Re: Microsoft ask users to crack win2000 site

[dps () IO STARGATE CO UK (Duncan Simpson)]

Since nobody has pointed it out yet it has been said by various people, at
least one of them in print, (including Spafford, I think) that these
challenges are unlikely to attract the real experts, who can charge large
consulting fees. It simply makes no sense for these people to give their
services for no charge by attacking such machines.

Suppose a criminal uses the testing period to find a really devsating bug. Do
you think they tell the people running the machine about it or do they instead
use it for extortion, theft or other evil purposes later? Further some of the
most devasting exploits really require a test machine you have root, or
equivilent access, to find the information needed and develop the code. Until
windows 2000 is released such machines seem unlikely to be avialable. (The
lack of development machines does not apply to Linux PPC of course).

I would add that if any such machine is broken into then it is an ideal place
for attacking the rest of the internet. Having said that it might make the
machines more resistant against the script kiddies, which is a good thing.

--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."