Microsoft recently formed its opensource group under James Utzschneider,Microsoft's general manager of open source 
which will directly report to the company number two, chief operating officer and aggressive compete-to-win-type Kevin Turner.The company will redefine its opensource strategy, much of which was initiated by Sam Ramji who left Mircosoft for family reasons,will now be getting a broader, cross-company view inside Microsoft's global business and marketing operations unit.
Over the years, Microsoft has tried to get on friendly terms with open source veterans and also made a number of donations and contributions to open source projects and Linux. These included a release of a pair of PHP patches under the Free Software Foundation's Lesser GPL license, the SQL Server Driver for PHP released under Microsoft's own Permissive License, the release by Microsoft of 20,000 lines of Windows kernel code under GPLv2 ( *alebit this move was clearly designed to bolster Windows as a hosting environment for servers running both Linux and Windows* )to improve performance and manageability of Linux running insider the company's Hyper-V, and the Windows Installer XML (WiX) toolset to SourceForge.
According to Utzschneider, Microsoft has changed, but still Microsoft has a legacy of misinterpretations and bad blood. Who can forget the bar knuckled fight between Microsoft and Linux,the halloween memos, the hated get the facts campaign, Steve Ballmer's claims that Linux is violating Microsoft's patents… Utzschneider commented to change perceptions about the company that the company can't use "clever advertising or press."
"It has to be done with products and actions and behavior on a sustained basis across the company and across the ecosystem. I want the idea of Microsoft being proprietary and closed and not open to interoperating - I want that to disappear as an issue," he said.
On further probing he commented upon the code release policy which is underway which will enable ordinary coders to release code to open source based on Microsoft's products. As of now, Microsoft aims at blurring the line between opensource and closed source giant,at least that's what Utzschneider claimed
"We are quite content to say: 'Here's the value from what we are presenting and here's the value from the comp products' but we are doing that without the religion of: 'Oh my God, there's two different worlds and you have to choose one - a world where you have to pay for software and one is weird and different and free.' That's what we've moved away from as a company.
"We have to teach our sellers how to talk about open source in a new way, and the overall theme is that it's OK for open-source products and Microsoft products to work together. There's a growing Microsoft ecosystem that we are going to encourage.
Lets see where all of this goes..I guess pigs do fly..
The Register
Posted by XERO . All rights Reserved
Recently I got an email saying that 855 crores of money is spent on ministers who do nothing (except for fighting for
power that is) and much of it is true. Government is taking lone from UN for its concerns and precious resources are wasted on old whimpering scrooges who rule the holy land. No..I m not pissed off much. not much, but what really pisses me off is the quality of government websites in India. Tell me any .gov.in portal which is secure and I will stop blogging. There has been quite a peculiar scenario going on with the security scene in India. A cyber coldwar is going on with Pakistan and China as of now with defacing going on from both sides with no sweat and concerns. I don't blame any one for this,its natural if you find a vulnerability in a website (or in general,anything), you will be especially tempted to exploit it. What concerns me that the websites of government officials, bollywood stars, educational websites are quite hackable and NOONE is concerned about them. Then there comes media paparazzi and the spiced up news channels exaggerating everything to himalayan proportions. And then every script kiddie becomes a hacker, not by his hack, but by the media.
Disclaimer -
I HAVE NOT HACKED ANY OF THE SITES AND THE DATABASE,JUST TESTED THEM FOR VULNERABILITIES. I TESTED THEM AND FOUND ERRORS WHICH MAY/MAY NOT BE DISCLOSED HERE AND IN NO WAY ANY ONE CAN SUE ME FOR THIS AS I DID AND MEANT NO HARM TO THE DATA OF CONCERNED ORGANIZATIONS.BY READING THIS ARTICLE YOU AGREE WITH THE DISCLAIMER.
IF YOU AGREE WITH THIS AGREEMENT,CONTINUE READING ELSE IMMEDIATELY LEAVE THIS WEBSITE.
The story goes on..
Why not to start from my University website –
www.ptu.ac.in the old web portal was recently revamped and broken into multiple parts, with
www.ptuexam.com responsible for storing the data of students. This DOT NET based website is quite insecure and even was near defaced recently and
even an old veteran once commented on the status of website. I on a lazy Saturday morning was trying to see my result when I got interested in the structure of website. "
Poorly scripted" and "
insecure" were the first words that blurted out from my mind.
The login is given in the front with some interesting URL patterns. I decided to get my hands dirty and inspected the site by creating an error. It gave me a 404 error and I was able to deduce the server was a Microsoft one.Later I tried injecting " asdx" '" into username and password fields of form and I got a database error. Its vulnerable to SQL injections. I found an interesting URL -
http://www.ptuexam.com/Enquiry/WebMas_Adm_UniAdmProfile.asp?AdmID=
and upon experimenting I got multiple column names and usernames.
I was even able to get server configuration,database names (500+ databases),table names and column names…
Microsoft SQL Server 2005 - 9.00.4053.00 (X64) May 26 2009 14:13:01 Copyright (c) 1988-2005 Microsoft Corporation Developer Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)
E555802-130167
And then..I got this..
I got a username and password to login into the site..Just WHAT WERE THEY THINKING ?!!!! Also If one can try a bit harder once can
*easily* gain Admin access to PTU website and wreak havoc. No..I didn't hack it.But I was tempted to,I had all the data. I m not blackhat,but I m not a whitehat either. I idolize
the_ut as my hero, his knowledge,ideology about the scene and his style,but hold him in contempt for his love for pure destruction.
Big question –
why is it insecure ? Bigger question –
what if a capable hacker defaces it,drops all the tables there and plays with the future of students ? *update* - Officials at PTU contacted me and their administrator met me personally. They had a look at all the findings and loopholes which I found and discussed to make a move at opensource . Looks like a nice start to me. Rest we shall see where it all goes . Greets go to
Samandeep,
Mr Amarjit Singh who did their best.
And this is only the beginning..Many University sites,government sites are easily hackable. Why don't they secure them is unanswered. The worst part is that all the so called Hacking Academies and Institutes which are teaching the basics of hacking make students practice on them. The vulnerable sites ? Lets have a look at them -
NIT Kurukshetra Website
FIITJEE website is another offender
Seshadripuram Law college website and the trust's website
NISCAIR website…this one was even on youtube once
Zee news Noida
National Assessment and Accreditation Council of INDIA
93.5 red fm was virtually digitally raped before its overhaul..still not very safe
Official site of Dino Morea and site and even more..
Frankly speaking..Any sufficiently experienced technology enthusiastic can hack these websites in minutes. The security is zero and that's why we are behind in cyber subculture today. Folks..its time to wake up and make our sysadmins realize that the cyber scenario is quite advanced today and we are no match for the upcoming competition. We just cant let others to deface our resources, cant let them play with our future.
Time to get better and buckle up before someone performs a
rm-rf on us.
Hackers are here..Where are you ?
POSTED BY XERO ALL RIGHTS RESERVED. 
0 comments:
Post a Comment