From owner-freebsd-questions Wed Aug 11 10:34:18 1999 Delivered-To: freebsd-questions@freebsd.org Received: from desperate.ci.tucson.az.us (desperate.ci.tucson.az.us [166.89.241.28]) by hub.freebsd.org (Postfix) with ESMTP id E670315713 for ; Wed, 11 Aug 1999 10:34:08 -0700 (PDT) (envelope-from jhorn1@desperate.ci.tucson.az.us) Received: from desperate (desperate [166.89.241.28]) by desperate.ci.tucson.az.us (8.9.1b+Sun/8.9.1) with ESMTP id KAA21935; Wed, 11 Aug 1999 10:32:54 -0700 (MST) Date: Wed, 11 Aug 1999 10:32:54 -0700 (MST) From: John Horn To: Roy Bettle Cc: misc@openbsd.org, "Questions List FreeBSD.org" Subject: Re: Microsoft ask users to crack win2000 site (fwd) In-Reply-To: <37B05E26.DA485EF5@criterion-group.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 10 Aug 1999, Roy Bettle wrote: > Two issues to bear in mind: >=20 > 1) M$ is having a hard enough time just getting the Win2K computer to sta= y > running. The first time they turned it on and placed it "in the line of = fire" > for this challenge, it crashed within 4 hours and was subsequently down f= or > over 24 hours. >=20 > Summary: Do any of us in the *BSD community want to be associated with > something so ridiculously unstable? >=20 > 2) This is obviously an attempt by M$ to have those of us in the Open Sou= rce > community help them learn how to write a decent OS. >=20 > Summary: After all the crap we've had to put up with from M$ - from the = media > to the products we may have had to support in our "day jobs" - do we real= ly > want to help these $%!^*()& at all? Hmmm, put that way... NO!=20 >=20 > Just my $0.02. >=20 > RAB >=20 >=20 > John Horn wrote: >=20 > > This came through on BUGTRAQ last week. A new posting on BUGTRAQ indica= tes > > that LinuxPPC has issued a similar challenge with similar or identical > > rules. I'm wondering if there may be some fame or notoriety to be gaine= d > > for OBSD by joining in this challenge. It probably won't be difficult, > > or long, before someone breaks in to the NT2K challenge site so there m= ay > > not be much time. > > > > Just an idea. > > > > Regards: > > > > John Horn > > City of Tucson, IT Dept. > > jhorn1@desperate.ci.tucson.az.us > > > > ---------- Forwarded message ---------- > > Date: Tue, 3 Aug 1999 19:05:33 +0200 > > From: Peter Lowe > > To: BUGTRAQ@SECURITYFOCUS.COM > > Subject: Microsoft ask users to crack win2000 site > > > > [ executive summary: Microsoft are asking you to crack their > > machine running on win2k and iis. ] > > > > I haven't seen anything about this on bugtraq before, and I'm not > > entirely sure if it's appropriate, but this is from > > http://www.windows2000test.com/ground_rules.htm: > > > > Microsoft Internet Explorer > > Microsoft Windows 2000 Server with Internet Information Server. > > > > Ground Rules > > > > 1. Make it Interesting > > > > Good safe computing practices on the Internet involve placing > > critical systems behind firewall-type devices. For this > > testing, we are intentionally not putting these machines behind > > a firewall. This mean that you could slow these machines down > > by tossing millions of random packets at them if you have > > enough bandwidth on your end. If that happens, we will simply > > start filtering traffic. Instead, find the interesting "magic > > bullet" that will bring the machine down. > > > > 2. Compromise an account > > > > Windows 2000 computers can have multiple user accounts and > > groups. See if you can find a way to logon with one of these > > accounts. > > > > 3. Change something you shouldn't have access to > > > > See if you can change any files or content on the server. If > > you manage, no foul or rude statements please. > > > > 4. Get something you shouldn't have > > > > There are hidden messages sprinkled around the computer. See if > > you can find them. > > > > 5. Our goal is to configure the system to thwart your attempts > > > > The goal is to see how a properly secured machine will stand up > > to attack. These machines are configured to prevent known > > attacks. > > > > 6. This is a test site > > > > You are welcome to attempt to compromise this site, and this > > site only. This is your chance to do a practical test of > > Microsoft Windows 2000's security. > > > > 7. Tell us about your exploits > > > > If you find something, send us some email at > > w2000its@microsoft.com. > > =A9 1999 Microsoft Corporation. All rights reserved. Terms of > > Use. > > > > -- > > Peter Lowe -- System Administrator, Telenor Internet > > http://www.ti.cz/ -- pgl@ti.cz > > > > Everything I know in life I learnt from .sigs. >=20 Regards: John Horn City of Tucson, IT Dept. jhorn1@desperate.ci.tucson.az.us To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message