Microsoft takes a different route for Vista release.
Results 1 to 8 of 8

Thread: Microsoft takes a different route for Vista release.

  1. #1
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    718

    Microsoft takes a different route for Vista release.

    Get some good religion from Bad Religion.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243

    Any Black Hats here hacking Vista?

    ...just curious if anyone's taken up MS's offer and your impressions of the new OS's security.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    1. I'm pretty sure if it's response to an offer, it's not Black Hatted
    2. In order to do so could mean buying the damn thing, and possibly a computer to run it.
    \"Some say they go looking for Drugs, Dirty Dancing and Pounding, Pounding Techno Music.\"
    *ahem* contact me

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    According to reports, they distributed 3000 copies at the Las Vegas Black Hat conference. Another thing I was wondering about was how does one respond to an offer from the world's largest software company to work for free?

    edit -- Or am I mistaken and MS is compensating the 'black hats' who took up their Las Vegas offer?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    About a year ago or so the Japanese telephone company did a similar thing with a new software system. They actually offered a "bounty" for anyone who could crack it. They were actually paying good money, more than the cracker would make on his/her own exploiting the hole.

    Of course the crackers would have to identify themselves and the details of the exploit.

    If it works, why not?
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    If it works, why not?
    I'm not doubting the wisdom of MS's approach. Sooner or later, the code gets thrown to the wolves anyway.

    There's a number of details I'm curious about, one of which you touch upon:

    Of course the crackers would have to identify themselves and the details of the exploit.
    I can't imagine MS releasing ANYTHING without some kind of agreement, licensing and/or otherwise.

    He-heh, I've always thought their best "programmers" were in their legal dep't. I'm wondering what the wonderboys in legal worked out on this one.

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm, well, you had to attend Black Hat, or have a friend who did?

    http://news.zdnet.com/2100-1009_22-6102458.html

    MS handed out a beta version for people to test.

    So far there seem to have been 3 major "discoveries"?

    1. Unsigned drivers...................not really a surprise, how many unsigned drivers are you running on your XP boxes?

    The normal pecking order would be Manufacturer, Microsoft, Third Party. The last is the most risky, but may have to be resorted to for older devices. I guess home/SOHO users are most at risk.

    2. User clicking "OK" without understanding the question.................... nothing new there either? Once again, this is likely to be a home/SOHO problem?

    3. Exotic, hardware dependent VM ware vulnerability. Interesting, but not likely to be significant until sufficient of the appropriate hardware is deployed IMHO. A lot of security sites are reporting a trend for malware authors to be motivated by profit rather than "the glory". This would suggest that uncommon platforms will at least be ignored to begin with?

    Just a few thoughts............as Black Hat has only just finished I think we will see more over the next few weeks.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Since I forgot to mention it... I merged these if anyone was wondering... since they're directly related.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •