From owner-freebsd-questions Wed Aug 11 11:26:42 1999 Delivered-To: freebsd-questions@freebsd.org Received: from desperate.ci.tucson.az.us (desperate.ci.tucson.az.us [166.89.241.28]) by hub.freebsd.org (Postfix) with ESMTP id D0DC7155E3 for ; Wed, 11 Aug 1999 11:26:34 -0700 (PDT) (envelope-from jhorn1@desperate.ci.tucson.az.us) Received: from desperate (desperate [166.89.241.28]) by desperate.ci.tucson.az.us (8.9.1b+Sun/8.9.1) with ESMTP id LAA21989; Wed, 11 Aug 1999 11:25:47 -0700 (MST) Date: Wed, 11 Aug 1999 11:25:47 -0700 (MST) From: John Horn To: William Law Cc: Berndt WULF , rbettle@criterion-group.com, freebsd-questions@FreeBSD.ORG, misc@openbsd.org Subject: Re: Microsoft ask users to crack win2000 site (fwd) In-Reply-To: <19990811034527.16992.rocketmail@send205.yahoomail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Though I hadn't intended to do so, at least I sparked a debate over this issue. M$ is a 'for profit' monopoly and, while it may be argued that they desperately need ENORMOUS assistance in making their flagship product, which they attempt to pass to userland as an OS, more secure, it is definitely not our job to assist them. My proposal, OTOH, was really nothing more than the notion that perhaps OBSD could also benefit in some way from this event. *Shrug* I want to make it clear that I do NOT propose that we assist M$ in any way. They make a profit already, they need no more assistance than that. OBSD OTOH, can always use a little helping hand, whether by donation, CD purchase or whatever... My motives are altruistic so please withold the flames... :) On Tue, 10 Aug 1999, William Law wrote: > Hi, >=20 > I believe we should take this positively. Since MS > wants to test whether their server is secure, we > should lend our hand to help them. That's the spirit > of the Open Source community. Instead of being > anti-MS, we should try to do what they want, and that > is "hack their system". This may as well be a good > chance to show Microsoft that their server is not as > secure as the BSD or other UNIX operating system. Who > knows this may bring a good image to the Open Source > community. >=20 > Professionals should be helping others and not giving > critics. If people do not help each other, do you > think BSD will be as it is today? >=20 > Just my 2 cents. >=20 > Regards, > William Law >=20 > --- Berndt WULF wrote: > > Worse still, do we want to debug their operating > > sytem for them free of charge? > > After all, this is a task for MS' software test > > engineers - right?=20 > >=20 > > cheerio Berndt > >=20 > > >>> Roy Bettle > > 11/08/99 2:45:18 >>> > > Two issues to bear in mind: > >=20 > > 1) M$ is having a hard enough time just getting the > > Win2K computer to stay > > running. The first time they turned it on and > > placed it "in the line of fire" > > for this challenge, it crashed within 4 hours and > > was subsequently down for > > over 24 hours. > >=20 > > Summary: Do any of us in the *BSD community want to > > be associated with > > something so ridiculously unstable? > >=20 > > 2) This is obviously an attempt by M$ to have those > > of us in the Open Source > > community help them learn how to write a decent OS. > >=20 > > Summary: After all the crap we've had to put up > > with from M$ - from the media > > to the products we may have had to support in our > > "day jobs" - do we really > > want to help these $%!^*()& at all? > >=20 > > Just my $0.02. > >=20 > > RAB > >=20 > >=20 > > John Horn wrote: > >=20 > > > This came through on BUGTRAQ last week. A new > > posting on BUGTRAQ indicates > > > that LinuxPPC has issued a similar challenge with > > similar or identical > > > rules. I'm wondering if there may be some fame or > > notoriety to be gained > > > for OBSD by joining in this challenge. It probably > > won't be difficult, > > > or long, before someone breaks in to the NT2K > > challenge site so there may > > > not be much time. > > > > > > Just an idea. > > > > > > Regards: > > > > > > John Horn > > > City of Tucson, IT Dept. > > > jhorn1@desperate.ci.tucson.az.us=20 > > > > > > ---------- Forwarded message ---------- > > > Date: Tue, 3 Aug 1999 19:05:33 +0200 > > > From: Peter Lowe > > > To: BUGTRAQ@SECURITYFOCUS.COM=20 > > > Subject: Microsoft ask users to crack win2000 site > > > > > > [ executive summary: Microsoft are asking you to > > crack their > > > machine running on win2k and iis. ] > > > > > > I haven't seen anything about this on bugtraq > > before, and I'm not > > > entirely sure if it's appropriate, but this is > > from > > > http://www.windows2000test.com/ground_rules.htm:=20 > > > > > > Microsoft Internet Explorer > > > Microsoft Windows 2000 Server with Internet > > Information Server. > > > > > > Ground Rules > > > > > > 1. Make it Interesting > > > > > > Good safe computing practices on the Internet > > involve placing > > > critical systems behind firewall-type devices. > > For this > > > testing, we are intentionally not putting these > > machines behind > > > a firewall. This mean that you could slow these > > machines down > > > by tossing millions of random packets at them > > if you have > > > enough bandwidth on your end. If that happens, > > we will simply > > > start filtering traffic. Instead, find the > > interesting "magic > > > bullet" that will bring the machine down. > > > > > > 2. Compromise an account > > > > > > Windows 2000 computers can have multiple user > > accounts and > > > groups. See if you can find a way to logon with > > one of these > > > accounts. > > > > > > 3. Change something you shouldn't have access > > to > > > > > > See if you can change any files or content on > > the server. If > > > you manage, no foul or rude statements please. > > > > > > 4. Get something you shouldn't have > > > > > > There are hidden messages sprinkled around the > > computer. See if > > > you can find them. > > > > > > 5. Our goal is to configure the system to > > thwart your attempts > > > > > > The goal is to see how a properly secured > > machine will stand up > > > to attack. These machines are configured to > > prevent known > > > attacks. > > > > > > 6. This is a test site > > > > > > You are welcome to attempt to compromise this > > site, and this > > > site only. This is your chance to do a > > practical test of > > > Microsoft Windows 2000's security. > > > > > > 7. Tell us about your exploits > > > > > > If you find something, send us some email at > > > w2000its@microsoft.com. > > > =A9 1999 Microsoft Corporation. All rights > > reserved. Terms of > > > Use. > > > > > > -- > > > Peter Lowe -- System Administrator, Telenor > > Internet > > > http://www.ti.cz/ -- pgl@ti.cz=20 > > > > > > Everything I know in life I learnt from .sigs. > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > > =20 > >=20 > >=20 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of > > the message > >=20 >=20 > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com >=20 >=20 Regards: John Horn City of Tucson, IT Dept. jhorn1@desperate.ci.tucson.az.us To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message