalls after congress go on their backs, and LLNL *finally* did that. Those people running it are lazy, incompitent people who lie to cover theimselves and regular steal equipment. The stories I've heard that go on in LLNL.. it just isn't sane.

  • True, but that's a little, um, less subtle.

    BOOM "What was that?" "Oh, nothing really, just GE blowing up MS"

    Where as MS hitting GE would be rather quiet.

  • Not only that, but unless GE has either avoided or abandoned NT, MS could probably bring GE (or any other company, for that matter) to its knees via a couple of well placed back doors. What can GE do? Make radioactive light bulbs?
  • by ai0524 ( 1952 ) <ai@@@wheretocycle...com> on Tuesday October 26, 1999 @11:34AM (#1585816) Homepage
    The defaced page is her e [attrition.org]. It is a little boring.
  • by pluteus_larva ( 13980 ) on Tuesday October 26, 1999 @11:35AM (#1585820) Homepage
    Has anyone else noticed that whenever there's bad new about Microsoft, MSNBC always seems to be the first to report it? Do you suppose that at the first sign of something that might result in bad press, Microsoft immediately gets MSNBC the story, thinking that at the very least, it can use the situations to bolster the network's credibility?
  • by Trepidity ( 597 ) <`delirium-slashdot' `at' `hackish.org'> on Tuesday October 26, 1999 @11:35AM (#1585822)
    Hmm. The never-ending hack/crack debate. One the one hand, using "cracked" is obviously inappropriate, since the term already had a meaning in computer security prior to its application in 1984 to people who break into computers. It has, for as long as anybody remembers, described people who break the copy protection of software. This usage far predates the usage cited in the Jargon File (which itself admits to the 1984 date).

    On the other hand, the term "hacked" is obviously inappropriate in this case. This system intrusion was merely the work of a script kiddie, it appears, and hence is not any sort of hacking.

    We need a verb that means "broken into by a script kiddie," so as to differentiate from "broken into by an intelligent security expert" (which I'll continue to call "hacked") and from "breaking the copy protection of" (which I'll continue to call "cracked."

    I personally prefer to use the term "hax0red," which, helpfully, is what they often call it themselves, so it should not be hard to have this term adopted. This differentiates from mature, intelligent people, who use "hacked," to describe their work (whatever that work may be, be it kernel hacking or NT hacking) and the script kiddies who use 3l33t sp33k to describe their work. It also allows "hax0r d00d" to be used as a convenient synonym for "script kiddie."
  • by negative_karma ( 106940 ) on Tuesday October 26, 1999 @02:43PM (#1585830)
    William Henry Gates III, owner of the most successful software publishing business ever, and some say arguably the richest man on earth, startled office workers and the world today when he was found to have been cracked right in his office.

    One worker, willing only to speak under conditions of anonymity, described the scene as follows, "He was wearing these terrible blue polyester trousers, bending over his PC fiddling with these wires, when it happened."

    Others described it bright like a Halloween moon, with the crack almost down to his O-Ring.

    Disturbing co-workers and his wife, Melinda Gates, alike, she is said to have promised to throw out his whole wardrobe today and replaced it with straight cotton. When asked, she had no comment.

    Dr. Timmothy Farnsworth, a PhD. in both physics and a proctolgist with over fifteen years researching polyester effects on backsides, had this to say on the matter, "It's a well known fact that polyester drops down past the ass when a subject bends over. At first scientists assumed it was related to a genetic hip deficit trait carried by plumbers, electricians, and other blue collar workers, but now we know that it is in fact caused by the polyester material itself. Though we still don't know why. Current theory holds that polyester carries a special static electrical quotient, which along with a strong anti-anus gravitational repulsion effect, causes trousers to drop no matter who bends over."

    Regardless, no official at the Redmond campus is commenting, but we're sure Mr. Gates is as red as his O-Ring after this embarrassing affair.
  • Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC

    Somebody put that in a sig block quick! :)

    --

  • It is hard for me to believe that an NT based web server has been cracked for the first time. Literally millions of times such servers have been brought down with boink and other exploits ("Winnuke" like programs), and now this is supposed to be the first time that someone actually changed a file on some NT server?
    It's the first time it has been *reported*, as the article says, but that makes NT sound like a Fort Knox of operating systems...
  • by aclute ( 94263 ) on Tuesday October 26, 1999 @11:47AM (#1585861)
    No, read the article again. The article said that it was the first time a *Microsoft* website had been cracked, as in, a site on *.microsoft.com -andrew
  • Web site containing sensitive information defaced
    (most sites do contain sensitive information,
    cc numbers, product orders, payroll blah blah..).
    Are you just going to accep the crackers word
    that nothing was altered???


    What kind of bloody fucking moron keeps CC#s, etc.. on the same machine as their website?!?!?!
    I work for a major US Check Printing company, we have more CC#s and account information than any non-bank entity in the country. NONE of it has any remote link to anything connected to the net. It's ALL kept on seperate internal databases. You could hack EVERY machine that is connected to the net here and you'd come away with the financial status of the company and the stats on the latest in house programming project. All of which are backed up at least weekly.
    In conclusion, you have to be a fucking MORON to keep sensitive info on a webserver....

    Kintanon
  • Not just grumpy, damn crotchety too.

    Umm.. you are telling me that if you had a root compromise that you wouldn't reinstall the OS, I feel pretty damn sorry for the company you work for. Suits are the ones normally against reinstalling, it takes them down i.e. no money flowing, but it's your ass if someone backdoored a binary. Actually I've got 73 pages of procedures to do in case of a compromise, which includes finding entry, verifying duration of entry, contact lists, I could go on and on. I guessed anybody with half a brain could figure out that I plugged the hole first without actually having to vomit up 73 pages.

    Sifting... we've got over 200 (actually 212) different people entering data in by hand daily, I guess when we restore the data you would want to throw out all of their work and forget about it. 12 is pretty low understatement, really low if one speculates about a workstation compromised that acts like it's been doing normal work but is sending bad data, and when the user logs out mucks with the website.

    Corporate lawyers are there to asses liability, be the liason between any law enforcement, and determine how much of our own ass we need to cover. How big of a lawsuit do you think would ensue, if your medical records got changed, or your credit card information got exchanged; they may not have done a damn thing but WE CAN'T TAKE THAT CHANCE.

    I don't believe I ever mentioned how long it takes to reload a backup or how much we have, but I'd like you to guess how long it takes to restore 9 TERABYTES of data. I guess you can't really think any larger, than your 10gig drive worth of porn.

    I personally feel very sorry for your company, you seem to think that a website cracker would never do anything bad to a computer. Changing the web page is the same as any other compromise, maybe that's all they did, or maybe they did something more destructive only to rear it's head a week, a month, a year from now; I'm not willing to take that chance, but I'm glad to know your employer is.

    You seem to think I'm throwing numbers way out of proportion. Hmm.. well the only numbers I mention are 12 and thousands. Anybody want to actually argue these numbers??? Anybody have actually something intelligent to say on these numbers??? All you can seem to say is those numbers are wrong and that's it, no facts, no figures, no nothing. I'm giving you all the facts and figures and you are spitting out FUD. 12 people verifying 200 peoples work is more than reasonable, in fact if we take them completely out of the picture and we are still at thousands, it only takes 1 hour of lost time to cover this: 200 people at $10/hour (actually more like $14) and you are at thousands (time of reinstalling the OS on a box more than covers this). Got any braincells left after looking in your thesaurus for the big words, to argue these numbers. Do you actually have any facts left up in that head... hello?

    Point me to the paragraph where I, or the poster I replied to, said anything about stealing source code, or was that a figment of your imagination. They are differenet and I never disputed that, but YOU CAN'T SAY A WEBSITE COMPROMISE IS HARMLESS.

    It takes more than big words to actually have something intelligent to say. I probably am the worst speller and have awful gramar, but if I were to try to hide behind some big words because I didn't have anything else to say... *giggle* well all I can say is, nonsequiturs is two words not one (non sequiturs). How about this for some big words... ever masticated with thesbians?
  • by Wohali ( 57372 ) on Tuesday October 26, 1999 @11:49AM (#1585866) Homepage
    Gotta love MSNBC's attention to detail:

    The hacker, who also altered a handful of government Web sites in recent days, says he expects to be arrested soon.

    Yet it seems obvious to me from flipz's first crack on attrition.org [attrition.org] that flipz is a woman.

    Just another example of gender bias in the media. out

  • I've been consistantly impressed with MSNBC's objectivity when it comes to Microsoft. They were among the first mainstream News outlets to tout the joys of Linux, they've had objective articles about the Anti-Trust case, and now this.

    This is very important in journalism, and I'm quite impressed that MS has not subverted the objectivity of the site. OTOH, who knows what's gone on behind the scenes to maintain that....
  • You neglect to mention the complementary Terror of all the Worried Linux Bashers.

    And by your own reasoning, the popularity of Windows means that the pro-Windows crowd should outnumber the pro-Linux crowd by by 2-3 orders of magnitude.

    Thus if a similar proportion of adherents feel inclined to "attack the enemy" -- and you've given us no reason to suppose that the proportion would be higher in one camp than in the other -- then we must suppose that the number of attacks against Linux sites is 2-3 orders of magnitude greater than the number of attacks against Windows sites.

    Further, due to the discrepancy in the number of sites available for attack, we must conclude that the average Linux system undergoes a number of attacks 4-6 orders of magnitude greater than the number against the average Windows system.

    You are, of course, welcome to argue that the percentage of MS-hating Linuxers is greater than the percentage of Linux-fearing Windowsers, or that there is some relevant differential in their base cracking skills, or -- for that matter -- a differential in the base difficulty of cracking their respective targets. But if you do argue thus, please support your claims with evidence.

    It isn't sufficient to point out the existence of rabid anti-MS types in the pro-Linux camps. It's easy enough to find their complements in the pro-MS camp. And, for that matter, it is not obvious that a rabidly anti-x individual will with high probability try to crack someone's x system. (For example, I'm pretty strongly anti-MS, but I've never tried to crack anyone's Windows system, nor tried to incite anyone else to do so.)

    --
    It's October 6th. Where's W2K? Over the horizon again, eh?
  • The sites weren't all that high security. Oooh, the "US Army Dental Care System" computer was compromized, while it is in the .mil hierarchy, I doubt that much effort went into securing it.

    I'd say flipz is probably a very busy script kiddie. The cracked sites certainly don't show much imagination.

    ----
  • Back in 96 (+- one year) a guy at one of our brance offices was arrested. Turned out he had been using work computers, and the work internet connection for his child pron ring.

    The offical comment was of course "We are and will work with athorities in anyway we can." I'm pretty sure all his backups were exampled and the non-work related ones turned over to police.

    The unoffical word was in 6 months all anyone would know is if they here our name that they had heard of us before. So this wasn't bad long term, just undeseriable short term.

  • by Enoch Root ( 57473 ) on Tuesday October 26, 1999 @11:56AM (#1585891)
    Sorry, guys. I know it's Microsoft, and it's always fun to gloat about the Man getting cracked. but website defacing has long since stopped impressing me. It's just a bunch of opportunistic kids who do it because they can even though they fail to understand what they're doing. This sort of exposure merely inflates their undeserving ego.

    I mean, Slashdot was cracked [attrition.org] before. So that hardly proves anything.
    "Knowledge = Power = Energy = Mass"

  • by rde ( 17364 ) on Tuesday October 26, 1999 @11:57AM (#1585897)
    I suggest 'fucked'. For two reasons.
    1. It's probably the only chance for most of these kiddies to fuck anything.
    2. There's something about the headline "Microsoft Well and Truly Fucked" that appeals.
    3. Three. Three reasons. When was the last time you got to rant at someone saying "they're fuckers, not crackers!"?
  • Well, you're misunderstanding the two groups. Web page hax0rs in general do not know any assembly, and are unlikely to have more than a passing knowledge of C. Usually they use already written exploits to break into servers.

    Crackers, on the other hand, do know assembly, and circumvent copy protection. They are quite a bit more skilled than your average script kiddie. In fact, I'd consider them a subset of hackers, as many of them are true reverse engineers, often doing more than mere copy protection removal to add nifty features for programs or cheats for games.
  • You're making an artificial distinction here. Many people who circumvent computer security enjoy spending a lot of time programming. I'd consider the Cult of the Dead Cow [cultdeadcow.com] a hacker group, and they certainly do their share of programming. I find no problem with categorizing Alan Cox, the Cult of the Dead Cow, Richard Stallman, and L0pht Heavy Industries as hackers. They all are.
  • So, has MS set up a bot to respond to any MS-related article with "Slashdot sure sucks nowadays" or some variation thereof? I've seen it a lot lately, but this one seems totally egregious.
  • by Anonymous Coward
    At least get them to school. They're spelling absolutely sucks. What Moron's, I would be embarrassed to post anything with like flipz did: "Attack every fucking gov mil you can fucking do. Just ATTACK. Fuck this people that says this is lame." Man learn how to spell. Did your Mom drop you as a child? She must have, for you to be have such a Destructive behavior.
  • If their "back door" is "active", that would explain a lot. Wouldn't it? ;-)
    --
  • by Booker ( 6173 ) on Tuesday October 26, 1999 @12:07PM (#1585918) Homepage
    Perhaps they should give PCWeek a call, to beef up their Windows security. :)

    Seriously, though, too bad he didn't go after the PCWeek hack-contest box. The damn thing's still up!
  • ?This is the first time that we've been publicly notified (about a hacking claim against Microsoft).? - B.K. DELONG

    Amusing how those question marks pop up in the most interesting places ;-)

  • by Anonymous Coward on Tuesday October 26, 1999 @12:13PM (#1585926)

    Can you remember how powerfully the feelings moved in you, and the screaming intensity of your motivation to do something? The fires of youth were the heart of the engine which drove wars, conquests, and the building of empires throughout history. Today, where can these driving powers find their release? Where else is a young man or woman gripped by the claws of ambition going to express their power?

    Today's laws put a lid on the primal driving force of the species, and the government enforces those laws with overwhelming violence. Like any people faced by a too-powerful foe, the children move into other lands -- or, speaking less metaphorically, into arenas where the the law cannot be effectively enforced, and work their passions there. The computer networks of the world are such an arena. Those who do not understand why these kids do the things they do call the kids "stupid", but the lack of comprehension is truly due to a lack of common ground between the observer and the observed; to those who have not lost touch with the primordial fire of creation, the act is perfectly understandable, even if the form of the act seems strange.

  • Also, by allowing MSNBC to scoop the other networks, MS can control the spin that goes onto an original story -- while diminishing the appeal of the story to other networks as "old news". In addition to helping MSNBC, it also can help MS itself. ;)
  • Granted this has very little to do with hacking...

    but I guess IIS isn't upto handling user homepages....

    http://homepages.msn.com/asdf.html [msn.com]

    Now is it runnin' on NT or Linux.... hmmm

    -Ecc
  • They're all NT boxen. I'm no expert or nuthin, but I betcha there might be some common NT security flaw he(?)'s exploiting.

    Yes, but does anyone know what that flaw is? Probably not, eh? Ah, the power of Closed Source.

    PC Week is wrong. Closed Source doesn't hide holes from the bad, but from the good. Now there is a hacker who isn't going to tell what the hole is, because they don't have to. And yet NT is secure right?

    Open Source is the only security. It's that simple.

    -Brent
    --
  • This is from attrition.org [attrition.org]'s defacement mirror [attrition.org]. I only listed the top 3 exploited OS's to save space:

    -----
    Note: Mass hacks involve defacing several domains, even though they are hosted by the same machine. This tends to obscure the actual counts of hacked systems. Take these numbers in stride..

    08/1999

    Win-NT - 106 - 35.93%
    Solaris - 77 - 26.10%
    Linux - 68 - 23.05%

    09/1999

    Win-NT - 82 - 32.54%
    Linux - 72 - 28.57%
    Solaris - 62 - 24.60%

    -----

    Interesting stuff for those looking for a secure webserver OS I guess. *shrug*
  • Check out this altered page [attrition.org] (used to be tuxedo.jpl.nasa.gov) - nice picture of Tux. Either it's a pun on the hostname (which would be much more creative than the 10 [cr|h]acks before it) or s/he's a Linux fan. Or both. :)
  • I'm not criticising Slashdot for posting this, but the media in general for their obsession with these petty defacements.

    At what point did the LA Times stop reporting every incidence of graffiti which had felled the barbed wire security of another billboard? Really.

    These silly kids are being portrayed as part of "hacker" groups that no one but the members themselves has ever heard of, and aren't really calling any further attention to the lack of security on most corporate networks - just to the destructive tendancies of kids with too much time on their hands, who somehow become representative of *all* computer kids. That's productive.

    I'm tired of it, it's boring, and if we ignored it, it would almost undoubtedly go away - after all, the thrill is in seeing your name in lights, isn't it?
  • by Anonymous Coward
    In a past life, I was an operator at the MS Online services datacenters, and no, other than a couple of DOS attacks, none of the web sites was ever hacked.

    Nor have they have been yet - the 131.107 address range is a lab that is in a seperate physical location than the MSN/MS.com/MSNBC servers reside in, and are not under the same administration. These servers were likely set up by an individual or small group not familiar with the standard build specs used in production. It's not suprising they were vulnerable.

  • by jd ( 1658 ) <imipak@yaHORSEhoo.com minus herbivore> on Tuesday October 26, 1999 @12:25PM (#1585960) Homepage Journal
    One of three possibilities:

    • The "crack" was a hoax, arranged by Microsoft to garner public sympathy ahead of the trial decision and/or get people in the mindset of upgading, shortly prior to the release of Windows 2000.

      Possible, but seems very convoluted. Even for Redmond.

    • The cracker ventured into unexplored territory and the Microsoft admins had grown complacent.

      =VERY= unlikely. Microsoft are listed as a highly prominent target, and (despite what the article may say) crackers aren't renown for being cowed by the threat of retribution.

    • Microsoft web servers are cracked on a regular basis, but few (if any) of the crackers bothered to report it, and Microsoft certainly wouldn't, if they had the opportunity.

      This feels more likely. Windows NT is not the paradigm of security. Besides, what is "Microsoft" seems to change with every report. Microsoft's Hotmail has been cracked, as has (I think) MSN. I'm sorry, but it's not exactly the first time Microsoft has had a server cracked.

  • by benzol ( 46240 ) on Tuesday October 26, 1999 @12:34PM (#1585967)
    I think that this is a perfect example of system administrators not taking the time to install each of the patches that make NT server the most secure platform known to man.
  • by IntlHarvester ( 11985 ) on Tuesday October 26, 1999 @12:38PM (#1585970) Journal

    Did you ever notice how MSNBC never reports anything about General Electric, who owns the other 50% of the network?

    What's the real conspiracy, overzelous reporting of one of the largest software corporations, or absent reporting of a much bigger and more powerful corporation than Microsoft?
  • Ok, but you have to take into account how many machines are running which OS. Macs rarely get cracked, but then there aren't many of them out there running webservers.

    I tried to include some tables in here but I can't remember how to switch to a fixed-width font, so we'll skip it. :)

    But if you try to normalize the "hacked" percentage based on the distribution of the OS in the webserver population (http://leb.net/hzo/ioscount/data/r.9904.www.txt), it's a bit more interesting. Assuming sites are hacked at random, (which is probably a very bad assumption) NT is hacked a bit more than Linux, Solaris even more than NT, and FreeBSD is in fact pretty low. If I did my math right. :)
  • Remember back in the early 90's when stalkers were the rage in hollywood? If only there was an internet in 1992 this guy would've gotten busted not for cracking but for posting a love letter.
  • Probably too busy enjoying Baywatch.
  • The Police will never catch him then, will they?
  • Maybe the threat was for Bill The Cat. But if they kill Bill, someone will just clone him from his tongue. Again.

    ACK!

  • by Electric Eye ( 5518 ) on Tuesday October 26, 1999 @01:24PM (#1585997)
    Heh. The ultimate hack will be if someone can gain access to all of the NT servers supposedly controlling BG's big mansion in Seattle.
    I can see it now..... "HONEY! THE GARAGE ATE THE BABY!" "WILLIAM!!! I TOLD YOU TO STOP LEAVING YOUR FAVORITE NERD NYMPHOS WEB SITES ON THE 100 INCH SCREEN!!!!" "Dear, I swear....it wasn't me!"

    Ah....dreams......

Nothing ever becomes real until it is experienced. - John Keats

Working...