Microsoft takes a different route for Vista release.

Printable View

August 3rd, 2006, 11:23 PM
Galdron

Microsoft takes a different route for Vista release.

Anyone here a part of this?

http://news.yahoo.com/s/ap/20060803/...cker_challenge
August 5th, 2006, 01:35 PM
brokencrow

Any Black Hats here hacking Vista?

...just curious if anyone's taken up MS's offer and your impressions of the new OS's security.
August 5th, 2006, 01:42 PM
the tree
1. I'm pretty sure if it's response to an offer, it's not Black Hatted
2. In order to do so could mean buying the damn thing, and possibly a computer to run it.
August 5th, 2006, 01:50 PM
brokencrow

According to reports, they distributed 3000 copies at the Las Vegas Black Hat conference. Another thing I was wondering about was how does one respond to an offer from the world's largest software company to work for free?

edit -- Or am I mistaken and MS is compensating the 'black hats' who took up their Las Vegas offer?
August 5th, 2006, 02:05 PM
fourdc

About a year ago or so the Japanese telephone company did a similar thing with a new software system. They actually offered a "bounty" for anyone who could crack it. They were actually paying good money, more than the cracker would make on his/her own exploiting the hole.

Of course the crackers would have to identify themselves and the details of the exploit.

If it works, why not?
August 5th, 2006, 02:13 PM
brokencrow

Quote:

If it works, why not?

I'm not doubting the wisdom of MS's approach. Sooner or later, the code gets thrown to the wolves anyway.

There's a number of details I'm curious about, one of which you touch upon:

Quote:

Of course the crackers would have to identify themselves and the details of the exploit.

I can't imagine MS releasing ANYTHING without some kind of agreement, licensing and/or otherwise.

He-heh, I've always thought their best "programmers" were in their legal dep't. I'm wondering what the wonderboys in legal worked out on this one.

;)
August 5th, 2006, 02:19 PM
nihil

Hmmmm, well, you had to attend Black Hat, or have a friend who did?

http://news.zdnet.com/2100-1009_22-6102458.html

MS handed out a beta version for people to test.

So far there seem to have been 3 major "discoveries"?

1. Unsigned drivers...................not really a surprise, how many unsigned drivers are you running on your XP boxes?

The normal pecking order would be Manufacturer, Microsoft, Third Party. The last is the most risky, but may have to be resorted to for older devices. I guess home/SOHO users are most at risk.

2. User clicking "OK" without understanding the question.................... nothing new there either? Once again, this is likely to be a home/SOHO problem?

3. Exotic, hardware dependent VM ware vulnerability. Interesting, but not likely to be significant until sufficient of the appropriate hardware is deployed IMHO. A lot of security sites are reporting a trend for malware authors to be motivated by profit rather than "the glory". This would suggest that uncommon platforms will at least be ignored to begin with?

Just a few thoughts............as Black Hat has only just finished I think we will see more over the next few weeks.
August 6th, 2006, 10:07 PM
HTRegz

Since I forgot to mention it... I merged these if anyone was wondering... since they're directly related.