Do you think hackers are dumb enough to send malicious code directly to Microsoft via Windows error reporting? Do you think Microsoft is foolish enough to flaunt scantily dressed women at a tech convention while celebrating women in IT? The answers are apparently yes to both, at least according to what happened Down Under last week.
At the Australian Microsoft TechEd 2010 conference, a Microsoft senior security architect explained top hacking methods and how developers could avoid those designing pitfalls.
According to ZDNet, Microsoft senior security architect Rocky Heckman, told attendees that when hackers write viruses, which in turn crash their Windows computers, those same hackers send the error reports, details and malicious code, directly to Microsoft. I doubt seriously that any real "hackers" do, but script kiddies might. Heckman stated, "The first thing [script kiddies] do is fire off all these attacks at Microsoft.com. On average we get attacked between 7,000 and 9,000 times per second at Microsoft.com."
It seems likely that some of those error reports might be coming from infected computers that crash and not "hackers" attacking Microsoft, but who knows? The lesson here seems to be that error reporting should be disabled right away, kiddos. Or just say "No," or even "Do the right thing." I wonder if Microsoft wished it could turn off error reporting on a global social media scale? Some of the 2,700 IT workers that attended enjoyed the next publicity stunt, while some others were livid. It will be interesting to see if Redmond HR reacts as this "deepest sympathies" tweet predicts.
At the same TechEd conference, Matt Marlor, the AuTechHeads lead (also known on Twitter as the "SPIN *HATER*" @OhCrap) tweeted this photo of scantily clad meter maids, a.k.a. booth babes, who appeared at the conference.
The Sydney Morning Herald (SMH) came out with two articles about the meter maids at the Microsoft TechEd conference. In the first, Meter maid stunt backfires at Microsoft geek gathering: "Microsoft says it had no idea the 'meter maids' it hired to titillate attendees of its TechEd conference on the Gold Coast would be half naked after the promotional stunt backfired spectacularly."
"The meter maids, iconic figures on the Gold Coast with skimpy gold bikinis that leave little to the imagination, were present at the welcoming reception earlier this week. Ironically, a key session at the conference was devoted to 'women in IT'," SMH further explained.
Later the SMH published this article, Chief meter maid hits back at Microsoft. The head meter maid, Roberta Aitchison, basically accused Microsoft of lying. Aitchison told a reporter during a phone interview that Microsoft and the Company events team knew of the skimpy outfits. "The garments were chosen specifically by them over a period of 2-3 weeks of them looking at photographs of the girls.," she stated. "They came back to me by email stating which garments they would like the girls to be wearing."
Microsoft...not telling the truth to the public? Surely not?
Microsoft "manned up" and took full responsibility. Aitchison added insult to injury by suggesting the meter maids added spice to a conference that would otherwise have been "boring."
Funny thing about error reporting, neither seems too bright: Script kiddies sending error reports if they are indeed trying to attack Microsoft with malicious code? Microsoft celebrating "women in IT" by bringing out meter maids with their hineys practically hanging out for a publicity stunt? That's sending a global error report to anyone who cares to view it.
image credit and linked to @themolk
Tweets are public, people...just ask the Library of Congress.
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited