Officials from Microsoft recently attended the "Black Hat Briefings" in Las Vegas, a hacker-only event staged each year. This strange event occurred so that Microsoft could meet with the people responsible for the L0phtcrack password-cracking hack that affected Windows NT earlier this year. In a unheard-of reversal of policy, Microsoft decided it made sense to mingle with hackers for the first time.
"We came here to look at the hackers' perspective, to understand what they're thinking and what their concerns are," said NT marketing director Carl Karanan. "It's good to look at things in perspective: this conference does that. We've opened up a dialogue. The hackers do a service. We're listening and we're learning,"
Apparently, the hackers agree.
"What we're trying to do as a community is point out some very serious problems with an operating system that is in use in corporate America and in governments worldwide, and we're pointing it out in a legitimate fashion by saying: 'Fix this'," said Yobie Benjamin, chief knowledge officer at Cambridge Technology Partners and self-described "experienced NT hacker."
The Black Hat Briefings included numerous Windows NT security briefings. The group called L0pht presented a new version of their L0phtcrack crack that bypasses the fix Microsoft posted earlier this year. The "getadmin" crack was demoed by former Microsoft programmer Dominique Brezinski.
Using getadmin, "anybody can gain administrative access if you run it on a local machine," Brezinski said. After describing the Microsoft fix for getadmin, Brezinski then explained that it could easily be rewritten to take advantage of one of numerous weaknesses caused by backwards compatibility issues.
"Windows NT's backward compatibility always bites 'em on the ass." said "Mudge," a key member of L0pht.
Microsoft's Karanan noted that NT is a target now because it is so popular.
"If you look at the Computer Emergency Response Team advisories, you can see this has been going on with Unix for years. People are targeting NT now because we have the volume. I think that our response is going to get better, and customers will get more protective also. If it's a top national secret that you want to secure, you may not even use a password \[system\], you may want to use a secure ID token card or a one-time password \[system\].
