Expert shows how to hack Microsoft system (.net)

[Adul]

damn make you wonder why they even bother with .net

http://news.com.com/2100-1001-955442.html?tag=fd_top

STOCKHOLM--Software security widely used for Internet banking and e-commerce can be easily circumvented, and customer accounts at several of Sweden's largest banks remain at risk as a result, a computer expert said Monday.

The Swedish hacking expert, who is well known in computer security circles, but asked not to be identified, demonstrated to Reuters how it was possible within minutes to break through security on Web server software from Microsoft.

The expert showed how to crack the security systems for Internet banking, breaking into three of Sweden's big four banks in quick succession. He was then able to show how to conceal his tracks, making detection difficult afterward.

 

[Descartes]

Ummm....

A) This is *not* new news. These flaws have existed in *many* implementations of SSL, including OpenSSL for quite some time.
B) This has abolutely *nothing* to do with .NET.

Yes, I understand such a vulnerability would leave any .NET implementations potentially vulnerable, but it would with any other platform as well.

Thanks, drive through

 

[Descartes]

Microsoft even provided a tool, MBSA, that helps identify such vulnerabilities. Honestly, what more could they possibly do? They hold security workshops, they have countless code samples identifying every damn potential vulnerability that may exist in code, and they provide scanning tools for every known vulnerability.

 

[Lucky]

Honestly, what more could they possibly do?

Umm...admit that the hack was possible?

Microsoft in Sweden denied that SSL could be breached in the way shown to Reuters. "I can't even see the theoretical possibility for it to happen", said Mats Lindkvist, responsible for security at Microsoft in Sweden.

 

[Ameesh]

this is not a MS flaw, this is a well known flaw concernig certificate chains and if anything is an rfc flaw ontop of of its poor use of stupid administrators who have no business manage such complex things such as cert stores. anybodys cert implementation which is rfc compliant is vurnarable. including linux and and flavors of unix. (and this has absolutely nothing to do with .NET) FUD somewhere else.

 

[yakko]

A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live.

 

[Ameesh]

Originally posted by: yakko
A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live.

i think they are too busy ignoring the vurlnerabilities in loonix

 

[Bluga]

Originally posted by: yakko
A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live.

why should they bother? They don't get paid by M$.

 

[Ameesh]

Originally posted by: Bluga

Originally posted by: yakko
A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live.

why should they bother? They don't get paid by M$.

its all about the bling bling

 

[yakko]

Originally posted by: Bluga

Originally posted by: yakko
A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live.

why should they bother? They don't get paid by M$.

Then why do they bother doing it after the product is in general release?

 

[Farfrael]

A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live

....hum.....do you actually MEAN what you said ?
i thought that you knew that Microsoft does NOT allow outsiders to put their "dirty" hands on their products (i am not even talking about SEEING the source code of its products) during their development phase.

How are they suppose to "beta test" them ?

And PLZ, don't tell me that THEY should ask Microsoft to be admitted in this testing phase. If Microsof does not use these people it is Microsoft's fault.

 

[rh71]

Pssst. Websphere... IBM Websphere

 

[Rainsford]

What a moronic article. First they title it "...Microsoft Flaw". Then they admit that a large share of the blame should fall on stupid network admins, then they say it's a flaw in the SSL standard. So...which is it?

 

[Ameesh]

Originally posted by: Rainsford
What a moronic article. First they title it "...Microsoft Flaw". Then they admit that a large share of the blame should fall on stupid network admins, then they say it's a flaw in the SSL standard. So...which is it?

its actually a flaw in the way certs are handled in general the issue will go with any technology that uses them.

 

[Descartes]

i thought that you knew that Microsoft does NOT allow outsiders to put their "dirty" hands on their products (i am not even talking about SEEING the source code of its products) during their development phase.

Umm, you're kidding, right? They even have a domain, betaplace.com. I've personally been on the beta for many of their development products, many of which I'm not even allowed to discuss per their agreements. I think you need to get your facts straight before you "spout off".

 

[yakko]

Originally posted by: Farfrael
A little off topic here but I wonder if all the people who spend hours trying to find vulnerabilities in Microsoft's products ever bother to beta test to help improve the software before it goes live

....hum.....do you actually MEAN what you said ?
i thought that you knew that Microsoft does NOT allow outsiders to put their "dirty" hands on their products (i am not even talking about SEEING the source code of its products) during their development phase.

How are they suppose to "beta test" them ?

And PLZ, don't tell me that THEY should ask Microsoft to be admitted in this testing phase. If Microsof does not use these people it is Microsoft's fault.

hahahahahahahahahahahaha

Not only did I get Windows XP RC1, I had Windows Whistler beta 1, Windows 98 final beta, NT 5.0 beta 1(it came in the beta pack with 98 and like 4 other programs) and if I actually signed up for the beta program I could get more. Learn something about what you are arguing about before you argue. You don't look as silly that way.

 

[gopunk]

well, looks like there's not much for me to add.... except