HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 20 guests and 4 members online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow News from the Outside Worldarrow Feel free to hack Microsoft sites
Ethical Hacker Community Forums
August 28, 2008, 06:23:06 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Feel free to hack Microsoft sites  (Read 3732 times)
0 Members and 1 Guest are viewing this topic.
Bogwitch
Newbie
*
Offline Offline

Posts: 48

Senno Ekto Gamat


View Profile
« on: April 21, 2008, 02:35:33 PM »
Responsible disclosure only!

http://www.theregister.co.uk/2008/04/21/microsoft_oks_online_flaw_finding/
Logged
CISSP, C|EH, C|HFI
rance
Jr. Member
**
Offline Offline

Posts: 60


<censored>


View Profile
« Reply #1 on: April 21, 2008, 02:49:51 PM »
Quote
Moussouris said she is pushing to get a provision added to a proposed standard that's making its way through the International Organization for Standardization that would protect ethical hackers who responsibly disclose vulnerabilities in other companies' websites.

That scares the living crap out of me.  I can't imagine the increase in attack traffic if the legal deterrent disappears.  We all become practice targets for the "ethical" hackers.  If your intentions were maliscious?  Just *say* you were ethically hacking, trying to be a good netizen.

That and kiss your IDP systems goodbye, or be prepared to hire a dozen full-timers to wade through the increased traffic.

Yeah... yuck.  Much yuck.
Logged
I use my powers for good, and not for evil... now.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2229


Editor-In-Chief


View Profile WWW
« Reply #2 on: April 21, 2008, 04:04:06 PM »
Agreed.

 Shocked

Don
Logged
CISSP, MCSE, CEH, Security+ SME
RoleReversal
Sr. Member
****
Offline Offline

Posts: 385


View Profile WWW
« Reply #3 on: April 22, 2008, 02:56:15 AM »
Quote
Microsoft has publicly pledged not to sue or press charges against ethical hackers who responsibly find security flaws in its online services.
(Highlighting is mine)

Who decides what is 'responsibly'? If it is still Microsoft then the goalposts haven't changed at all.

Agreed though, scary  Shocked
Logged
A little bit of sanity:
http://www.infosanity.co.uk
shawal
Jr. Member
**
Offline Offline

Posts: 86


View Profile
« Reply #4 on: April 22, 2008, 11:59:26 AM »

RR
'responsibly'=stumble upon security bug(s) and report them, it does say so in the article.

W.
Logged
RHCE, GIAC GCIH.
Manu Zacharia (-M-)
Full Member
***
Offline Offline

Posts: 181



View Profile WWW
« Reply #5 on: April 22, 2008, 12:34:06 PM »
Hi All,

I think a Do's and Don't should have followed the press release to draw a demarcation line. That would have made the game more safer for White Hats.
Logged
Manu Zacharia
Certified ISO 27001:2005 (Information Security Management System) Lead Auditor
Promote the Information Security Day
Visit - http://www.informationsecurityday.com
RoleReversal
Sr. Member
****
Offline Offline

Posts: 385


View Profile WWW
« Reply #6 on: April 23, 2008, 03:14:49 AM »
Quote from: shawal on April 22, 2008, 11:59:26 AM
'responsibly'=stumble upon security bug(s) and report them

again, definition of 'stumble upon'?

Is that in day to day use? fuzzers? Stress testing? ........

I agree with Manu, without Do's and Don'ts drawing a strict line in the sand it still upto Microsoft to determine what the accept as responsible. If they define responsible as only reporting issues discovered during normal use then this isn't related to 'hacking' ethical, responsible or otherwise.

To me this article seems like PR fluff and doesn't change a thing.
« Last Edit: April 23, 2008, 03:18:10 AM by RoleReversal » Logged
A little bit of sanity:
http://www.infosanity.co.uk
JobMatchNow
Newbie
*
Offline Offline

Posts: 24


View Profile
« Reply #7 on: May 12, 2008, 03:17:15 PM »
Why microsoft sites?
Logged
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 201

Klaatu, Borada,Necktie?


View Profile
« Reply #8 on: May 12, 2008, 04:00:12 PM »
Quote from: JobMatchNow on May 12, 2008, 03:17:15 PM
Why microsoft sites?

Did you read the article that Bogwitch linked to?
Logged
MCP, Security+, Associate (ISC)2
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.053 seconds with 23 queries.
 
EH-Net's
2nd Annual
Tweener Party 

Thanks all. Click HERE for details.

Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.