digg

Facebook Connect Join Digg About

Microsoft Uses LSD to Test Vista

eweek.com LSD, the group of four Polish hackers that discovered the vulnerability later used by the Blaster worm, is now on Microsoft's payroll. LSD members are part of an "internal team of hackers" conducting simulated attacks against Windows Vista.

Who dugg this? Made popular Aug 15, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

77 Comments

show profanity settings
expand all
  • EasY_TargeT, on 10/12/2007, -1/+143Dam when I first read the title definatly was not thinking about the hacker group.
  • Brettb, on 10/12/2007, -5/+40yeah no ***** man, i was thinking more over like psychedelic vista 60's style :P
  • Snowdaddy, on 10/12/2007, -1/+27Great title! I was cracking up when I read this....now i gotta actually read the article.
  • jron, on 10/12/2007, -3/+20Not all black hats are out to harm Microsoft... their interest lies in security research. What better way to conduct research on the most widely used operating system of all time - from the inside. Also, one could assume, the money is better.
  • chiology, on 10/12/2007, -4/+18Then again, they could be discovering holes and just fixing the minor ones, keeping their special secrets and dirty little tricks to themselves for later...

    M.T.
  • inactive, on 10/12/2007, -1/+14@jron "A black hat (also called a cracker or Darkside hacker) is a malicious or criminal hacker. "
    http://en.wikipedia.org/wiki/Black_hat

    You're describing the actions of a White Hat:

    "The term white hat hacker is also often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity.y." (also from wikipedia..)
    so yeah... i think my analogy holds true. o_O
  • inactive, on 10/12/2007, -1/+12@jron... its wikipedia, feel free to change the definition =P

    here's some more definitions of a black hat :

    A malicious hacker who exploits - or publicises - a security weakness before informing the affected organisation.
    www.powernet.co.uk/client/general/glossary.shtml

    another from wikipedia:
    In the computer security community, a black hat is a skilled hacker who uses his or her ability to pursue their interest illegally. They are often economically motivated, or may be representing a political cause. Sometimes, however, it is pure curiosity.
    en.wikipedia.org/wiki/Black_hat

    In the context of computer networking, cracking (also called black-hat hacking) is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network (the somewhat similar activity of defeating copy prevention devices in software with the intent of using the software illegally is addressed at software cracking). ...
    en.wikipedia.org/wiki/Black_hat_hacker

    A skilled hacker who hacks for illegal and sinister purposes, sometimes political and economical, and not just for pranks.
    www.slais.ubc.ca/courses/libr500/04-05-wt2/www/B_Olmstead/Glossary.htm

    maybe you're definition is just a bit off... or maybe it use to be right but now the more accepted term is that the blackhats = malicious and whitehats = good
  • chuckcunningham, on 10/12/2007, -12/+22BEST HEADLINE of the YEAR! really though somebody should design an os based on field tests of people trying to use a computer while tripping/drunk/tweaking/otherwise stupid..... OTHER than osx....
  • lxcid, on 10/12/2007, -1/+10Many people forget the fact that Apple Mac OS X is built on top of a unix system. Microsoft is a operating system of its own and vista was mentioned to be built from scratch. Apple Mac OS X securities doesn't come from within because those security is inherited from unix. But that doesn't mean they doesn't have security issues. While Windows been through so much for the securities issues in Windows XP, you know that they years of experience plus the money they willing to spend now to tackle the problem make me even think that Vista is a more secure system by default that Linux/Unix/OS X. Look at Symentec, once a leader in securities for Windows is now panicking and blasting Windows for being secure. Please do some research. I wonder is digg all populated by Apple fan only? You guys talk as if Mac OS X is a operating of its own build from scratch by Apple and they had know all the securities issue before hand. Its inherited and its still have security flaws... :)
  • nTensify, on 10/12/2007, -2/+10If you can't beat them, go work for them; take their money AND publish security problems to your Polish hacking friends!
  • evolseven, on 10/12/2007, -1/+8@jron

    I think thats a very naive view you have there, Lets say that I have all of your personal information.. Your name, address, social security #, credit card#'s, various account#'s, Search history, maybe an image of the profile of your housekey, and hell your car key too. Its all just data, and after all information wants to be free.. and should be free.. so I think everyone should have access to that information..

    There is a reason why there are protected Data systems, and most of them are protected for a good reason... because other people dont need access to that information.

    Although I will agree that information on exploits should be something that is freely shared, although it is probably a good idea to present the information to the company that produces the software first, and then give them time to fix it(1-2 weeks maybe?), then go ahead and post it publicly if they are not willing to respond to the problem..
  • Evoguy, on 10/12/2007, -3/+10You do have to hand it to them... It really does seem like they are making an honest effort to change their outlook on security. For a company as large as MS, it's a pretty bold undertaking to turn around all that momentum, here's hoping they keep it up, and that the public recognizes their effort in Vista.
  • danielgary, on 10/12/2007, -1/+7@nTensify

    I'm not sure if you have ever used Visual Studio, but I am going to assume you haven't.

    I, however, have used both, and can say that Visual Studio since 2003 has been a better IDE than XCode could ever dream of being.

    No this isn't an Apple is better than Microsoft, or visa versa. This is merely one piece of software from Microsoft that is better than Apple's counterpart. All you Apple fanboys probably need to call 911 now, as I am sure you just head a heart attack.
  • joeydoo, on 10/12/2007, -1/+6"Lambert said about 20 well-known researchers who regularly appear at Microsoft's annual Blue Hat conference have been given access to the full source code, specs and threat models for review.

    "We're not blocking them from looking anywhere. They have access to everything. [They can] go everywhere and find all the bugs [they] absolutely can," said Lambert."

    Holy dam. They really have done EVERYTHING on this. They gave them the source code.
    That also makes me slightly concerned though. They are probably aren't eveil hackers anymore. But still.......

    If Vista fails on security this time, a load of corporations are going to go to the, increasing better of late, big Linux distros. This probably HAS to be a turning point for Microsoft. Otherwise they might lose significant market share over the next five years. Why would anyone upgrade from XP if Vista is full of holes, on the corporate side at least.
  • zetsurin, on 10/12/2007, -2/+7I personally think it's quite a clever move. In the end of the day, it's just like they are hiring a testing team who specialise in security.
  • fuchila, on 10/12/2007, -4/+9This is a step in the right direction. Kudos to all.
  • Xmanglc, on 10/12/2007, -5/+9I like windows and mac. But I like windows more beacuase it's easier to devolop on!!!
  • neko, on 10/12/2007, -0/+4Dude, my hands are -huge-.... they can touch anything but themselves...

    oh, wait.
  • link470, on 10/12/2007, -1/+5Good call Microsoft, a very wise move. lol, dugg for the title as well. Props to you OBKenobi.
  • Doghound, on 10/12/2007, -0/+4I think you guys have this backwards:

    If you can't beat them, hire them.
  • inactive, on 10/12/2007, -1/+4Sigh.... A good article comes out about MS trying to actually do something decent about their security issues, and of course most of the posters either dismiss it, or make fun of it. Of course if it was an article about OSX or Linux then it would be a different story, except the MS bashing would still find a way in. Shows why Linux and OSX are such a small part of the pie, look at their user base.....

    Digg has quickly turned into Geek.com.... Every tech post turns into this kind of pure crap. I think this will be my last post, as the phrase "Nothing to see here, move along" has never been more appropriate.

    Have fun.........
  • alienSkull, on 10/12/2007, -0/+2If anyone at Microsoft is reading this, a applaud you for attempting to make a more secure OS. I really don't care if it is delayed for another 2 years, as long as it is secure.

    I have installed the Beta build as a virtual machine, and all I can say is that it looks great, but if the security isn't there, all you will have is nice looking spyware. And noone wants that.
  • jellyroll713, on 10/12/2007, -8/+10If their interests are in security research, they aren't black hats at all.
  • digitaldivider, on 10/12/2007, -0/+2so I take it I wasn't the only one thinking "they programmed vista on LSD" then.
  • Experiment626, on 10/12/2007, -5/+7Now what does Vista have to do with limited slip differentials?
  • inactive, on 10/12/2007, -2/+4@jron, I totally agree. We should always lump similar things together and offer no detailed-information or sub-categorization for them.
  • inactive, on 10/12/2007, -0/+2The study I'd like to see done is, what percentage of Internet users are under the influence of drugs while online? Because, from home pages to inane comments (NOT directed at anybody here!) to flame wars to email, I would think that would explain a lot.
  • barthosch, on 10/12/2007, -0/+2Based on what I've seen so far (Beta 2), they used LSD to design the Aero interface.
  • Dagur, on 10/12/2007, -4/+6This is good PR. Blame the hackers if some security hole is found.
  • Doghound, on 10/12/2007, -0/+2Why do I feel that MS saw this as a possibility and had them sign some hefty paper work before allowing them to gaze through the source code?
  • dineshbabu, on 10/12/2007, -0/+1Like Frank Abagnale made it to the FBI Check fraud division !
  • jvicinanza, on 10/12/2007, -0/+1Some might say that you need to be on lsd for Vista to look good.
  • SimonC, on 10/12/2007, -1/+2Oh, and Vista wasn't built from scratch. Only Windows Foundation Classes were supposedly re-coded. I know it's already hard to be a Windows fanboy considering how poor and badly designed the OS is, but please, try to use valid arguments, like, "only Vista will run new games". However, it has nothing to do with technical capabilities but only with the software monopoly MS holds, so even if it's maybe the only decent argument in favor of Vista, it doesn't discard the fact that it sucks on most levels.
  • jonjo, on 10/12/2007, -0/+1"Digg has quickly turned into Geek.com"

    duh.....
  • wurzelgummage, on 10/12/2007, -0/+1LSD were a British Amiga cracking/demo group.

    Damn kids!
  • inactive, on 10/12/2007, -0/+1If it is true than it seems like a good idea why not have skilled hackers tell you about exploits its just a better security team.
  • cquinnd, on 10/12/2007, -0/+1It will make a big difference.

    "I'm sure Microsoft has issued some sort of similar structure for securing vulnerabilities in previous versions of Windows..."

    Actually no, they haven't. The closest they have come to this scale of security review during development was with the release of Windows 2003 Server, which caused the
    Vista build team to stop thier own development long enough to switch over to using W2k3 as the basis for Vista from that point on.

    Previously the MS strategy seemed to be to wait for a potential vulnerability to be identified in released code, and then patching every OS and App that was affected by that vulnerability. That changed a couple of years ago to trying to figure out areas of
    vulnerability in the code as it was being developed, to eliminate those potential vulnerabilities before they happen. They also started to invite security experts
    and white hat hackers to conferences at Redmond, to literally school their own developers in understanding more what hackers look for and how to better think
    about hardening thier code.


  • cquinnd, on 10/12/2007, -0/+1And what is to make them think they are the only group of hackers hired for that purpose?

  • fiji5555, on 10/12/2007, -0/+1Why is it that people on Digg will always........(A) respond to a storywith a "witty" remark (B) complain about the story not being linked directly to the source (C) complain about it being a "dupe" (D) talk about everything else under the sun except what the story was about (E) manage to say something bad about MySpace so they feel "cool" about not going there and finally (F) maybe just maybe have something constructive to saw about the actual article .....whew.........not saying all of this happened in this case but just in general on all posts here. BTW i know i didn't say anything about the article either =]
  • mgadalsky, on 10/12/2007, -0/+0Awesome. This makes me smile.
  • SgnDave, on 10/12/2007, -3/+3How else is Aero supposed to beat Compiz/XGL?
  • miker71, on 10/12/2007, -2/+2Now Microsoft can officially blame the hackers for poor quality control when the first major exploit for Vista hits the wild.
  • Jasonn, on 10/12/2007, -0/+0Obviously a good move on Microsoft's part, but one has to wonder how much of a difference it will really make. I'm sure Microsoft has issued some sort of similar structure for securing vulnerabilities in previous versions of Windows, and take a look what happens shortly after release...
  • dadood, on 10/12/2007, -1/+1"largest ever penetration test"
    Huhu he said penetration.
  • SimonC, on 10/12/2007, -1/+1That's a common misconception; OSX is based on the NeXT operating system, which features a Mach kernel (now XNU) and their own userland/system calls and threading concepts (tasks). They just provide a BSD userland for POSIX compliance and UNIX tools (so you can easily port UNIX apps, use a shell, etc). So to say, OSX is as much UNIX-based as Windows with SFU would be if SFU was complete and still supported by MS (and included by default). Repeat after me: OSX is *not* UNIX nor UNIX-based. That's not necessarily a bad thing. Anyway, NeXT was developed by NeXTStep developers, founded by Steve Jobs in the early 90's. So it's fair to compare it to Windows.
  • jonstafari, on 10/12/2007, -2/+2totally... not thinking a hacking group what-so-ever

    Vista on L.... mmmm
  • inactive, on 10/12/2007, -5/+4Heck, LSD (le grande drugge) might help the MS dev team. Loosen them up a little, shake their one-track Borg-minds.
  • Phoenixfury, on 10/12/2007, -2/+1I think the subject title was typoed.. They don't me LSD, they mean LDS.. Beware for the next version of Vista may try to convert you to their religion. :) Instead of fixing bugs, we'll get BSOD's that say "Feel like killing yourself? Let us help you!"
  • jordinas, on 10/12/2007, -1/+0Building an Operating System from Scratch, even with security in mind, does not mean it will be any more secure than an existing OS. Case-in-point, some very significant flaws have been found in the networking stack of the BETA versions of Vista (http://www.symantec.com/avcenter/reference/ATR-VistaAttackSurface.pdf), some of which have been encountered and addressed before with prior versions of the Windows OSs.

    Building an OS on a secure platform is a good idea, so why fault Apple for leveraging Unix? And indeed flaws have been discovered in OS X too...
  • rtakach, on 10/12/2007, -2/+1LSD (acid/doses/drugs) actually played a big part in the development of modern software systems. I was watching a documentary about psychedelic drugs and some of the guys working at microsoft and apple had major breakthroughs in their programs after dropping acid. Interesting, and counter-intuitive to what you might think.
  • Fetching more discussions...
    Show 51 - 77 of 77 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.