From owner-freebsd-questions Tue Aug 10 19:19:31 1999 Delivered-To: freebsd-questions@freebsd.org Received: from quiktrak.com.au (router.quiktrak.com.au [150.101.91.17]) by hub.freebsd.org (Postfix) with ESMTP id 8D55814A09 for ; Tue, 10 Aug 1999 19:19:19 -0700 (PDT) (envelope-from Bwulf@quiktrak.com.au) Received: from quiktrak.com.au ([203.34.6.10]) by gateway.quiktrak.com.au with SMTP id <12547-1>; Wed, 11 Aug 1999 11:46:41 +0930 Received: from Quik-Dom-Message_Server by quiktrak.com.au with Novell_GroupWise; Wed, 11 Aug 1999 11:48:58 +0930 Message-Id: X-Mailer: Novell GroupWise 4.1 Date:Wed, 11 Aug 1999 11:48:28 +0930 From: Berndt WULF To: rbettle@criterion-group.com, jhorn1@desperate.ci.tucson.az.us Cc: freebsd-questions@FreeBSD.ORG, misc@openbsd.org Subject: Re: Microsoft ask users to crack win2000 site (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Worse still, do we want to debug their operating sytem for them free of = charge? After all, this is a task for MS=27 software test engineers - right?=20 cheerio Berndt >>> Roy Bettle 11/08/99 2:45:18 >>> Two issues to bear in mind: 1) M=24 is having a hard enough time just getting the Win2K computer to = stay running. The first time they turned it on and placed it =22in the line of = fire=22 for this challenge, it crashed within 4 hours and was subsequently down = for over 24 hours. Summary: Do any of us in the *BSD community want to be associated with something so ridiculously unstable? 2) This is obviously an attempt by M=24 to have those of us in the Open = Source community help them learn how to write a decent OS. Summary: After all the crap we=27ve had to put up with from M=24 - from = the media to the products we may have had to support in our =22day jobs=22 - do we = really want to help these =24%=21=5E*()& at all? Just my =240.02. RAB John Horn wrote: > This came through on BUGTRAQ last week. A new posting on BUGTRAQ = indicates > that LinuxPPC has issued a similar challenge with similar or identical > rules. I=27m wondering if there may be some fame or notoriety to be = gained > for OBSD by joining in this challenge. It probably won=27t be difficult, > or long, before someone breaks in to the NT2K challenge site so there = may > not be much time. > > Just an idea. > > Regards: > > John Horn > City of Tucson, IT Dept. > jhorn1=40desperate.ci.tucson.az.us=20 > > ---------- Forwarded message ---------- > Date: Tue, 3 Aug 1999 19:05:33 +0200 > From: Peter Lowe > To: BUGTRAQ=40SECURITYFOCUS.COM=20 > Subject: Microsoft ask users to crack win2000 site > > =5B executive summary: Microsoft are asking you to crack their > machine running on win2k and iis. =5D > > I haven=27t seen anything about this on bugtraq before, and I=27m not > entirely sure if it=27s appropriate, but this is from > http://www.windows2000test.com/ground_rules.htm:=20 > > Microsoft Internet Explorer > Microsoft Windows 2000 Server with Internet Information Server. > > Ground Rules > > 1. Make it Interesting > > Good safe computing practices on the Internet involve placing > critical systems behind firewall-type devices. For this > testing, we are intentionally not putting these machines behind > a firewall. This mean that you could slow these machines down > by tossing millions of random packets at them if you have > enough bandwidth on your end. If that happens, we will simply > start filtering traffic. Instead, find the interesting =22magic > bullet=22 that will bring the machine down. > > 2. Compromise an account > > Windows 2000 computers can have multiple user accounts and > groups. See if you can find a way to logon with one of these > accounts. > > 3. Change something you shouldn=27t have access to > > See if you can change any files or content on the server. If > you manage, no foul or rude statements please. > > 4. Get something you shouldn=27t have > > There are hidden messages sprinkled around the computer. See if > you can find them. > > 5. Our goal is to configure the system to thwart your attempts > > The goal is to see how a properly secured machine will stand up > to attack. These machines are configured to prevent known > attacks. > > 6. This is a test site > > You are welcome to attempt to compromise this site, and this > site only. This is your chance to do a practical test of > Microsoft Windows 2000=27s security. > > 7. Tell us about your exploits > > If you find something, send us some email at > w2000its=40microsoft.com. > =A9 1999 Microsoft Corporation. All rights reserved. Terms of > Use. > > -- > Peter Lowe -- System Administrator, Telenor Internet > http://www.ti.cz/ -- pgl=40ti.cz=20 > > Everything I know in life I learnt from .sigs. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message