Microsoft and hackers

[TheSpecialist]

I'm quite sure that microsoft has followed this board pretty much since the beginning. A question that's been on my mind for a while is: what does Microsoft think of us and this site ? I mean, when we started the firmware thread, they could have very easily tried to stop us. They could have threatened SiliconIce to take his site offline or they could have threatened some hackers with lawsuits. Regardless of the chances to win/lose such a lawsuit, I'm quite sure that the threat alone would have been enough reason for most hackers to stop posting. I know it would have been for me

A year ago, microsoft held the 'Blue hat' conference. This was a congress, organized by Microsoft where they invited hackers to talk about security and learn from them. See http://news.com.com/Microsoft+meets+the+hackers/2009-1002_3-5747813.html?part=rss&tag=5747813&subj=news

Noel Anderson, a networking engineer from microsoft said:

"(Hackers are) not just a bunch of disaffected teenagers sitting in their mom's basement. These are professionals that are thinking about these issues."

It seems that microsoft is following, in my opinion, a VERY good strategy here. It seems they understand what we hackers are all about and it seems they'd rather embrace the hacker community instead of making them their enemies. What do you guys think of this strategy ? And what would you feel about microsoft organizing some kind of 'blue hat' even' for us, to openly discuss xbox security ? Or maybe talk with us about ways to improve security and giving the best idea a (BIG, hehe ) prize ? I'm curious about your opinions. Because I think that if I worked for Microsoft, I'd be pretty much interested in this. And me personally, as being a hacker, would also very welcome initiatives like that.

So if you think it's fun, give your opinion about 'microsoft and the hacker community'

[PS2MXBOX]

No lawsuits or threats made for two reasons...

1) these boards have violated no copyright laws or protections
2) MS needs to keep quite and wait till a full blown hack is available and will then combat it with knowlege obtained from here and other sources

[TheSpecialist]

1) these boards have violated no copyright laws or protections

I don't know if it's that 'black/white'. For example, reverse engineering is illegal in the US. But what about a site posting the results of reverse engineering ? If you operated a site like this and MS would tell you that they feel this is illegal too and want to see you in court to let a judge decide who's right, would you take your chances ? Would you seek legal advice or just take the site down ? I think I would have chosen for the last. So, that's what I meant when i said that regardless of the chances to win a lawsuit, the threat alone would have been enough to stop for a lot of people.

[BlueCop]

I am a very cynical about corporations. I think MS primary interests are money and market share.

I think the reasons they are embracing these hackers are the perception and reality of their Windows product being insecure.

They will have a 2 teir solution. Public Relations and Actually fixing their security holes. to do the second they need these hackers.

what scares me if they will develop promote some secure platform that is incapable of running other operating systems or even your own code. The 360 security model being the base for such a platform. This would be promoted as "TOTALLY SECURE" and it would have a market. The future just scares me because they don't like to play fair with competitors so just what tactics will they use to get what they want.

[Slack3er]

First, I'm no hacker, just a simple minded end user. LOL 

2) MS needs to keep quite and wait till a full blown hack is available and will then combat it with knowlege obtained from here and other sources

I agree, if MS tryied to pull the plug early on the fw hack, it probably would of went underground. That would be bad news for them, they wouldn't really know what to expect. Keeping things in the open, atleast gives them a better fighting chance, IMHO(If Possible...).

I think over the years the security community proved MS wrong enough, LOL, DCOM, LASS, who the hell runs their normal user as administrator anyway... Probably they just had enough, and are now only starting to learn or maybe not. I think your idea of a xbox style "blue hat", would be really positive for everyone. It would give you a chance to show, your interesting in learning, not illegal underground, MS will probably learn some cool tricks and most importantly don't forget the FREE FOOD TABLES... 

Besides,  someone has to think about security. MS is smart they get the community to do it, lol. Most importantly, Unix rules... 

Regards;
Slack3er

[TheSpecialist]

I think MS primary interests are money and market share.

Of course, money is and should be the primary interest of companies in general. But in my opinion, an IT company like microsoft can either decide to 'fight' hackers or 'embrace' them.

what scares me if they will develop promote some secure platform that is incapable of running other operating systems or even your own code. The 360 security model being the base for such a platform. This would be promoted as "TOTALLY SECURE" and it would have a market. The future just scares me because they don't like to play fair with competitors so just what tactics will they use to get what they want.

I think your point is interesting. So you're basically saying that as long as microsoft is not allowing interoperatiblity they can't be 'friends' with hackers since most hackers believe in interoperatibility ? I think this is the exact reason that Sony making the PS3 interoperatable ..

[TheSpecialist]

First, I'm no hacker, just a simple minded end user. LOL 

Somehow I don't agree here, Slack3er

I agree, if MS tryied to pull the plug early on the fw hack, it probably would of went underground. That would be bad news for them, they wouldn't really know what to expect. Keeping things in the open, atleast gives them a better fighting chance, IMHO(If Possible...).

Agreed, I think this site is not only fun for us, but also very interesting for MS. Thinking of it, in a way, this site is already some kind of 'blue hat conference'

[BlueCop]

Of course, money is and should be the primary interest of companies in general. But in my opinion, an IT company like microsoft can either decide to 'fight' hackers or 'embrace' them.

I think your point is interesting. So you're basically saying that as long as microsoft is not allowing interoperatiblity they can't be 'friends' with hackers since most hackers believe in interoperatibility ? I think this is the exact reason that Sony making the PS3 interoperatable ..

I think the service they are providing society should be the trumping priority over making money. like a company that puts more polution in the air rather paying for a more costly cleaner solution. I think MS is becoming more responsible by spending the amount they do on security research and trying to improve it. This only happened after a huge amount of worms and viruses that targeted their os though. Like poluting puting out software that is insecure causes problems for society as a whole. So no i don't think companies primary concern should be money but rather the well being of society. Companies externalize problems they cause all the time and its the people who end up having to pay the cost. I realize it is a bit of unfair comparison because the complexity of the software it would be difficult to isolate all the flaws but i don't think they really tried all that hard. If you look at some of the default services that shiped automaticly turned on a orginal windows xp you can see what i mean. Also when MS dominates a market their development or new interesting features becomes stagnent. It is only when they are forced to compete that anything interesting comes out of the company.

If they restrict what one can do with hardware one bought from them then its a motivation for a hacker to open up the hardware for other uses. i think this is many times the goal of hackers using the hardware for a purpose it wasn' intended for or was restricted from doing by the manufactor.

I am looking forward to how the PS3 implements their system

[TheSpecialist]

So no i don't think companies primary concern should be money but rather the well being of society.

Again, very interesting observation. It's kinda late here, I'm off to bed and I'll be thinking about this for a while ...

[Slack3er]

The Open Source community seems to be applying lots of pressure on all front of MS flag ship products. FireFox, Linux, Samba, OpenOffice.Org, GCC, Mono, etc. IMHO, that seems to be a big issue with them, most of the above products are "good enough" or equal(security/feature wise) to MS products. Lately they have started Fear, uncertainty and doubt tactics, ex. Get the fact straight. Basicily saying, Windows is more secure then Linux. There trying to make the OO.Org incompatible with future MS Office and Samba will have a hard time with the future SMB protocol. Balmer said the GPL is Viral..

Sun, Novell, IBM is really pushing GNU, MS must be really finding the heat... I think if MS doesn't try to change or accept the community, someday they may find themselve alone on a island.

Edit: I have had some better point to this, but now I forget... damn

[PS2MXBOX]

1) these boards have violated no copyright laws or protections

I don't know if it's that 'black/white'. For example, reverse engineering is illegal in the US. But what about a site posting the results of reverse engineering ? If you operated a site like this and MS would tell you that they feel this is illegal too and want to see you in court to let a judge decide who's right, would you take your chances ?

No this board's situation is black and white.  You can post information on how to do anything as long as the site carries the disclaimers etc.  Don't believe me? Just google for "how to make a biological weapon, or silencer or handgrenade"  You can write anything on a public forum, as it is protected under the 1st Amendment (it has been taken to court before, I have seen it).

[Hajaz]

i honnestly believe MS has embraced piracy.

Theyd rather have people pirate their stuff then buy the competition's product.

wasnt there a study a while ago that showed that piracy actually improves sales?

360 security shows this. Many have considered that MS might have intentionally left the DVD drive vulnerable.
On the other hand homebrew seems a very long way off. It looks like MS is willing to allow piracy, but at the same time theyve made sure the live experience cant be tampered with by homebrew apps such as trainers etc

[zerodefect]

i do not see how piracy even affects sales. my old roommate used to pirate everything, movies, music, games, you name it. the reason why he didnt cost the companies a penny? if he didnt pirate it, then he still wouldnt have bought it. most people pirate because they cant afford the pricetags. now they are playing these new games, sometimes before there even offically released and he shows them off too all his friends (who do not have mods and they like what they see and go buy the game) its like free advertising.

i do not see why everyone is so scared to release this firmware. grab a good anon proxy, upload anonymously to some usual places and forget about it. nobody can prove anything thats the beauty of the internet. besides not everyone is accountable for united states laws, expecially people that are not in the states.

[Tiros]

No this board's situation is black and white.  You can post information on how to do anything as long as the site carries the disclaimers etc.  Don't believe me? Just google for "how to make a biological weapon, or silencer or handgrenade"  You can write anything on a public forum, as it is protected under the 1st Amendment (it has been taken to court before, I have seen it).

No it's not "black and white"!
Since these "weapons" do not contain copywritten work or encryption technology, the documents/information are not DMCA violations.
Although I previously thought that all such information here was protected under first amendment, further research reveals a potential problem.The DMCA imposes a serious restriction on the freedom of speech. The DMCA makes it illegal to talk about certain security systems. I read that relating information on a public forum to circumvent copy protection, and or expose security/encryption weaknesses is in fact a violation of DMCA. Be sure to include the word "trafficking" in your google search. It's really quite frightening, even open source collaborators, in public forums, may in fact be breaking the law under strict interpretation of the DMCA.
The more specific the inforamtion, the greater the risk. Posting specific code to assisit in the circumvention? Your toast if you do! Guys have went to jail for doing just that.

One or two examples:
http://www.macfergus.com/niels/dmca/cia.html
http://www.eff.org/IP/DMCA/?f=unintended_consequences.html
There are more, basically providing technical information on how to circumvent a protection system may be considered "trafficking" under the DMCA.

It's gonna take a couple of weeks for M$ to file the paperwork, so I wouldn't feel too comfortable just yet.
M$ has a entire legal department on staff. It COSTS THEM NOTHING to serve paperwork on someone. Even if you are right, wrong, or indifferent, It's gonna COST YOU MONEY to answer the M$ lawyers. Also keep in mind there are both criminal and CIVIL implications here. If M$ can demonstrate a loss, they can sue for CIVIL damages, without even invoking DMCA (criminal).
If any company has the strength to test such legal tactics it's M$.

It's pretty obvious who the "team" is. All the backpedalling statements being made, "we don't condone piracy", "I don't own an xbox", "I just want to backup my originals", etc. etc. aren't gonna help if the M$ hammer swings. Anyone who thinks that M$ will embrace the hacker community, "hire" any team member for consulting, advocates piracy, or have a "prize" for helping them fix this is delusional. Since most of the "team" has repeatedly acknowledged/stated that this hack is primarily a piracy device, they have already admitted to the "intent" of the information. Makes things so much easier for M$. If any body has commercial or financial gain over this, god help you. Further If you assist someone else, with information, and they produce a harmfull product, the person providing the assistance would be considered a co-conspirator. It may well already be too late to avoid the legal consequences resulting from some of the things that have happened here. Personally, I think the "team" made a big mistake by tooting thier horns over this.

Hey, maybe not, these are new untested laws. I just wouldn't want to be the "test" case., especially against a gorilla like M$.

[PS2MXBOX]

I'm sorry Tiros, there was more involved in those two cases than was published.  Thats not all they were indited on, but you'd have no way to know.  Anyway, I'm honestly not going to sit here and get into a pissing contest with anyone as I work with these cases EVERY day.  I could council the members here for days, however it's not going to make anyone feel any better or change what information they share.  This thread was interesting to me in the beginning, but now I can see that its just going to be a big sentence slam with people who don't know the law or how it is interpreted by the courts.  Have fun!

[Tiros]

PS2M,
I wasn't trying to start a pissing contest. My post is on topic for this thread. I wasn't really directing the whole post at you. It was more of a general reply.
My main point is even if you are right or wrong, it will cost you money to answer a M$ legal challenge. It cost's M$ practically nothing to fuvk with you. It is my  assessment that the courts have yet to decide how they interpret these laws. I was only suggesting that M$ may be a company with big enough balls to test it a little. My sac is too small for something like that, and maybe for others too.

Seriously, I would like to learn.
Do you disagree with my position regarding your "weapons" analogy.
Do you take issue with anything specific in my post?
Since you "work with these cases every day", why don't you enlighten us a little here on the law and how it's interpreted?

[TheSpecialist]

No this board's situation is black and white.

Well, merely the fact that were discussing about it, makes it 'grey' to me personally So all I'm saying: if they wanted to put this board to a stop, they could have started threatening months ago

[PS2MXBOX]

Tiros...sorry I just get frustrated. Let me make an quick annology; All of the hackers here get annoyed with all the newbie questions about hardware hacking and I too get somewhat annoyed with newbie law questions when I have been trying to show others on this board not-so-much loopholes, but information for those afraid of the law.  Anyway, us American's have the legal right to publish any information concerning basically any topic so long as it does not pose an immediate international security threat.  (No prior restraint) No business can silence a community legally as long as no copyright violations have occured (ie posting the actual 2048 bit key, xex files, games or the like). If there are copyright violations then you bet they will file against XBH. So why theSpecialist edited all his posts is beyond me.
But again if things were to be released, the world of proxies and non-DMCA affected countries, or hell ppf patches (legal) then I don't see why things haven't come about. Though I have no direct need for any hack and don't condone piracy in any way, I just think its interesting to see a new community form out of one common goal.

As far as the court costs and battles etc., keep in mind how disliked M$ is by the courts as it is...remember the monopoly court cases brought against them by the United States Government trust breakers? Anyway, all I'm trying to say is. Yes, they have enough money to stop a board if it has the proper basis, which I don't see how it would for this board.

Just take my word and google for "how to make napalm" or "how do landmines work?" but you might have more of a problem with the government tracking your web visits than M$ watching you on here hehehe

[zerodefect]

the posts were edited because they contain direct links to to firmwares... as well as code and other things that were removed for fear of getting busted.

[PS2MXBOX]

the posts were edited because they contain direct links to to firmwares... as well as code and other things that were removed for fear of getting busted.

How many times have I stated on this board that there was implied copyright as far as the firmwares go, yet everyone shot that idea down in front of me?

Now you want some free advice from me?  I'd lock the public out of this forum and keep posts invisible until they register and agree to terms or not being a member or law enforcement or M$ staff etc.