News Microsoft holds hacker conference

[WilHarris]

http://www.bit-tech.net/news/2005/06...er_conference/

[TheAnimus]

HAHA!

oh man that would of been a fun thing to attend.

As for the question, a lot of these types you just can't hire, you even get some who are brilliant, yet would sit on the bugs they've discovered, as telling people would diminish the size of their collection.

[Cheap Mod Wannabe]

People say: Windows sucks, it is so insecure....blah blah blah

Well although their statements have some truth, they also should look and compare security of all major Operating Systems. But that is not simple. I would say that a correct comparison is not even possible because there are far too many hackers with (hacking) experience on Windows, less for Linux, and even less for Mac.

However I'd like to get some hacker wannabes, split them into groups for each OS and then create a list of what they need to do (EX: disable firewall, access data on drive D... etc.) and then each of team would start learning and OS engineers would have to help them. After some time the teams would switch OS's and start doing the same. Data would be collected and etc.. Note that without (or little) experience with hacking each team would have similar odds and the results of security camparison would be far more accurate.

However this kind of conference would hardly ever be promoted by OSs. First of all because of fear of being the most insecure one. And secondly because companies would start offering millions of dollars for the participants just to curve the results.

P.S. Sry I wrote so much s*** I just woke up, and half of my brain is still dreaming LOL.

[TheAnimus]

Quote:

Originally Posted by Cheap Mod Wannabe

People say: Windows sucks, it is so insecure....blah blah blah

Well although their statements have some truth, they also should look and compare security of all major Operating Systems. But that is not simple. I would say that a correct comparison is not even possible because there are far too many hackers with (hacking) experience on Windows, less for Linux, and even less for Mac.

However I'd like to get some hacker wannabes, split them into groups for each OS and then create a list of what they need to do (EX: disable firewall, access data on drive D... etc.) and then each of team would start learning and OS engineers would have to help them. After some time the teams would switch OS's and start doing the same. Data would be collected and etc.. Note that without (or little) experience with hacking each team would have similar odds and the results of security camparison would be far more accurate.

However this kind of conference would hardly ever be promoted by OSs. First of all because of fear of being the most insecure one. And secondly because companies would start offering millions of dollars for the participants just to curve the results.

P.S. Sry I wrote so much s*** I just woke up, and half of my brain is still dreaming LOL.

enless you gave the teams at least 4 years, they wouldn't find squat.

Security is hard, and people have more experiance with POSIX type systems because they've been round since the 70s.

[Firehed]

Yeah it would be great if MS went and hired some of these guys to help them. Sure they've got the money, but until people stop buying their product because of the security flaws (which won't happen, as a copy goes out with every single OEM computer made, save Apple's boxes of course, and as a good 90%+ of the computing world buys OEM...), they won't "waste" their money on things like that.

And was was noted, a lot of these guys do this for the sheer enjoyment of irritating MS. I doubt they'd be the ones at the conference, but you still won't be able to hire most of them without a jawdropping price.

[taliban_raider]

[quote=Firehed...but you still won't be able to hire most of them without a jawdropping price.[/QUOTE]

Microsofts pockets are very, very deep.

I wonder, who would be the roadblock in hiring them, mabee ms already has hired some, it wouldent supprise me if they had.

[webbyman]

microsofts blue hat security confrerence what a name...

i think it would have been funny to see microsoft take large blows to it's shattered security... and the faces of those high payed employees working on security and 2 days of it

i think microsoft proberly could afford to hire alot of them on very very high pay im talking easily more than a 5 figure wage if they wanted... they could pay millions and millions if they wanted and it would show up as pretty much nothing on their cashflow

[TheAnimus]

Its quite intresting to me that i know some of you who have posted have little technical knowledge in this very complex and far reaching area, if i'm able to perswade the uni to let me give this lecture, rather than a water down version (its been sugested that it might be a little dangerous) on all types of cracking, if your in the area you should attend!

The type of people who are genious at this, tend not to want to work for once company as boring as constantly checking the same code.

Now the intresting thing is some of you automatically assume your favourate POSIX complient OS is immune to this? Its only when people make assumptions like this, security becomes a problem.

[fev]

i'd be up for listening to a lecture...gimme detailez!

[TheAnimus]

Quote:

Originally Posted by fev

i'd be up for listening to a lecture...gimme detailez!

its going to be in the autumn term some time, the problem is its thought some people might object about me giving it due to the subject matter.
(and one of the praticals i proposed was to show programmers how easy it is to remove a nag screen, teach the problems with blind use of MD5).

[Da Dego]

Animus,

I think it would be great if you gave a lecture like that. I'd almost wish I were in England to attend it. But to do it at a Uni, you'd have to honestly sell it as a lecture on the state of computer security and what can be done about it, as opposed to "Here's all these exploits and this is why it's stupid." Besides the fact that you'd have to work pretty hard as a student to get a genuine lecture time anyways...they tend to want accredited people to do those sorts of things.

Maybe you could cover the increasing availability of hacking tools for even the less computer-literate, which would comfortably launch into how we are pressing ever further into a divided culture between those who pay for everything and those who pay for nothing, and how particular security measures, DRM, etc., are really helping to create that polar barrier. Now THAT could probably garner some support. And you could get the student attendance by advertising a lecture about DRM. The only downside is you will actually have to come up with a suggestion or two as to how to make it somewhat better without saying "free-for-all."

I once did a business project on how large-scale software success and standards create an open door for hacking, etc, which forces even monolithic companies to keep upgrading and moving forward. It was a bit of "entropy meets business strategy," and went very well (was also an argument against microsoft being dubbed a monopoly).