Date: Tue, 10 Aug 1999 10:58:28 -0700 (PDT) From: Chris Cappuccio <chris@dqc.org> To: Roy Bettle <rbettle@criterion-group.com> Cc: John Horn <jhorn1@desperate.ci.tucson.az.us>, misc@openbsd.org, "Questions List FreeBSD.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: Microsoft ask users to crack win2000 site (fwd) Message-ID: <Pine.BSO.4.10.9908101049410.22700-100000@dqc.org> In-Reply-To: <37B05E26.DA485EF5@criterion-group.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This test really isn't much of a security test anyways. There's a lot more to security then just being able to get in Shit, you could probably secure an IRIX box enough to withstand these kinds of attacks.. On Tue, 10 Aug 1999, Roy Bettle wrote: | Two issues to bear in mind: | | 1) M$ is having a hard enough time just getting the Win2K computer to stay | running. The first time they turned it on and placed it "in the line of fire" | for this challenge, it crashed within 4 hours and was subsequently down for | over 24 hours. | | Summary: Do any of us in the *BSD community want to be associated with | something so ridiculously unstable? | | 2) This is obviously an attempt by M$ to have those of us in the Open Source | community help them learn how to write a decent OS. | | Summary: After all the crap we've had to put up with from M$ - from the media | to the products we may have had to support in our "day jobs" - do we really | want to help these $%!^*()& at all? | | Just my $0.02. | | RAB | | | John Horn wrote: | | > This came through on BUGTRAQ last week. A new posting on BUGTRAQ indicates | > that LinuxPPC has issued a similar challenge with similar or identical | > rules. I'm wondering if there may be some fame or notoriety to be gained | > for OBSD by joining in this challenge. It probably won't be difficult, | > or long, before someone breaks in to the NT2K challenge site so there may | > not be much time. | > | > Just an idea. | > | > Regards: | > | > John Horn | > City of Tucson, IT Dept. | > jhorn1@desperate.ci.tucson.az.us | > | > ---------- Forwarded message ---------- | > Date: Tue, 3 Aug 1999 19:05:33 +0200 | > From: Peter Lowe <pgl@ti.cz> | > To: BUGTRAQ@SECURITYFOCUS.COM | > Subject: Microsoft ask users to crack win2000 site | > | > [ executive summary: Microsoft are asking you to crack their | > machine running on win2k and iis. ] | > | > I haven't seen anything about this on bugtraq before, and I'm not | > entirely sure if it's appropriate, but this is from | > http://www.windows2000test.com/ground_rules.htm: | > | > Microsoft Internet Explorer | > Microsoft Windows 2000 Server with Internet Information Server. | > | > Ground Rules | > | > 1. Make it Interesting | > | > Good safe computing practices on the Internet involve placing | > critical systems behind firewall-type devices. For this | > testing, we are intentionally not putting these machines behind | > a firewall. This mean that you could slow these machines down | > by tossing millions of random packets at them if you have | > enough bandwidth on your end. If that happens, we will simply | > start filtering traffic. Instead, find the interesting "magic | > bullet" that will bring the machine down. | > | > 2. Compromise an account | > | > Windows 2000 computers can have multiple user accounts and | > groups. See if you can find a way to logon with one of these | > accounts. | > | > 3. Change something you shouldn't have access to | > | > See if you can change any files or content on the server. If | > you manage, no foul or rude statements please. | > | > 4. Get something you shouldn't have | > | > There are hidden messages sprinkled around the computer. See if | > you can find them. | > | > 5. Our goal is to configure the system to thwart your attempts | > | > The goal is to see how a properly secured machine will stand up | > to attack. These machines are configured to prevent known | > attacks. | > | > 6. This is a test site | > | > You are welcome to attempt to compromise this site, and this | > site only. This is your chance to do a practical test of | > Microsoft Windows 2000's security. | > | > 7. Tell us about your exploits | > | > If you find something, send us some email at | > w2000its@microsoft.com. | > © 1999 Microsoft Corporation. All rights reserved. Terms of | > Use. | > | > -- | > Peter Lowe -- System Administrator, Telenor Internet | > http://www.ti.cz/ -- pgl@ti.cz | > | > Everything I know in life I learnt from .sigs. | -- Corporations are not evil. That kind of anthropomorphism is inappropriate. Corporations are too stupid to be evil, only people can be that. -jwz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.10.9908101049410.22700-100000>