[ISN] Hackers accidentally give Microsoft their code

From: InfoSec News <alerts_at_private>
Date: Thu, 26 Aug 2010 01:21:41 -0500 (CDT)
http://www.zdnet.com.au/hackers-accidentally-give-microsoft-their-code-339305548.htm

By Josh Taylor
ZDNet.com.au 
August 26th, 2010 

When hackers crash their systems while developing viruses, the code is 
often sent directly to Microsoft, according to one of its senior 
security architects, Rocky Heckman.

When the hacker's system crashes in Windows, as with all typical Windows 
crashes, Heckman said the user would be prompted to send the error 
details -- including the malicious code -- to Microsoft. The funny thing 
is that many say yes, according to Heckman.

"People have sent us their virus code when they're trying to develop 
their virus and they keep crashing their systems," Heckman said. "It's 
amazing how much stuff we get."

At a Microsoft Tech.Ed 2010 conference session on hacking today, Heckman 
detailed to the delegates the top five hacking methods and the best 
methods for developers to avoid falling victim to them. Heckman 
explained how to create malicious code that could be used in cross-site 
scripting or SQL injection attacks and, although he said it "wasn't 
anything you couldn't pick up on the internet", he suggested delegates 
use the code responsibly to aid in their protection efforts.

According to Heckman, based on the number of attacks on Microsoft's 
website, the company was only too familiar with what types of attacks 
were most popular.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Wed Aug 25 2010 - 23:21:41 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 25 2010 - 23:37:40 PDT