Breaking News: Qld govt IT to be raked by audit

ZDNet / Microsoft / Story

Hackers accidentally give Microsoft their code

By on August 26th, 2010 
Submit

When hackers crash their systems while developing viruses, the code is often sent directly to Microsoft, according to one of its senior security architects, Rocky Heckman.

When the hacker's system crashes in Windows, as with all typical Windows crashes, Heckman said the user would be prompted to send the error details — including the malicious code — to Microsoft. The funny thing is that many say yes, according to Heckman.

"People have sent us their virus code when they're trying to develop their virus and they keep crashing their systems," Heckman said. "It's amazing how much stuff we get."

At a Microsoft Tech.Ed 2010 conference session on hacking today, Heckman detailed to the delegates the top five hacking methods and the best methods for developers to avoid falling victim to them. Heckman explained how to create malicious code that could be used in cross-site scripting or SQL injection attacks and, although he said it "wasn't anything you couldn't pick up on the internet", he suggested delegates use the code responsibly to aid in their protection efforts.

According to Heckman, based on the number of attacks on Microsoft's website, the company was only too familiar with what types of attacks were most popular.

"The first thing [script kiddies] do is fire off all these attacks at Microsoft.com," he said. "On average we get attacked between 7000 and 9000 times per second at Microsoft.com," said the senior security architect.

"I think overall we've done pretty good, even when MafiaBoy took down half the internet, you know, Amazon and eBay and that, we didn't go down, we were still up."

Heckman said there were two reasons why the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years.

"One, it tells me that the bad guys go with what they know, and two, it says the developers aren't listening," he said.

Heckman said that developers should consider all data input by a user as harmful until proven otherwise.

Josh Taylor travelled to Tech.Ed as a guest of Microsoft.

Talkback

Some of the hackers code gets through.
Most of them, because they're hackers, would already know if the system crashes it sends the code out. So they perform testing on a non-production machine that is not connected to the internet.
They are hackers at the end of the day right?

YudiSYudiS August 27th, 2010
Report offensive content Reply (+13) (-11)

"would already know if the system crashes it sends the code out."

Er no, if your computer crashes you get a blue screen while usually the OS manages to dump relevant sections of memory into a file. The code is not "automatically" sent out. When you reboot you get a dialog box saying "Report this problem" or "Cancel". If you click "Report this problem", only THEN the memory dump is sent.

Eddie2010Eddie2010 August 27th, 2010
Report offensive content Reply (+16) (-10)

Hey! Its Microsoft's misconception that hackers clicks the send button, huh! We, hackers always debug our viruses, worms and trojans on a secure machine, disconnected, Stackfrusting (Stackfrustrators is a new technique in virus debugging), and more....

hackersofhackershackersofhackers August 31st, 2010
Report offensive content Reply (0) (-8)

As long as you're discussing the latest and greatest virus debugging techniques, perhaps you'd be interested in telling us more about how they work--details are welcome.

bet7139bet7139 August 31st, 2010
Report offensive content Reply (+4) (0)

I think microsoft is getting cocky on what they think they are getting - why would some one develop a system breaker on a machine thats connected to the internet where all sorts of 'big brother' backdoors are looking in?

amckernamckern August 27th, 2010
Report offensive content Reply (+12) (-4)

Because the majority of hackers, like the majority of criminals in general, are not particularly smart. That's not to say there's not smart hackers/criminals out there, it's just they're in the minority I would say.

Dean HardingDean Harding August 27th, 2010
Report offensive content Reply (+22) (-5)

I agree--but not completely. IMHO, I think it's less a matter of intelligence and more a matter of laziness due to the proliferation of code generators and visual programming GUIs. Why should they write 500 lines of code when they can simply click-drag-drop and set some properties in a dialog box? Nevertheless, I do think that while there are certainly a good number of brilliant techo-deviants in the world, there are those who are, shall we say, not the most clever line of code in the app... ;-)

bet7139bet7139 August 28th, 2010
Report offensive content Reply (+7) (0)

and that;s assuming they have internet connection.

fortedevfortedev August 27th, 2010
Report offensive content Reply (0) (-6)

The journalistic category of 'hacker' has always tended to bundle together activities and intentions that diverge wildly.

A great many 'script kiddies' are playing with tools they don't understand on systems they operate with very little real understanding. The tools they play with are not to be discounted - many of the most potent wild code outbreaks have been the result of unintended consequences, but nevertheless very effective and efficient at spreading.

the co-opting of 'hacker' by a journalist waay back when, because it sounded 'good', has stuck. Not the least because of the enthusiasm for the topic in the late 80s and early 90s. Being unable to adequately differentiate serious intentional behaviours from unintentional, or even unaware playing, significantly diminishes out ability to discuss the spectrum of activities, and their consequences, in meaningful ways.

[Even 'black hat' and 'white hat' are inadequate to distinguish activities and intentions here - hence the rise of the equally vague 'grey hat' as a term.]

maelorinmaelorin August 27th, 2010
Report offensive content Reply (+9) (0)

Though they *may* be hackers, in this instance the correct term is "cracker".

Nobody32128Nobody32128 August 28th, 2010
Report offensive content Reply (+7) (-2)

I can't help but agree that much of what gets provided to Microsoft's servers are the result of inexperienced individuals. I've been in the IT field as a network admin/engineer, and software engineer for over 20 years and I've seen a lot of interesting technological changes over time. However, the one thing that has remained static is that there's always someone who's willing, ready, and quite able to test your network or application security, hoping that you left a hole somewhere, or if not, that they can make one. As a result, I've seen attacks and probes that range from the very simplistic to the ultra-sophisticated--in fact, some were so good that I was tempted to let them go through, because their technique was so novel and clever (no, duty always won over curiosity and I shut their @$$'s down). But the bottom line is that it's not the millions of attacks you detect and/or stop that matter--it's the one you didn't...

bet7139bet7139 August 28th, 2010
Report offensive content Reply (+6) (0)

Who is to say that the intent was not to have to code sent off to M$... Obviously, you can assume that for 99.9% of these reports it is because the people are sloppy.... But .01% of the time the upload might not be what you think, a sloppy hacker exposing his sourcecode.... What if the error dump was an attack in itself... That would be a slick hacker, no??

ytrewq321ytrewq321 August 28th, 2010
Report offensive content Reply (+2) (-2)

Seems like it was Sun Tzu in his Art of War who said to always expect the unexpected (but maybe it wasn't) and this would certainly fall into that category. Actually, such an attack would probably be more appropriately categorized as a Trojan Horse attack. In any event, I do think it's highly likely that MS's security team could be getting just a bit over-confident. However, the flip side of this scenario is that MS is trying a bit of psych warfare because it doesn't make sense to me that they would, in essence, tell the world's malicious coders, "Oh, BTW, stop sending us your code in a crash dump file..." if that very data is what they use to help defend against it. So, either MS has something up their sleeve and this is bait, or they've been very, very, stupid--both of which are, IMHO, equally likely.

bet7139bet7139 August 28th, 2010
Report offensive content Reply (+1) (0)

Next time we will see MS sending out a patch that stops malformed dump files that could cause a hacker to gain system access...

amckernamckern August 28th, 2010
Report offensive content Reply (+1) (0)

Anyone who is XSS attacked or SQL injected deserves it. It's been around for ages, and only willful ignorance or laziness are the reasons it will happen to you.

Charles StoverCharles Stover August 28th, 2010
Report offensive content Reply (+3) (-3)

xss lol alert("who's bad?");

asdasdasdqqqqqqqasdasdasdqqqqqqq August 30th, 2010
Report offensive content Reply (0) (-1)

Excuse the obvious question, but how does M$ know that these are hackers, and not victims of malicous code themselves? Granted, the malicous code may certainly indicate that it is intended for 'hacking', but how do they know that the machine they recieved it from is the original hacker? Perhaps its an unsuspecting 3rd party, infected, providing the 'hack by proxy'. I mean, even dumb hackers know better than to waste time sending code dumps to M$. I never send my errors, even when its an M$ application causing them. If you deal with sensitive data, or care about your own privacy, you would never send code dumps to anyone. I would bet that only the most naive user, would actually send it, foolishly thinking that M$ would actually do anything about it. Remember M$ created the ability to do these kinds of hacks in the first place, they were never a part of the original (non-M$) HTML spec. Transparent empty gloating, now that sounds more like M$.

chash360chash360 August 28th, 2010
Report offensive content Reply (+2) (-1)

True network security is accomplished through DOD Internet rule #1 (when it was their network) Never ever execute arbitrary code from a remote source. All these scripts, ActiveX, and Java applets, etc. are what....arbitrary executable code coming over the wire. Who created this mess? Those who realized that code has no moving parts, and if correct, would never wear out, which is bad for a business that needs to make money on upgrades, and the latest a greatest version of regurgitated code. Turn your automatic updates off, turn off scripting and ActiveX, and any other plugin thing in your browser and use only pure 1.1 compliant HTML and your surfing will be secure (and faster as well). Granted lots of websites no longer support such simplified browsing, but maybe then they will learn how much it really costs to keep up with the M$ Jones.

chash360chash360 August 28th, 2010
Report offensive content Reply (0) (-4)

Hmmm... Ok, let's all move back to the dark ages of the Internet. Or, maybe we could accept that the cyber world, just like the real world in which most of us live, is full of threats and dangers (and good things, too) of which we must constantly remain aware and proactively guard against. Sure, there are safeguards and "common sense" things we can and should do to protect ourselves and our data, but living in a windowless castle surrounded with an archaic moat stocked with hungry alligators is not the answer--that's akin to trying to flourish in today's digital age without a cell phone because someone "might" overhear your conversation or intercept your text message. But I don't hear anyone suggesting we turn off the cells or stop sending texts...

bet7139bet7139 August 31st, 2010
Report offensive content Reply (+7) (0)

Dark Ages..? There is very little going on, on the www even today that can not be done with simple, straight forward HTML (of those Dark Ages). I have websites that I have written, that are several years old, still work and have never had issues with them being hacked, or infecting others, because they are straight HTML. Anything that is too complex, too dynamic, or too interactive for that, should be ported to an external application that utilizes a different port (not http or https). Thus that application can be quarrentined and tested to be secure. When you automatically download and execute some ActiveX control, or plugin, you have no control over that code, nor can you isolate it, as it typically runs in your browser's space, it may not even be the same code from one download to the next. I may be dating myself here but I remember the internet before the www, it was quite secure, because very few applications, at the time, would sit listening on a port waiting to execute whatever came over the line. Take a look now, at how many applications do this, each one is a potential hole into your system. HTML was safe when it's only function was to display information on your screen, NOT interact with your system. If a car manufacturer could make a car that never wore out, they would quickly bury all knowledge of it. Well software is this way, it has no moving parts, it never wears out. To make a system that can properly cope with, or mitigate malicous code, or provide a totally secure computing environment, is against the self interest of a software company that relies on profit. That is why they deviate from established standards, create their own proprietary protocols, etc. The Open Source efforts out there are the only viable long term option, they adhere to standards, and are not looking to make money off every peice of code they write. They do not feel the pressure of release deadlines, quarterly revenues, etc. Once it is written correctly, you need only add new functionality, not regurgitate code. I have used every ASCII capable OS from the last 2 decades, and %99.9 of all security holes are found in comercially developed software, not Open Source. Even holes that occur on Open Source systems are usually the result of some commercial plugin, app, or service.

chash360chash360 August 31st, 2010
Report offensive content Reply (+3) (-1)

1) When someone gives you a head start you _should_ win.
2) If you do win; don't fill people in on the head start.
3) If the head start & even the win won't give you sustained glory, don't bother bragging.

... and those are just a few of the things Microsoft still doesn't get.

But don't count out the possibility that some day they'll learn how to build an OS that can cope with malicious code adequately.

paulgpettypaulgpetty August 28th, 2010
Report offensive content Reply (+1) (0)

The Windows system copes efficiently against malicious code in comparison to other systems. It's just more attacked than other systems.

DSlinkDSlink August 29th, 2010
Report offensive content Reply (+3) (-2)

Hmmm... seems like we may need to define the terms "copes" and "efficiently" ... Some people efficiently cope with stress by swallowing a bullet, or drowing their sorrows in alcohol--both are efficient coping strategies; however, neither is exactly what would be called "a good thing" and both are not exactly healthy.

Personally, I think you both have valid points, just from different perspectives and I think it would be interesting to know exactly what each of you have in mind (e.g. Paul, how would you describe a MS OS that coped w/malicious code "adequately" and DSlink, how do you think Windows copes efficiently?

bet7139bet7139 August 31st, 2010
Report offensive content Reply (+5) (0)

Some kids forgot to turn off the automatic error sending...

UnwiredUnwired August 28th, 2010
Report offensive content Reply (+1) (0)

They must be some badass hackers.

asdasdasdqqqqqqqasdasdasdqqqqqqq August 30th, 2010
Report offensive content Reply (0) (0)

bet7139 had it pretty right when they said "But the bottom line is that it's not the millions of attacks you detect and/or stop that matter--it's the one you didn't..."

Of course MS are a major hack target. They made themselves big by commercialising their software and OS... and then called themselves untouchable. That's the equivalent of painting a giant target on yourself. And, although the bullseye has gotten smaller (ie fewer holes and better code handling), it is still the same size target. Hackers just have to improve their aim a bit.

I do agree that it is not always hackers themselves that are detected by Microsoft. Certainly, some of the sloppier (but not necessarily unintelligent) hackers and script kiddies... maybe. But for the most part, it could be the average user that is unwillingly (through the various forms of malware that is out there) sending this bombardment of code. But the more intelligent hacker could also be using that scenario as a distraction for their own means. Utilise a botnet as an assault on MS servers , and then perform their own attack >there

techkidtechkid December 7th, 2010
Report offensive content Reply (0) (0)

I'm looking in behalf of man who designe me a carry out logo after my site. If you are interested interest contant me.
Bye
Entertainment world

FelmbyclelaFelmbyclela January 12th, 2011
Report offensive content Reply (0) (0)
Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

Tech Blueprint

IT Priorities Special Report: Security

Emerging Technologies, and the New IT Security Landscape

IDC White Paper on Consumerisation Security

Get expert advice for developing or improving your BYOD security strategy.
Read white paper >

Mobile Trends and Perceptions

Survey by Decisive Analytics exposes the good and bad realities of BYOD.
Read analyst report >

ZDNet Australia Live

Oh please dont be unkind, I gotta have some fan's. btw I agree I dont set the standard, but who does I wonder?

2 minutes ago by Doubt on NBN users opt for 100Mbps

You agree but give him thumbs down... I think you'd better take the medication before one of your alter ego's Fred/Frank/Frergers appear...

7 minutes ago by Beta on NBN users opt for 100Mbps

Exploring: http://t.co/rT7RPZLA

+1

10 minutes ago by Beta on NBN users opt for 100Mbps

War talk dominates #AusCERT 2012 - http://t.co/SlBpMj0c - #security #cyber

So we agree it was a stupid idea and even stupider comment then ;-)

13 minutes ago by Beta on NBN users opt for 100Mbps

Not you obviously ;-)

And stop giving yourself thumbs up FFS.

15 minutes ago by Beta on NBN users opt for 100Mbps

Ok Beta, understand now, just one point who sets the standard?

20 minutes ago by Doubt on NBN users opt for 100Mbps

Oh no Beta you misunderstand me. I like my waterfront home and deep water jetty, it's those "other" people who can move to Willunga.

21 minutes ago by Doubt on NBN users opt for 100Mbps

I agree with you Magnus, but really most people like living on the coastal fringe.

25 minutes ago by Doubt on NBN users opt for 100Mbps

Travel Tech Q&A: Skyscanner's Ewan Gray http://t.co/vYexrDwu #ipad

Exploring: http://t.co/YNVjdrct

Exploring: Travel Tech Q and A: Skyscanner's Ewan Gray: Ewan Gray, Skyscanner's director for Asia ... http://t.co/bNLCyobv #ICTChallenge

Exploring: Travel Tech Q and A: Skyscanner's Ewan Gray: Ewan Gray, Skyscanner's director for Asia ... http://t.co/HEPuJgyt #ICTChallenge

#NewSouthWales ditches registration stickers 4 light #vehicles in favour of #technology http://t.co/xX5N0Rp9

Another use is city based top surgeons using 8K resolution monitors to provide real-time assistance to country surgeons and doctors to op...

55 minutes ago by Magnus on NBN users opt for 100Mbps

In terms of capacity, fibre is basically future proof. Never mind 100Mbps or even 1Gbps. Computer scientists have already achieved 100 gi...

1 hour ago by Magnus on NBN users opt for 100Mbps

What I like about Mike Quigley is that he is making it happen, despite all the bull**t barriers being put in front of him by Coalition po...

1 hour ago by Magnus on NBN users opt for 100Mbps

Anonymous hacks Reliance's Internet filtering server - ZDNet (blog) http://t.co/uObU1HBP http://t.co/0UBXxwX4

Which Windows will make for a better tablet? http://t.co/4mAHg850

Gonna be crowded when TA switches of the inter webby thingy and everyone moves there, just as you suggested though.

2 hours ago by Beta on NBN users opt for 100Mbps

Yes "without secure internet identification methods" I cannot see a future for online voting be it a referendum or selecting a Gov (at ...

3 hours ago by Taskmanager on A farewell to democracy: Kaspersky

Oh of course you would would want something in return. hmmm I see, well maybe my best wishes for and your family. btw, Western Union is ...

3 hours ago by Doubt on NBN users opt for 100Mbps

Well Willunga looks like a nice place to live, close to wine growing areas, a golf club. Houses are probably reasonably priced. Very nice...

3 hours ago by Doubt on NBN users opt for 100Mbps

Listening to @stilgherrian cover AusCERT and cyberwar, http://t.co/6lGUEz8H

http://edfarmaciaes.com/#0500 generico viagra barcelona EdFarmaciaEs sildenafil y sulfatos

3 hours ago by buy priligy cheap on Top alternatives to Microsoft Outlook

Travel Tech Q and A: Skyscanner's Ewan Gray http://t.co/VN5tGJzC

#Westpac Board goes paperless with #Ipads with #Tabula #App http://t.co/duxuj2fd #Cybersecurity #Bank

Microsoft is serious about open source??? http://t.co/mqQGgta7

If I give you money what do I get in return? Do you know how commerce works or are you just a filthy poor that wants my monies for nothin...

4 hours ago by Hubert Cumberdale on NBN users opt for 100Mbps

@joedamato just try varying caps randomly. Maybe they do this http://t.co/1FN5FwYv

NSW outlines datacentre migration plans - Hardware - News - ZDNet Australia http://t.co/OQfUl0D1

MikeSkoey - thanks for your comments. Rather than hang my head in shame, I am proud of my achievements, particularly of being able to ru...

4 hours ago by Paul_Berryman on 30 servers to 7: BUPA redoes virtualisation

The Liberals have no idea what to do and would just go back to the "do nothing" policy we had under Howard, Alston and Coonan.

4 hours ago by Magnus on NBN cost-benefit analyses are so 2011

"Why is that if someone who expresses a view different from the sheep, are immediately bandied a troll?" Nope. I prefer to call you some...

4 hours ago by Hubert Cumberdale on NBN users opt for 100Mbps

"on the new fast Internets everyone wants the fast plan" #orly #nareally #yarly http://t.co/kvfCa84A

Chrome overtakes IE: does it matter? http://t.co/e4SILk8a

A ZDNet study showed that British Facebook users are drunk in 76 percent of their photos.

The HDMI cable ripoff and why retail is really dying http://t.co/eFT7zEW7

Travel Tech Q and A: Skyscanner's Ewan Gray http://t.co/IUysbyKf

Travel Tech Q and A: Skyscanner's Ewan Gray http://t.co/V7vL5QB9

ZDNet reports Microsoft launches its own social service http://t.co/VJS5BkwF

by http://t.co/vmlLt4bh: Travel Tech Q and A: Skyscanner's Ewan Gray: Ewan Gray, Skyscanner's director for Asia P... http://t.co/4bfDRXo4

Travel Tech Q and A: Skyscanner's Ewan Gray http://t.co/CtNlVWN7

Travel Tech Q and A: Skyscanner's Ewan Gray: Ewan Gray, Skyscanner's director for Asia Pacific, shares some of h... http://t.co/ZxjpmqiM

Microsoft is serious about open source: 10 proof points http://t.co/iv2ji74q

Accelerator targets 'clean-tech' start-ups http://t.co/p9VPCzCa

RT @vexnews: NBN users opt for highest speed plan http://t.co/8eUvvVvQ

OutsourcingLive: #Outsourcing is still on the rise http://t.co/5U6R431A ^NK http://t.co/B8HtVvAD

In Facebook IPO fiasco the 'smart money' got burnt - ZDNet (blog): TIMEIn Facebook IPO fiasco the 'smart money' ... http://t.co/3iD1g6lG

But will we actually get 100mps Internet speeds often overstated RT@vexnews: NBN users opt for highest speed plan http://t.co/1uTiHXrd

RT @JamesVickery: NBN users opt for 100Mbps http://t.co/atP8fi1L

more cloud TV recording services tumble in wake of court victory for copyright monopolies - http://t.co/FEWm6Z7Y

Mike Quigley | Only 3500 NBN customers with active fibre services to date http://t.co/6eB525Ur via #auspol NBN very expensive failure

NBN users opt for highest speed plan http://t.co/8eUvvVvQ

This story has been voted 12000 times in the last 24 hours!

2 days ago, Is Bill Gates a great leader?

This story has been voted 10 times in the last 24 hours!

3 days ago, CeBIT 2012 opens: photos

This story has been voted 15 times in the last 24 hours!

3 days ago, Lenovo ThinkPad 3G tablet (32GB)

Facebook Activity

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

AlertAlertsSubscribe now

ZDNet Events Calendar

ZDNet Events Calendar

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Sponsored resources