Explore Newsletters from ECT News Network » View Samples | Subscribe
Welcome Guest | Sign In
Ideoclick eBook

Microsoft Issues Open Challenge to Hackers

By Matthew W. Beale
Aug 6, 1999 12:00 AM PT

In response to a recent firestorm of criticism regarding the security of its products, Microsoft (Nasdaq: MSFT) left a Web server with a beta version of Windows 2000 and the embattled Internet Information server (IIS) outside its firewall this week.

Microsoft Issues Open Challenge to Hackers

This enticing announcement openly invited members of the hacking community to crack the new program. Not only was there little hacker interest, but the server crashed and was unavailable for more than 24 hours.

Online security firms, including L0pht and eEye, have in recent months discovered numerous server vulnerabilities that have left the Redmond, Washington-based software titan scrambling to save face by making patches available and having to launch a major security initiative. With recent anti-trust lawsuits involving Caldera, another hi-tech firm, and the U.S. Government, Microsoft has learned to respond to potentially image-tainting revelations.

Creating a 'capture the flag' scenario, Microsoft placed several target files and user accounts on the server for hackers -- who apparently now prefer to be known as crackers -- to pilfer. No material compensation was offered to parties able to penetrate the Windows 2000's security system, however. "We hope that this kind of open testing will allow us to ship our most secure OS (operating system) yet," commented a Microsoft spokesman in a ZDNet report.

Another Public Embarrassment?

"This test site is available for security testing to help support our goal of delivering a great product that meets the most demanding customer needs," read a Microsoft statement. However, soon after the Microsoft Windows 2000 beta went live, making it available online to potential attackers, technical difficulties with the test server caused a crash.

Microsoft, occasionally known for botched public demonstrations, indicated that "router problems" were to blame, and the project was put on hold for over a day. At press time, the beta was again available, but no report had been issued indicating the status of the testing.

The Challenge Still Stands

Hackers did respond to the open challenge, but not in the manner that Microsoft hoped for, apparently. The Hacker News Network, for instance, dismissed the software company's move as "an obvious ploy to get free publicity." A statement posted at the site added, sarcastically, that it is their hope "that this is not a primary testing method."

An anonymous member of the Slashdot Community, an open-source software resource site, commented on the test: "Not only is attacking a system blind over the 'net probably one of the hardest things to do, but the people who could actually accomplish this task have more important things to do. Of course a few months from now I'm sure we will hear how Windows 2000 stood up to X number of 'hack' attempts."

OS and Web server integrity are critical issues to the livelihood of Internet-centric operations, and are key concerns for firms engaged in e-commerce. Security experts and other interested parties are encouraged to test the Windows 2000 beta.

Ekata Pro Insight Identity Review
What was your initial reaction to news of the Colonial Pipeline cyberattack?
It demonstrates that all critical infrastructure sectors are at high risk of disruption by cybercriminals.
Everyone will be paying for this attack in the form of higher energy costs.
Governments need to work more closely with private industries to protect networks for the sake of public safety.
It's a global problem. An international alliance must be formed to hold the perpetrators accountable and prevent future attacks.
Contact Center AI Explained by Pop Culture