[plug] Microsoft ask users to crack win2000 site (fwd)

[Matt Bruce]

Mike Holland (myk at golden.wattle.id.au) wrote:

>Easy on the MS-bashing guys - this is totally reasonable.
>A denial-of-service attack is always way easier than actually breaking
>their security to read or modify data. 

Commendable championing, Mike, but I'm not out to bash Microsoft. I'm just
indignant at the fact they've placed terms on how their prize toy is to be
approached. It's totally different to how it is in the field, and I'm damned
sure they're going to use the results of this little competition in their
marketting later on down the track.

My point is that if they want to see if it can be compromised, then there
should be no interconnectivity-based restrictions.

>I'll bet cutting their power lines wouldnt count either.

Erm...that doesn't really compromise it. It's the ultimate DoS. :)

>And BTW, MS sell lots of good apps that dont suck, except that 
>they wont run on a decent non-sucking OS. Even MSIE sucks less 
>than Netscape.

They do sell good apps, it's just a pity that most of them are buggy as
hell. ;) Seriously, though...it's not just the OS that makes the app
problematic, nor is it the megabytes of "easter eggs" that every bloody MS
app seems to come with. 

Part of the problem, IMNSHO, is that they give developers and OEMs a list of
features, API hooks, etc, in the OS, but there is always a percentage they
don't make known. The only reasons I can think of are 1) they haven't been
fully tested, so it's security through obscurity, or 2) non-disclosure gives
them the edge when they create apps that other developers' apps just can't
do.

Call me crazy, but would Bond drive an Aston Martin fitted out by Q that
didn't have all the buttons and switches fully explained first? Ok...maybe
the Bond analogy is a little over-complimentary, but you know what I mean.
:)

Cya,

-- 
Matt Bruce   <matt.bruce at alphawest.com.au>
Security & Internet Engineer
AlphaWest - http://www.alphawest.com.au