Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft to Publish Blue Hat Findings

Zonk posted more than 8 years ago | from the stylish-chapeau dept.

154

An anonymous reader wrote to mention an InfoWorld article about Microsoft's plan to publish some of the findings from last week's Blue Hat conference. From the article: "'Everything was fair game,' wrote SQL Server engineer Brad Sarsfield in a blog posting. 'Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week; I want to get to the bottom of this' was at least one measure of success from my point of view for the event.' The Blue Hat name is a play on the Black Hat conferences, which have occasionally been criticized by IT vendors. The 'Blue' part comes from the color of badges that Microsoft staffers wear on campus." They have descriptions of some of the sessions up on the site for your perusal.

cancel ×

154 comments

Sorry! There are no comments related to the filter you selected.

Blank passwords (5, Insightful)

dedazo (737510) | more than 8 years ago | (#14935995)

I'm sure the executives started the whipping sessions with the person responsible for allowing SQL Server to function happily with a blank 'sa' password.

Re:Blank passwords (5, Funny)

AKAImBatman (238306) | more than 8 years ago | (#14936039)

Are you kidding me? That's Microsoft "innovation" at it's finest! Customers always complain to Microsoft that they can't remember their password. So Microsoft created an innovative new way to remember your password: Don't use one!

Only Microsoft can bring you incredible innovation like this.

Re:Blank passwords (2, Insightful)

dedazo (737510) | more than 8 years ago | (#14936208)

Only Microsoft can bring you incredible innovation like this.

I enjoy a good Microsoft bash (oh lololo m$ nevar innovates!!1!) but your comment tells me you have probably no idea how commercial software works.

I think the blank password "feature" is supremely stupid, and yes, it was probably there because one of their big clients asked for it. A lot of functionality in Microsoft products come from big business feedback and most of the time it's appropriate because enterprise clients are the ones that really put the products through its paces. But it's not there because someone at Microsoft is stupid or because of "innovation" (or the lack thereof).

You pays your money and you take your chances. In this case it came back to bite them, like most "security relaxation features" their products tend to be afflicted with. As much as the "Microsoft is just stupid" line gets play, things are usually a bit more complicated than that.

The key is that it's an option that you (as the DB admin) can choose to turn off. The MySQL root account will also run with a blank password when you first install it from, say, Synaptic. It's up to you to tighten it down.

Re:Blank passwords (4, Interesting)

AKAImBatman (238306) | more than 8 years ago | (#14936287)

I enjoy a good Microsoft bash (oh lololo m$ nevar innovates!!1!)

Good to know.

but your comment tells me you have probably no idea how commercial software works.

I'm not quite sure how this statement follows from your first. Do you like a joke or not? Maybe, just maybe, I was only joking?

The key is that it's an option that you (as the DB admin) can choose to turn off. The MySQL root account will also run with a blank password when you first install it from, say, Synaptic. It's up to you to tighten it down.

The reason why the root/sa passwords start blank is so you can configure the server immediately after installation. Using a default username/password of some sort (ala Oracle) wouldn't change the security situation to any appreciable degree, and only serves to force the DB administrator to look up the default every time he does an installation. (Which is likely to be rare enough to prevent him from memorizing it.)

Yeash. Way to spoil a joke.

Re:Blank passwords (1)

__michikal (959040) | more than 8 years ago | (#14936417)

Don't like it, don't cry about it.

Re:Blank passwords (0)

Anonymous Coward | more than 8 years ago | (#14936804)

The reason why the root/sa passwords start blank is so you can configure the server immediately after installation.

Last time I installed Windows, it made me set an administrator password as part of the installation process. The same thing happened last time I installed Linux. In neither case did it simply install with a blank password and expect me to configure anything after installation.

Is there any reason why this would be more difficult for a database than for an operating system?

Re:Blank passwords (0)

Anonymous Coward | more than 8 years ago | (#14936348)

I think the blank password "feature" is supremely stupid, and yes, it was probably there because one of their big clients asked for it. A lot of functionality in Microsoft products come from big business feedback and most of the time it's appropriate because enterprise clients are the ones that really put the products through its paces. But it's not there because someone at Microsoft is stupid... [emphasis mine]

Doing something stupid is not stupid? Stupid is as stupid does.

Re:Blank passwords (1)

plague3106 (71849) | more than 8 years ago | (#14936441)

Its also worth noting that this isn't even an option anymore in Sql Server 2005.

Re:Blank passwords (0)

Anonymous Coward | more than 8 years ago | (#14936311)

And using the contraction for "it is" when you wanted the possessive "its" is AKAImBatman "innovation" at its finest!

Re:Blank passwords (1, Funny)

Anonymous Coward | more than 8 years ago | (#14936384)

We'll, thats you're opinion. The rest of Slashdot probably has they're own opinion's on what your saying. Many of them probably think you're statement is rediculous. It's too bad you ain't agreeing with them.

Re:Blank passwords (1)

absinthminded64 (883630) | more than 8 years ago | (#14936126)

Those vending machines that sell green paper were not working very well that day!

Stranded and hungry . stuck in own little xp_cmdsHELL

Posturing (4, Interesting)

EmbeddedJanitor (597831) | more than 8 years ago | (#14936247)

Yawn... Heard all of these "I'm going to fix that Monday morning" stuff before so many times from so many companies, and seen so little action.

This is a pretty standard way for companies to handle lynch mobs of unhappy people: Put an exec up on a stage and have everyone yell their guts out and promise to investigate it thoroughly. This is not done just for software security, but just about everything.

Undoubtedly one or two simple, yet highly visible, things (eg. the password check) will be fixed to show that some action was taken.

Re:Posturing (1)

segedunum (883035) | more than 8 years ago | (#14936307)

Agreed. That was the first thing I thought when I saw that "in my office on Monday morning" bollocks.

Re:Posturing (1)

Rimbo (139781) | more than 8 years ago | (#14936482)

It doesn't matter how much an exec huffs and puffs if the developers don't respect the priorities he sets for them.

Re:Posturing (1)

thetoastman (747937) | more than 8 years ago | (#14936735)

Ummm . . . an executive responsible for a product offering doesn't know (or can't find out) who is responsible for a product feature set?

Is there any wonder why Microsoft has such a terrible product?

I bet if they asked marketing who is responsible for a particular line in an advertisement, the answer would be almost instantly known.

Microsoft - the greastest marketing company in the world.

Re:Posturing (0)

Anonymous Coward | more than 8 years ago | (#14936911)

Ummm . . . an executive responsible for a product offering doesn't know (or can't find out) who is responsible for a product feature set?

Um, he said that he wants them in his office on Monday.... Sounds like he'll find out on Monday....

Re:Blank passwords (1)

Heembo (916647) | more than 8 years ago | (#14936588)

If you deploy a database durectly on the internet or in an area of your LAN where folks can easily attempt to log into it, you deserve to be breached. Most smart app/network designers will place their database(s) behind layers of firewalls so only the application servers in question have access. In this situation, having a blank system admin password (although stupid) is not so much a risk - only your production deployment crew should even HAVE access - it's called defense in depth.

Re:Blank passwords (4, Funny)

ednopantz (467288) | more than 8 years ago | (#14936693)

yeah, it's not like any other database product ships with a weak password you are supposed to change.

-Scott Tiger

First post? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14935996)

What the hell, I have nothing to say about this...

Could it be...? (3, Interesting)

filesiteguy (695431) | more than 8 years ago | (#14936028)

Could MS actually be taking security seriously?

Naaahh...

I'm sure this was a very interesting conference - nice to see names like Johnny Long there ( Google Hacking for Penetration Testers ) http://books.slashdot.org/article.pl?sid=05/04/11/ 1750217&from=rss and other notables. I'm curious if MS will ever really look at what it is that causes so much to go wrong with their departmental OS.

All the same, I'm sure the findings will be taken back, discussed among those who know and forgotten or buried by marketing executives.

Re:Could it be...? or why Blue Hat is useless (1)

WillAffleckUW (858324) | more than 8 years ago | (#14936305)

well, I think that there's nothing wrong with a Blue Hat conference, it can even be useful, but trying to pretend that Blue Hatters will be attacking one's weak points is as disasterous as attacking Iraq or Iran and not expecting an ever-changing homebrewed guerilla warfare that adapts faster than one can plan.

the reality is that the attackers will be Black Hats. Blue Hats may be useful, but they aren't the ones attacking you.

Re:Could it be...? (3, Interesting)

tpgp (48001) | more than 8 years ago | (#14936397)

Could MS actually be taking security seriously?

Yes - yes they are.

You see - MS's customers are demanding it - and MS is trying to deliver - after all, their competition [distrowatch.com] (mostly) is delivering. (See, this is why F/OSS is good for you even if you dont use it:)

Anyway, I do think MS is making an attempt to take security seriously, but security needs are ultimately outshadowed by their marketing needs.

Anyway, to bring things (mildly) back on topic, I'll repeat myself: [slashdot.org]

Note to Microsoft

We have more then enough hat colours as things stand.

Blue Hat hacker sounds like an IBM employee anyway (or an Anti-Fedora agent?)

Re:Could it be...? (0, Redundant)

filesiteguy (695431) | more than 8 years ago | (#14936483)

We have more then enough hat colours as things stand.
Blue Hat hacker sounds like an IBM employee anyway (or an Anti-Fedora agent?)

LOL!! Next thing you know they'll have a bunch of old ladies in a Red Hat conference...
http://www.redhatsociety.com/ [redhatsociety.com]

...my 64-year-old mother, who's a member, could attend. (Of course, she DOES use SuSE, so the Fedora-types might reject her.)

Description please? (0)

Mindcry (596198) | more than 8 years ago | (#14936041)

Way to quote some random guy and talk about blue badges and go on for four sentences without giving any indication of what the conference is actually about.

Re:Description please? (0)

Anonymous Coward | more than 8 years ago | (#14936128)

Way to quote some random guy and talk about blue badges and go on for four sentences without giving any indication of what the conference is actually about.

and yet, somehow the rest of us knew what the article was about.

Re:Description please? (4, Funny)

Tackhead (54550) | more than 8 years ago | (#14936141)

> Way to quote some random guy and talk about blue badges and go on for four sentences without giving any indication of what the conference is actually about.

We could tell you, but we'd have to throw a chair at you.

(It's really a conspiracy against Red Hat)
/ducks chair
//adjusts tinfoil hat.

Re:Description please? (0)

Anonymous Coward | more than 8 years ago | (#14936692)

In Soviet Russia tinfoil hat adjusts you!

Anyone ask why SSL still doesn't do AES? (1, Insightful)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14936042)

Anyone ask why SSL still doesn't do AES? I mean it's 2006 and Microsoft is really the only vendor who DOESN'T do AES or 256-bit encryption in SSL. (I know, they said they'd put it in Vista, but that doesn't help the millions of Windows XP users or Windows 2003 administrators out there.)

Re:Anyone ask why SSL still doesn't do AES? (1)

SCHecklerX (229973) | more than 8 years ago | (#14936240)

And also 3des, which we require for managing our Nokias. Gives me a good excuse to run Firefox at work, when the director asks why I can't use our standard browser :)

Microsoft SSL already does do 3DES. (5, Informative)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14936317)

I believe Microsoft DOES support 3DES on SSL. My "FIPS 140-1" configurations require it. Look for this key in your windows registry - if you have this key, your SSL does 3DES:

HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\SecurityProviders\SCHANNEL\ciphers\Triple DES 168/168

Re:Anyone ask why SSL still doesn't do AES? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14936359)



IE doesn't do AES or 256-bit encryption in SSL because we were asked to hold off on that from a certain 3 lettered US government agency (hint: starts with N).
That's all I'm going to say on the matter, back to lurking.

NSA asked Microsoft to not put AES in? (1)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14936524)

So, you claim the NSA asked Microsoft to not put AES in IE? This doesn't make much sense either. Like I said, almost every other browser, client or server already supports AES on SSL (including those offered by IBM). It's just weird that Microsoft lags so far behind.

Re:NSA asked Microsoft to not put AES in? (0)

Anonymous Coward | more than 8 years ago | (#14936680)

But the real question is, will these variations on the theme of the Nuremberg Defense work for Scooter Libby?

Not so weird (4, Interesting)

abb3w (696381) | more than 8 years ago | (#14936755)

So, you claim the NSA asked Microsoft to not put AES in IE? This doesn't make much sense either. Like I said, almost every other browser, client or server already supports AES on SSL (including those offered by IBM). It's just weird that Microsoft lags so far behind.

Not that weird. Yes, every other browser/client/server supports it. IE still has comfortably more than half [hitslink.com] of the browser market, even though it's in decline. So, if the NSA can't break AES, they ask M$ not to put it in, and a large chunk of the traffic remains readily readable.

"But," you may say, "anyone who knows what they're doing will use something more secure." True. However on one hand, crooks and terrorists are often (albeit not always) stupid, and might not always do so; and on the other hand, the easily broken traffic can be quickly sorted out, leaving a smaller quantity of harder-to-break traffic where content analysis is neglected but traffic analysis [wikipedia.org] approaches become profitable. Limiting the capabilities of the drooling-luser set is helpful, because it makes it easier to pick out the bad guys who hide by leaving a smaller set of both the good and the bad guys who can hide. Rather than struggling to separate all the good from the bad, they can first quickly separate the smart from the stoooopid.

Of course, there's no proof the AC's assertion is true... but it doesn't matter much for the sake of arguement.

Re:Anyone ask why SSL still doesn't do AES? (2, Informative)

way0utwest (451944) | more than 8 years ago | (#14936672)

Can't speak for SSL, but SQL Server 2005 has AES, RC4 (128 bit) RSA, and Triple DES built in for it's internal encryption possibilities.

Yeah, AES went into core crypto, but not SSL. (2, Informative)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14936705)

Yeah, Microsoft finally added AES to its core crypto stuff back in 2003 (I think), but for some odd reason they didn't extend support into the areas that would have used it most: SSL for IIS and SSL for IE. (Dunno if Outlook Express would have used it...probably.)

Your question answers itself (0)

Anonymous Coward | more than 8 years ago | (#14936696)

but that doesn't help the millions of Windows XP users or Windows 2003 administrators out there

That's exactly why it's not there. It creates more incentive to upgrade to Vista. The fact that you are paying more money for features that you should already have is lost on M$ target audiences.

obligatory (5, Funny)

endrue (927487) | more than 8 years ago | (#14936054)

The 'Blue' part comes from the color of screens that Microsoft staffers see on campus.

Someone had to say it, folks!

- Andrew

Black Hats or...? (3, Interesting)

Roadkills-R-Us (122219) | more than 8 years ago | (#14936089)

And maybe they want to make sure when everyone thinks "$color hat" they *don't* think of "Red Hat".

MS plays that sort of game a lot.

Re:Black Hats or...? (1)

endrue (927487) | more than 8 years ago | (#14936155)

I think you may be right. They should try to stand apart though, maybe through a whole new article of clothing. "Blue Shoe" has a nice ring to it.

- Andrew

Hats went out in the 40's (1)

Thud457 (234763) | more than 8 years ago | (#14936276)

whaddya tryin' to do, cover a bald spot?!!!

Re:Black Hats or...? (2, Insightful)

drinkypoo (153816) | more than 8 years ago | (#14936303)

Makes sense, but using blue is utterly wrong from a marketing standpoint, for two reasons. First, a lot of us still remember IBM as the "Blue Suit" company. Blue is their color. Even their logo is still blue. Second, blue is the color of your screen when you run Windows [into the ground]. Well, unless you run XP. Then it just reboots without showing you the [useless] blue screen. I wouldn't be surprised if people started just calling Windows "Blue Hat Linux", sort of a pun indicating both the fact that Windows has been following Linux (or Unix in general) for some time now, and the blue screen thing.

Re:Black Hats or...? (1)

Chrispy1000000 the 2 (624021) | more than 8 years ago | (#14936572)

It's not hard to get a BSOD in Xp, you just have to be persistant.

Re:Black Hats or...? (0)

Anonymous Coward | more than 8 years ago | (#14936651)

All you have to do is disable the automatic rebooting. XP defaults to rebooting when it BSOD (which is something I generally disable, cause if my computer dies I wanna know why, and a BSOD error is better than /nothing/ at all, at least you know its not supposed to be 'normal' operation).

Re:Black Hats or...? (1)

nasch (598556) | more than 8 years ago | (#14936827)

Your computer reboots without being told to, and you're not sure if it's a normal operation?

Re:Black Hats or...? (0)

Anonymous Coward | more than 8 years ago | (#14936848)

Wrong!! IBM was a white shirt and Brown suit company in the day.

Re:obligatory (1)

pigs,3different1s (949056) | more than 8 years ago | (#14936135)

Wow, and I thought I was a cynic. Cynicism has a new king! Long live King endrue!!!

Re:obligatory (0, Flamebait)

EraserMouseMan (847479) | more than 8 years ago | (#14936198)

Yep, that along with the fact that every MS program, every employee, every line of code is infested with pure evil and 100% eaten up with lies and greed. So this group of "blue hats" are just undercover MS public-relations employees trying to make a believable report that attempts to brainwash everybody to think that MS really does care about security. Zealots are so entertaining!

With MS, Blue is secure! (0)

EmbeddedJanitor (597831) | more than 8 years ago | (#14936279)

BSOD is the special secure mode for a Windows computer.

blue hat findings? (0)

Anonymous Coward | more than 8 years ago | (#14936061)

"Well, we've learned that the hat is, in fact, blue."

Putting an Axe to Innovation (5, Funny)

Nuclear Elephant (700938) | more than 8 years ago | (#14936065)

I want the people responsible for those features in my office early next week

With quotes like that, it's no wonder Vista's long list of features has been dwindled down to a new Media Player and better video drivers.

Re:Putting an Axe to Innovation (1)

Anonymous Coward | more than 8 years ago | (#14936144)

>I want the people responsible for those features in my office early next week

With quotes like that, it's no wonder Vista's long list of features has been dwindled down to a new Media Player and better video drivers.


Ok, now Im confused. I thought the current /. theory about delays and feature cancellations in Vista was that the development team were to busy dodging chairs to get any coding done?

Confusion cleared up here. (5, Funny)

hey! (33014) | more than 8 years ago | (#14936298)

Ok, now Im confused. I thought the current /. theory about delays and feature cancellations in Vista was that the development team were to busy dodging chairs to get any coding done?

OK, it's time to have mercy on you guys who haven't figured it out.

There is no Microsoft.

It's all a MMOG/interactive fiction thing where geeks pretend to be code monkeys in service to the evil empire. C'mon, the Gates was a bit subtle, I admit; you could almost believe he existed. But Ballmer should have clued you in. No real board would hire a guy like that unless they were running a side show and needed a "Wild Man of Borneo".

The coolest part of the hack was when they started sending out boxes of their "product", complete with CDs and manuals (look closely -- a lot of it's just "ipsum lorem"). That was sheer brilliance. I picked one myself as a souveneir, I'm looking at the box up on my book shelf right now, it's very well done. Just the other I had to keep my elderly father-in-law, who was an engineer back in the day and no dummy, from "borrowing" my copy. Boy would he have been surprised.

Oh... God Gad.

You didn't actually install any of that shit, did you?

Re:Confusion cleared up here. (MOD PARENT UP) (1)

ZachPruckowski (918562) | more than 8 years ago | (#14936313)

That was the funniest thing I've read all week. Mad Props to you sir, and Mod this guy UP

Senior executive? (0)

Anonymous Coward | more than 8 years ago | (#14936174)

I want the people responsible for those features in my office early next week

No problem, he's already sitting there.

Re:Putting an Axe to Innovation (2, Insightful)

jandrese (485) | more than 8 years ago | (#14936258)

Frankly, I'd rather have only a new media player and better video drivers if it means not having yet more security holes in the base OS.

The message shouldn't be: Don't implement new features. It should be: Think about security when implmenting new features. Remember that attacks come from below your level of abstraction as well.

Re:Putting an Axe to Innovation (1)

Nuclear Elephant (700938) | more than 8 years ago | (#14936289)

Frankly, I'd rather have only a new media player and better video drivers if it means not having yet more security holes in the base OS.

Sounds like you want a mac!

Re:Putting an Axe to Innovation (3, Funny)

ArsenneLupin (766289) | more than 8 years ago | (#14936725)

With quotes like that, it's no wonder Vista's long list of features has been dwindled down to a new Media Player and better video drivers.

You mean, like video drivers that won't crash if you visit certain web sites [bluescreen.org.lu] ?

Re:Putting an Axe to Innovation (0)

Anonymous Coward | more than 8 years ago | (#14937000)

All kidding aside, I think this is a ridiculous thing for a high-ranking executive at Microsoft to say. The entire company has been arguably slipshod on security for years, and to publicize the fact that some subset of poor slobs who are currently running divisions that have been broken for years (probably since before they came along) are going to get called onto the carpet is silliness. You can't fix it overnight, and to pretend that hollering about it WILL fix it is childish. And exactly what I'd expect from professional executives (as opposed to tech professionals, I mean). Blech - how many seamy underbellies does this company have?

Pretty optimistic, isn't he? (3, Funny)

Weaselmancer (533834) | more than 8 years ago | (#14936109)

Server engineer Brad Sarsfield in a blog posting. 'Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week; I want to get to the bottom of this' was at least one measure of success from my point of view for the event.'

I'd be a little more worried if I was Brad. That feature your boss wants to know who's responsible for..what if it's 'Clippy'???

Re:Pretty optimistic, isn't he? (0)

Anonymous Coward | more than 8 years ago | (#14936140)

We already KNOW that, it's old news. "Clippy" and the rest of his undead cohorts came from Microsoft "BOB". And "BOB" was the "brainchild" *snort* of Mrs. Bill Gates.

Re:Pretty optimistic, isn't he? (1)

Amouth (879122) | more than 8 years ago | (#14936534)

i know that if i was the one that was responsible for Clippy i sure as hell wouldn't sign my name at the top of that code...

but it does make you wonder why the manager doesn't know whom is responsible for the code

Re:Pretty optimistic, isn't he? (1)

FireIron (838223) | more than 8 years ago | (#14936852)

I'd be a little more worried if I was Brad. That feature your boss wants to know who's responsible for..what if it's 'Clippy'???

Worse...Brad cops [technet.com] to being responsible for the component in SQL Server exploited by the Slammer worm. It's not clear if he actually wrote the buffer code vulnerable to overrun, or he just owns fixing it now.

Asshat reprimands Bluehat (-1, Flamebait)

fahrbot-bot (874524) | more than 8 years ago | (#14936133)

'Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week;

Ummm, that would be the senior executives.

Now, the people responsibile for implementing those features is another story. Ultimately, though, see previous paragraph (schmucks).

F/OSS Replies (1)

Quirk (36086) | more than 8 years ago | (#14936138)

"The 'Blue' part comes from the color of badges that Microsoft staffers wear on campus."

"Badges?"

"We don't need no stink'n badges!"

Re:F/OSS Replies (3, Funny)

gardyloo (512791) | more than 8 years ago | (#14936292)

"Badges?"

"We don't need no stink'n badges!"


      Badges, badges, badges, mushroom! mushroom! Snaaake!

Re:F/OSS Replies (0, Offtopic)

maelstrom (638) | more than 8 years ago | (#14936342)

You suck.

Nobody Expects (5, Funny)

gurutc (613652) | more than 8 years ago | (#14936146)

the Seattle Inquisition!!!

Re:Nobody Expects the Seattle Inquisition! (2, Funny)

WillAffleckUW (858324) | more than 8 years ago | (#14936291)

our chief weapons are:

Fear
Torturous OS
and a distinct desire for coffee, preferably espresso con lattee, although I'll settle for a mocha

Re:Nobody Expects the Seattle Inquisition! (0)

Anonymous Coward | more than 8 years ago | (#14936578)

Don't forget Kurt Cobain's ashes. :P

Re:Nobody Expects the Seattle Inquisition! (0)

Anonymous Coward | more than 8 years ago | (#14936818)

Need Moderator Points. Must mod parent +1 Funny.

Re:Nobody Expects the Seattle Inquisition! (1)

WillAffleckUW (858324) | more than 8 years ago | (#14936904)

either that or a good Tully's espresso maker ... (also Seattle, probably used by Blue Hatters)

Which is it? (3, Insightful)

$RANDOMLUSER (804576) | more than 8 years ago | (#14936156)

> Microsoft's site will not have the kind of controversial material that has popped up at Black Hat. "All researchers at the BlueHat are responsible," Kornbrust said.

Does that mean domesticated or tame?

Re:Which is it? (0)

Anonymous Coward | more than 8 years ago | (#14936688)

They've had their hacking genius neutered by M$

Red Hat vs. Blue Hat (5, Funny)

digitaldc (879047) | more than 8 years ago | (#14936168)

This is your last chance. After this, there is no turning back.
You put on the blue hat - the story ends, you wake up in your bed and believe whatever you want to believe.
You put on the red hat - you stay in Wonderland and I show you how deep the security-hole goes.

Re:Red Hat vs. Blue Hat (0)

Anonymous Coward | more than 8 years ago | (#14936248)

you are a god amongst men

Re:Red Hat vs. Blue Hat (0)

Anonymous Coward | more than 8 years ago | (#14936284)

The choice is obvious - take the tin foil hat!

Re:Red Hat vs. Blue Hat (0)

Anonymous Coward | more than 8 years ago | (#14936406)

Aight, let's take that further with a few more one-liners...

You know what Windows is? It's a virus...

No wonder they hate the Oracle.

You're saying I can prevent BSODs? No, Neo, I'm saying when you run Linux, you wouldn't have to.

Link would start with HTTP and Cypher will only speak in GnuPG

Press Any Key To Get Out of The Matrix

I see you're trying to break into the mainframe. Clippy is here to help!

I know Script Fu

The People Responsible (5, Funny)

gurutc (613652) | more than 8 years ago | (#14936186)

Now just how do they expect to get Steve Jobs in their office?

Re:The People Responsible (1, Insightful)

kpat154 (467898) | more than 8 years ago | (#14936437)

Perhaps you meant Merzouga Wilberts? People forget that Jobs just stole the idea from Xerox before Gates stole it from him.

Re:The People Responsible (4, Informative)

Drizzt Do'Urden (226671) | more than 8 years ago | (#14936474)

They bought it from Xerox, but they were unhappy with the terms of the contract seeing what Apple did with it.

This is why Apple won in court against Xerox. It is a urban legend that Apple stole it from Xerox.

Re:The People Responsible (4, Informative)

kpat154 (467898) | more than 8 years ago | (#14936562)

Well, not really. Apple gave Xerox stock in exchange for allowing the devs to see what was going on at Parc with the express understanding that Apple was attempting to create a UI. Xerox didn't expect Apple to completely rip off their work (which was stupid) and they later sued Apple for that fact. This is almost exactly what MS did to Apple.

Also, Apple didn't win in court. When Apple sued MS for theft Xerox sued Apple for the same thing. Once Apple lost the suit against MS they simply settled out of court w/ Xerox.

Re:The People Responsible (3, Insightful)

Drizzt Do'Urden (226671) | more than 8 years ago | (#14936623)

Well.. according to Wikipedia [wikipedia.org] , it is false to say that Apple stole it from Xerox, because it extended a lot from the work done at Parc.

Re:The People Responsible (1)

kpat154 (467898) | more than 8 years ago | (#14936719)

Sigh... I did not mean that they literally dawned black ski-masks, snuck into Xerox Parc at night, and stole the idea. My previous post should have clarified this for you.

ignoring the noise this is good... (2, Interesting)

Teunis (678244) | more than 8 years ago | (#14936352)

Large company actually paying attention to what it's seeing
yes we can all feel cynical based on many other similar stories.

but every now and again a company will surprise it and attempt to actually <i>solve</i> problems.
A lot of Microsoft's problems date from interesting "for the user" support features. This could be interesting to follow...

And The Big News Is.... (2, Interesting)

Stephen Samuel (106962) | more than 8 years ago | (#14936370)

Microsoft is happy to let us know the stuff that they're happy to let us know about the Blue Hat conference.
(can you tell I've just been watching Red Vs Blue [roosterteeth.com] ?

I do hope that nobody actually paid for this news.

"All researchers at the BlueHat are responsible,"
guh.

Re:And The Big News Is.... (1)

Thuktun (221615) | more than 8 years ago | (#14936902)

can you tell I've just been watching Red Vs Blue?

Hmm, Blue Hat...does that mean Microsoft is Caboose?

Blame to Go Around (4, Insightful)

vjmurphy (190266) | more than 8 years ago | (#14936373)

"Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week; I want to get to the bottom of this' was at least one measure of success from my point of view"

Ah, good to know the culture of blame is still a backbone of American industry. Likely that those senior executives are the ones that requested said features originally. But that's okay, I'm sure they'll find some scapegoats.

Re:Blame to Go Around (3, Informative)

JaredOfEuropa (526365) | more than 8 years ago | (#14936757)

"Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week; I want to get to the bottom of this' was at least one measure of success from my point of view"
"I want the people responsible for those features in my office early next week; I want to get to the bottom of this" is management-speak for "not it!".

Re:Blame to Go Around (0)

Anonymous Coward | more than 8 years ago | (#14936880)

I find it more telling that the executives didn't know about the lack of security!

Careful what you wish for (4, Funny)

955301 (209856) | more than 8 years ago | (#14936375)


"I want the people responsible for those features in my office early next week"

The features with security issues? Isn't he risking a fire hazard by doing this? I thought buildings had maximum occupancy ratings?

*ducks*

Corporate Goonspeak... (4, Insightful)

GeneralEmergency (240687) | more than 8 years ago | (#14936390)



Microsoft's site will not have the kind of controversial material that has popped up at Black Hat. "All researchers at the BlueHat are responsible," Kornbrust said.

Translation: All presenters know what side of their bread is buttered and by whom.

Let's celebrate our new openness by censoring ourselves!

Somebody kick me in the shin please. I must be asleep and dreaming that I'm stuck on that Moron Planet again.

Re:Corporate Goonspeak... (1)

PitaBred (632671) | more than 8 years ago | (#14936612)

I'll kick ya in the shin, but I don't think this is a dream :(

What Blue Hat Means... (5, Funny)

benjamin_pont (839499) | more than 8 years ago | (#14936434)

The Blue Hat name is a play on the Black Hat conferences, which have occasionally been criticized by IT vendors. The 'Blue' part comes from the color of badges that Microsoft staffers wear on campus.

Actually the Blue Hats are a symbolic salute to their employer's greatest technical accomplishment: The Blue Screen of Death

Blog link (0)

Anonymous Coward | more than 8 years ago | (#14936459)

The blog talked about in the article is here: http://blogs.technet.com/bluehat [technet.com]

Poor executives. (2, Insightful)

miffo.swe (547642) | more than 8 years ago | (#14936507)

I find it perticulary funny that executives want to smack the ones resonsible for random features. From what i have read and understand the executives is the ones who constantly have demanded more features and not security.

Im sure the staff at Redmond is eagerly awaiting the executives bitchslapping eachother and themselves to the next monday. Im sure most of the marketing department will call in sick.

Re:Poor executives. (4, Insightful)

AutopsyReport (856852) | more than 8 years ago | (#14936752)

I find it perticulary funny that executives want to smack the ones resonsible for random features.

Oh it's very typical for management to put the heat on individuals, but problems like this come about because of an extremely poor process. While one may argue that an individual has a responsibility to follow standards, it is also management's responsibility to ensure everyone else does, too.

So when something like this leaks, you can blame management, not the programmer. He made the mistake, but the even larger mistake is that the process didn't catch it. There will be no success when the course of action is for an executive to call out a programmer, but it is strongly indicative that these problems will be repeated.

In the Office..For Target Practice (2, Funny)

k1980pc (942645) | more than 8 years ago | (#14936518)

'I want the people responsible for those features in my office early next week'

Somebody is going to practice throwing chairs during the weekend..and many others are gonna practice ducking them...

Reminds me of a story... (2, Interesting)

gregarican (694358) | more than 8 years ago | (#14936708)

'I want the people responsible for those features in my office early next week'

I recall maybe 8-9 years ago at my large former employer. There were some screw-ups going on coming from an IT subdepartment at corporate headquarters. After trying in vain to work around things on my end I finally picked up the phone and called up the person in charge. Before I could launch into my tirade the person said, "I'm in charge, but I'm not responsible." Reminds me of what will happen Monday morning amidst the chair-littered corridors of Redmond. Lots of finger pointing and ducking...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?