Re: [ISN] Microsoft to offer bounty on hackers

From: InfoSec News (isn@private)
Date: Thu Nov 06 2003 - 01:21:28 PST

  • Next message: InfoSec News: "[ISN] Employers want security certifications"

    Forwarded from: Times Enemy <times@private>
    
    Greetings.
    
    With a bankroll like Microsoft's, one could be inclined to think they
    would have the best PR teams up front.  It is perhaps unfortunate
    however, that they do have such good PR people.  $5,000,000 (US) is
    less than pocket-lint for a multi-billion dollar corporation such as
    Microsoft.  Interestingly however, it may be enough to buy a little
    more of the public's naive faith.
    
    I am curious, if a network administrator puts in a few extra hours,
    and finds the $250,000 log entries, or such, would that admin's
    company have a legal claim to the bounty?  Do you remember reading
    anything about bounty appropriations in the piles of paper presented
    to you to sign at hire?  Or, perhaps some thirteen year old sappling
    will tug at Bill's wallet, making a beautiful text book story to be
    read by the Public Relations people of tomorrow.
    
    Either way, God save us if Bill were to ever team up with the likes of
    Arizona's Sheriff Joe Arpaio.
    
    
    ciao
    .times enemy
    
    
    > Forwarded from: William Knowles <wk@private>
    >
    > http://news.com.com/2100-7355_3-5102110.html
    >
    > By Robert Lemos
    > Staff Writer, CNET News.com
    > November 4, 2003
    >
    > Microsoft will announce on Wednesday that it will offer two $250,000
    > bounties for information that leads to the arrest of the people who
    > released the MSBlast worm and the SoBig virus, CNET News.com has
    > learned.
    >
    > The two programs attacked computers that run Microsoft's Windows
    > operating system, causing havoc among companies and home users in
    > August and September. The reward, confirmed by sources in both the
    > security industry and in law enforcement, will be announced in a
    > joint
    >  press conference with the FBI, the U.S. Secret Service and Interpol
    > that's scheduled for 10 a.m. EST Wednesday.
    >
    > The rewards are the first time a company has offered money for
    > information about the identity of the cybercriminals.
    >
    > "It's a new approach," said Chris Wysopal, a security researcher
    > from digital security company @stake, who hadn't known about the
    > bounties and was skeptical that they would work. "I don't think
    > anyone has done
    >  this before."
    >
    > Microsoft declined to comment until Wednesday.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 06 2003 - 04:17:10 PST