From owner-freebsd-questions Tue Aug 10 10:13:23 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail.rdc2.occa.home.com (ha1.rdc2.occa.home.com [24.2.8.66]) by hub.freebsd.org (Postfix) with ESMTP id BE9CB14E87 for ; Tue, 10 Aug 1999 10:13:19 -0700 (PDT) (envelope-from rbettle@criterion-group.com) Received: from criterion-group.com ([24.5.44.161]) by mail.rdc2.occa.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <19990810171138.SVVA7447.mail.rdc2.occa.home.com@criterion-group.com>; Tue, 10 Aug 1999 10:11:38 -0700 Message-ID: <37B05E26.DA485EF5@criterion-group.com> Date: Tue, 10 Aug 1999 10:15:18 -0700 From: Roy Bettle X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: John Horn Cc: misc@openbsd.org, "Questions List FreeBSD.org" Subject: Re: Microsoft ask users to crack win2000 site (fwd) References: Content-Type: multipart/mixed; boundary="------------8DC36AE37DD49CB70CB5B6A8" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------8DC36AE37DD49CB70CB5B6A8 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Two issues to bear in mind: 1) M$ is having a hard enough time just getting the Win2K computer to stay running. The first time they turned it on and placed it "in the line of fire" for this challenge, it crashed within 4 hours and was subsequently down for over 24 hours. Summary: Do any of us in the *BSD community want to be associated with something so ridiculously unstable? 2) This is obviously an attempt by M$ to have those of us in the Open Source community help them learn how to write a decent OS. Summary: After all the crap we've had to put up with from M$ - from the media to the products we may have had to support in our "day jobs" - do we really want to help these $%!^*()& at all? Just my $0.02. RAB John Horn wrote: > This came through on BUGTRAQ last week. A new posting on BUGTRAQ indicates > that LinuxPPC has issued a similar challenge with similar or identical > rules. I'm wondering if there may be some fame or notoriety to be gained > for OBSD by joining in this challenge. It probably won't be difficult, > or long, before someone breaks in to the NT2K challenge site so there may > not be much time. > > Just an idea. > > Regards: > > John Horn > City of Tucson, IT Dept. > jhorn1@desperate.ci.tucson.az.us > > ---------- Forwarded message ---------- > Date: Tue, 3 Aug 1999 19:05:33 +0200 > From: Peter Lowe > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: Microsoft ask users to crack win2000 site > > [ executive summary: Microsoft are asking you to crack their > machine running on win2k and iis. ] > > I haven't seen anything about this on bugtraq before, and I'm not > entirely sure if it's appropriate, but this is from > http://www.windows2000test.com/ground_rules.htm: > > Microsoft Internet Explorer > Microsoft Windows 2000 Server with Internet Information Server. > > Ground Rules > > 1. Make it Interesting > > Good safe computing practices on the Internet involve placing > critical systems behind firewall-type devices. For this > testing, we are intentionally not putting these machines behind > a firewall. This mean that you could slow these machines down > by tossing millions of random packets at them if you have > enough bandwidth on your end. If that happens, we will simply > start filtering traffic. Instead, find the interesting "magic > bullet" that will bring the machine down. > > 2. Compromise an account > > Windows 2000 computers can have multiple user accounts and > groups. See if you can find a way to logon with one of these > accounts. > > 3. Change something you shouldn't have access to > > See if you can change any files or content on the server. If > you manage, no foul or rude statements please. > > 4. Get something you shouldn't have > > There are hidden messages sprinkled around the computer. See if > you can find them. > > 5. Our goal is to configure the system to thwart your attempts > > The goal is to see how a properly secured machine will stand up > to attack. These machines are configured to prevent known > attacks. > > 6. This is a test site > > You are welcome to attempt to compromise this site, and this > site only. This is your chance to do a practical test of > Microsoft Windows 2000's security. > > 7. Tell us about your exploits > > If you find something, send us some email at > w2000its@microsoft.com. > © 1999 Microsoft Corporation. All rights reserved. Terms of > Use. > > -- > Peter Lowe -- System Administrator, Telenor Internet > http://www.ti.cz/ -- pgl@ti.cz > > Everything I know in life I learnt from .sigs. --------------8DC36AE37DD49CB70CB5B6A8 Content-Type: text/x-vcard; charset=us-ascii; name="rbettle.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Roy Bettle Content-Disposition: attachment; filename="rbettle.vcf" begin:vcard n:Bettle;Roy tel;work:(949) 452-1203 x-mozilla-html:FALSE url:http://www.criterion-group.com org:Criterion Group, Inc. version:2.1 email;internet:rbettle@criterion-group.com title:President note:Businesses that depend on computers, depend on us. adr;quoted-printable:;;26895 Aliso Creek Road=0D=0ASuite B404;Aliso Viejo;CA;92656;USA fn:Bettle, Roy end:vcard --------------8DC36AE37DD49CB70CB5B6A8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message