Date: Tue, 10 Aug 1999 20:45:27 -0700 (PDT) From: William Law <willaw79@yahoo.com> To: Berndt WULF <Bwulf@quiktrak.com.au>, rbettle@criterion-group.com, jhorn1@desperate.ci.tucson.az.us Cc: freebsd-questions@FreeBSD.ORG, misc@openbsd.org Subject: Re: Microsoft ask users to crack win2000 site (fwd) Message-ID: <19990811034527.16992.rocketmail@send205.yahoomail.com>
next in thread | raw e-mail | index | archive | help
Hi, I believe we should take this positively. Since MS wants to test whether their server is secure, we should lend our hand to help them. That's the spirit of the Open Source community. Instead of being anti-MS, we should try to do what they want, and that is "hack their system". This may as well be a good chance to show Microsoft that their server is not as secure as the BSD or other UNIX operating system. Who knows this may bring a good image to the Open Source community. Professionals should be helping others and not giving critics. If people do not help each other, do you think BSD will be as it is today? Just my 2 cents. Regards, William Law --- Berndt WULF <Bwulf@quiktrak.com.au> wrote: > Worse still, do we want to debug their operating > sytem for them free of charge? > After all, this is a task for MS' software test > engineers - right? > > cheerio Berndt > > >>> Roy Bettle <rbettle@criterion-group.com> > 11/08/99 2:45:18 >>> > Two issues to bear in mind: > > 1) M$ is having a hard enough time just getting the > Win2K computer to stay > running. The first time they turned it on and > placed it "in the line of fire" > for this challenge, it crashed within 4 hours and > was subsequently down for > over 24 hours. > > Summary: Do any of us in the *BSD community want to > be associated with > something so ridiculously unstable? > > 2) This is obviously an attempt by M$ to have those > of us in the Open Source > community help them learn how to write a decent OS. > > Summary: After all the crap we've had to put up > with from M$ - from the media > to the products we may have had to support in our > "day jobs" - do we really > want to help these $%!^*()& at all? > > Just my $0.02. > > RAB > > > John Horn wrote: > > > This came through on BUGTRAQ last week. A new > posting on BUGTRAQ indicates > > that LinuxPPC has issued a similar challenge with > similar or identical > > rules. I'm wondering if there may be some fame or > notoriety to be gained > > for OBSD by joining in this challenge. It probably > won't be difficult, > > or long, before someone breaks in to the NT2K > challenge site so there may > > not be much time. > > > > Just an idea. > > > > Regards: > > > > John Horn > > City of Tucson, IT Dept. > > jhorn1@desperate.ci.tucson.az.us > > > > ---------- Forwarded message ---------- > > Date: Tue, 3 Aug 1999 19:05:33 +0200 > > From: Peter Lowe <pgl@ti.cz> > > To: BUGTRAQ@SECURITYFOCUS.COM > > Subject: Microsoft ask users to crack win2000 site > > > > [ executive summary: Microsoft are asking you to > crack their > > machine running on win2k and iis. ] > > > > I haven't seen anything about this on bugtraq > before, and I'm not > > entirely sure if it's appropriate, but this is > from > > http://www.windows2000test.com/ground_rules.htm: > > > > Microsoft Internet Explorer > > Microsoft Windows 2000 Server with Internet > Information Server. > > > > Ground Rules > > > > 1. Make it Interesting > > > > Good safe computing practices on the Internet > involve placing > > critical systems behind firewall-type devices. > For this > > testing, we are intentionally not putting these > machines behind > > a firewall. This mean that you could slow these > machines down > > by tossing millions of random packets at them > if you have > > enough bandwidth on your end. If that happens, > we will simply > > start filtering traffic. Instead, find the > interesting "magic > > bullet" that will bring the machine down. > > > > 2. Compromise an account > > > > Windows 2000 computers can have multiple user > accounts and > > groups. See if you can find a way to logon with > one of these > > accounts. > > > > 3. Change something you shouldn't have access > to > > > > See if you can change any files or content on > the server. If > > you manage, no foul or rude statements please. > > > > 4. Get something you shouldn't have > > > > There are hidden messages sprinkled around the > computer. See if > > you can find them. > > > > 5. Our goal is to configure the system to > thwart your attempts > > > > The goal is to see how a properly secured > machine will stand up > > to attack. These machines are configured to > prevent known > > attacks. > > > > 6. This is a test site > > > > You are welcome to attempt to compromise this > site, and this > > site only. This is your chance to do a > practical test of > > Microsoft Windows 2000's security. > > > > 7. Tell us about your exploits > > > > If you find something, send us some email at > > w2000its@microsoft.com. > > © 1999 Microsoft Corporation. All rights > reserved. Terms of > > Use. > > > > -- > > Peter Lowe -- System Administrator, Telenor > Internet > > http://www.ti.cz/ -- pgl@ti.cz > > > > Everything I know in life I learnt from .sigs. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990811034527.16992.rocketmail>