Re: Microsoft ask users to crack win2000 site

[jose () BIOCSERVER CWRU EDU (j nazario)]

[ executive summary: Microsoft are asking you to crack their
  machine running on win2k and iis. ]

The LinuxPPC folks have set up a similar site as a response. 
It's located at http://crack.linuxppc.org/ . Similar rules, 
ie DoS attacks are discouraged (and uninteresting), and they 
want a better looking web page. Looking this morning they've 
turned off portmap, enabled telnet and web access and even 
posted an nmap scan (to save you the trouble). Between 
telnet and Apache access, it should be possible. LinuxPPC R5 
is based on RedHat 6.0's model, yet is more secure out of 
the box.

I post this because of the recent discussion of diversity of 
systems being an avenue to security. The PowerPC processor 
is not nearly a widespread as Intel's x86 family is, and 
hence it has not been nearly as abused in things like buffer 
overflow exploits. Furthermore, OpenFirmware, which is 
deployed on most LinuxPPC systems, presents an interesting 
set of challenges and exploits. Linux on the PPC is, 
according to some reports I have read, the second most 
widely deployed Linux platform.

Lastly, it serves to highlight the marketing hype that the 
Win2k/IIS challenge is. 

Jose Nazario                jose () biocserver cwru edu