Bugtraq mailing list archives
Re: Microsoft ask users to crack win2000 site
From: dps () IO STARGATE CO UK (Duncan Simpson)
Date: Fri, 6 Aug 1999 18:18:05 +0100
Since nobody has pointed it out yet it has been said by various people, at least one of them in print, (including Spafford, I think) that these challenges are unlikely to attract the real experts, who can charge large consulting fees. It simply makes no sense for these people to give their services for no charge by attacking such machines. Suppose a criminal uses the testing period to find a really devsating bug. Do you think they tell the people running the machine about it or do they instead use it for extortion, theft or other evil purposes later? Further some of the most devasting exploits really require a test machine you have root, or equivilent access, to find the information needed and develop the code. Until windows 2000 is released such machines seem unlikely to be avialable. (The lack of development machines does not apply to Linux PPC of course). I would add that if any such machine is broken into then it is an ideal place for attacking the rest of the internet. Having said that it might make the machines more resistant against the script kiddies, which is a good thing. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
Current thread:
- Re: Microsoft ask users to crack win2000 site Duncan Simpson (Aug 06)