Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment I think Microsoft deserves a little credit. (Score 1) 388

I think it is a good thing that Microsoft invited hackers to try to attack the system before it is released. A lot of people are saying how the black-hats will get a head start and not tell anybody the bugs they find. However, these guys would have found the bugs in the future anyways, and would exploit them. If one hole is found and patched, the system is safer already. These type of exercises are conducted in cryptography too. Ex: RSA offered a reward for anybody who can decrypt some of their keys, their 200 decimial digit key was factored using parallel computers, but it was found that it would take 55 years on a normal computer to crack the key. It gave them a good idea about what size keys they need to protect information for long enough (i.e. long enough so your credit card expires before someone can decrypt your transaction and buy stuff with your card, etc). Here is an interesting article I read in a class about other systems failing: http://web.mit.edu/6.033/www/papers/wcf.pdf. Banks and ATM machine makers just tested their machines internally before putting the ATMs to use. What happened? People found ways to withdraw money from ATM machines from other accounts, people figured out how to crack pins, how to clone other ATM cards and accounts,... tons of hacks. And this was fairly recent, in the 1990s. Having one internal group to test the security is not enough. Inviting the whole world to test the security before release is much better. What would be best is if Microsoft offered some source code too (much like Linux), so the hackers can have complete information. That way most of the problems can be found and fixed beforehand. But that would never happen since they are corporation and their primary goal is to make money. But inviting attackers is a step in the right direction. What is unfortunate is the deadlines. The shareholders want it released so they can make some more money. The media is trying to make it sound like Microsoft programmers are incompetent. Security is a "negative" goal. It is easy to prove that a system can be broken, you just come up with one hack, one example. However, how do you prove that a system cannot be broken? You have to try every single possible attack. Prolem is you don't know what the attacks are. It takes time to make sure security is at an acceptable level before it is released.

Slashdot Top Deals

And it should be the law: If you use the word `paradigm' without knowing what the dictionary says it means, you go to jail. No exceptions. -- David Jones

Working...