August 4, 1999, 6:24 PM EST
Microsoft to Hackers: Crack This!
But Windows 2000 test server appears to have crashed without any help.
By David Raikow, Sm@rt Reseller
In an attempt to burnish its tarnished reputation for network security,
Microsoft issued an open challenge on Tuesday to the hacking community.
But potential testers barely got a chance to attempt to break Windows 2000’s
security system, as the test server Microsoft offered crashed and stayed down
for most of the past 24 hours.
Microsoft placed a web server running the latest beta of Windows 2000 and
Internet Information Server (IIS) outside its firewalls, and invited the
public to go after target files and user accounts it placed there. The
company’s reason for doing so? "We hope that this kind of open testing will
allow us to ship our most secure OS yet," said a Microsoft spokesperson.
The hacking community was and is largely unimpressed, however. In its posted
coverage, the Hacker News Network called the challenge "an obvious ploy to
get free publicity...It is hoped that this is not a primary testing method."
Members of the Linux-enthusiast site Slashdot for the most part concurred,
accusing Microsoft of using anti-Microsoft sentiment for free auditing.
Meanwhile, the Linux community created a counter-challenge of its own.
Tuesday
afternoon, LinuxPPC, the developers and distributors of a PowerPC-native
version of Linux, challenged hackers to crack one of its servers. Unlike
Microsoft, which did not offer any kind of incentive or award to hackers,
LinuxPPC is giving the machine to the first person to break in.
Whoops!
If it was meant as a publicity stunt, the Microsoft security challenge may
have
backfired. As soon as the site went online, Microsoft ran into technical
difficulties with the test server. Early visitors reported problems with the
home-page HTML and Javascript, some serious enough to prevent them accessing
the page at all. Posted status logs indicate that the server had to be
rebooted at least once because the system log was full, and some services
were unavailable at reboot.
Most significantly, the server was offline for most of Tuesday due to what
Microsoft
described as "router problems". Though intermittently available Wednesday
morning, the site was down at press time, and appears to have been pulled
from DNS servers entirely; ping tests indicated the MS router was functional.
Some Slashdot contributors reported seeing a notice that the site had been
withdrawn, but no such notice is currently posted on any publicly accessible
MS server.
A Microsoft spokesperson attributed some of the difficulties to thunderstorms
in
Seattle on Tuesday, but had no comment on the site's status at press time.
###
... ... ... ... ... ... ... ... ... ... ... ... ...
Sally Khudairi . ZOT Group . http://www.zotgroup.com/
+1.617.818.0177 <sk@zotgroup.com>