Microsoft Programming Contest Hacked and Defaced

davidmwilliams writes "Microsoft followed their major annual Tech-Ed event in Australia with a week-long programming contest called 'DevSta,' to find 'star developers.' While the quantity and quality of submissions suggest a poor turnout, it certainly caught the attention of at least two hackers who left their mark. Here is the low-down on the contest, what happened, by whom, and screen shots for posterity in case it's been fixed by the time you read this. And unless the volume of submissions increase dramatically within the next few hours, someone may be awarded an Xbox for doing nothing more than rewriting the Windows calculator as a .NET app."

Microsoft catching the attention of hackers?

[duckInferno]

Nooo.

This isn't news. If it were, it'd carry a headline like "Microsoft Programming Contest Security Thwarts Hackers" and be about how Microsoft employed some effective security measures without subjecting all applicants to activity-monitoring rootkit DRM and attendees to cavity-searches.

Re:Microsoft catching the attention of hackers?

[Anonymous Coward]

This isn't news. If it were, it'd carry a headline like "Microsoft Programming Contest Security Thwarts Hackers" and be about how Microsoft employed some effective security measures without subjecting all applicants to activity-monitoring rootkit DRM and attendees to cavity-searches.

Cavity search is news to me. Where do I sign up?

Re:Microsoft catching the attention of hackers?

[sveard]

where is the +1 disturbing moderation??

Re: Disturbing? Nah.

[TaoPhoenix]

He clearly means Dentistry software. Manage the patient's records, search cavities...

Ask this guy...

[Anonymous Coward]

> Cavity search is news to me. Where do I sign up?

Ask Mr. Goatse. I think there's a .NET version of it now, too!

Re:

[rts008]

Is that you, Goatse? Even you should have had enough by now!

Re:

[cffrost]

Cavity search is news to me. Where do I sign up?

Travelocity or Expedia would be a start.

Re:Microsoft catching the attention of hackers?

[nmb3000]

This isn't news.

Well, you're right about that at least. The whole thing is a joke. Here is the evidence (consider yourself saved from 3 pages of ads):

Exhibit A [photobucket.com]
Exhibit B [photobucket.com]

So somebody found (probably) a SQL injection vulnerability in an obscure Microsoft-hosted site and changed a few submission titles and comments? This is news? It's not like they defaced microsoft.com or anything else even slightly significant.

They couldn't even do something creative with the hole they found. Kids these days...

Re:Microsoft catching the attention of hackers?

[fuzzyfuzzyfungus]

The scale of the hack is pretty pathetic. Unfortunately, so is the quality of the entries. A bunch of calculator apps, a couple of twitter frontends, and a few old school arcade clones(and don't forget the cellphone stalker app. I will charitably extend the hope that all the good ideas are going to be submitted in the last few minutes, out of concern that they would be ripped off.

"All y'all penguins put your flippers on your heads, this abacus has the power of Windows Presentation Foundation!"

Re:

[Tycho]

Meh, this hack is probably even worse, both for its general stupidity as an idea and its felonious misuse of metric prefixes:

http://desktop.google.com/plugins/i/metricclock_2853.html?hl=en [google.com]

Re:

[fuzzyfuzzyfungus]

Meh, this hack is probably even worse, both for its general stupidity as an idea and its felonious misuse of metric prefixes:

http://desktop.google.com/plugins/i/metricclock_2853.html?hl=en [google.com]

FFS(aimed at author of linked app, not parent), if you are going to stick it to the man and boldly challenge the stodgy conventions of horology, at least do it the clock mod(10), not 1 through 10. Seriously, you could lose your geek card for that kind of thing.

Re:

[Bozzio]

Wow, that is a terrible Gadget.

Who the hell writes a metric clock without understanding the metric system?

This must be written by that 13 year old who painted "Anarchy Rules" on my garage door.

Swatch Internet Time

[tepples]

Who the hell writes a metric clock without understanding the metric system?

Swatch, for one [wikipedia.org]. And the Chinese before them [wikipedia.org].

Re:

[Bozzio]

There doesn't seem to be any abuse of the metric system there.

Look at the description of the Google Gadget. The author has no idea how metric prefixes work.

Re:Microsoft catching the attention of hackers?

[spintriae]

Okay guys, what do you expect from a week-long contest for an Xbox? The next killer web browser?

Re:

[WDot]

As a bonus for the best Windows Mobile, app, you ALSO get two Omnia phones and a 40 inch HDTV. Not bad. If I knew about it earlier I would have totally have whipped up a .NET calculator app. ;)

Re:

[perlchild]

On the other hand, I find it funny that either
a) Microsoft doesn't use their own security products(the ones I see advertised on slashdot all the time, as going ninja on security flaws)
b) those same tools don't work as well/aren't as easy to use as advertised

Please, if you're looking for a star developer, can't you at least hire a regularly-competent sysadmin to run the tools you're advertising?

Seems to me Microsoft wants to hire one star, but can't be bothered to build infrastructure...

Re:Microsoft catching the attention of hackers?

[cjb658]

Someone is trying to hack your contest (Cancel/Allow)?

I guess even Microsoft employees are just used to clicking 'Allow' now.

Re:

[D Ninja]

subjecting all ... attendees to cavity-searches.

Wait. I can't figure it out. Why would dentists be at a Microsoft convention?

XBox for rewriting calc

[Finallyjoined!!!]

Nobody wants an XBox that badly do they? :-)

Re:XBox for rewriting calc

[zappepcs]

I was going to say that :)
XBox is hardly enough to motivate me to load windows on any machine I own. Up next, US mint authorized silver certificate reproduction copies of the hundreds of pages of the bail out bill. This authentically signed reproduction can be yours for the small price of $850 Billion US Dollars, paid in three easy payments of (damn, where's a .net calculator when you need one).

Why don't they get a little more real... say MSDN subscription for life? Yeah, I suppose that is too much to give to a MS developer... sheesh

XBox for relaxation.

[Ostracus]

"Why don't they get a little more real... say MSDN subscription for life? Yeah, I suppose that is too much to give to a MS developer... sheesh"

Maybe because developers like to get away from WORK now and then.

Re:

[VGPowerlord]

An MSDN subscription also nets you stuff like copies of Windows itself.

Re:

[bickerdyke]

But I'd still call it usefull.

LEGO

[Finallyjoined!!!]

Since production started (of modern ABS bricks) it's estimated total production has only reached 350 billion.

Now put your $850 billion dollars in context, if it was in $1 bills, how long would it take to print the little buggers. :-)

Here come da Judge!

[rts008]

"Why don't they get a little more real... say MSDN subscription for life?"

A life sentence? Wouldn't 10 to 20 with chance of parole be more in line with a first offense of this nature?

Google: $10M in prizes, MS: an XBox

[EmbeddedJanitor]

http://code.google.com/android/adc.html [google.com]

Anyone wonder why only some pissed off script kiddies are playing?

Re:Google: $10M in prizes, MS: an XBox

[spintriae]

Google is counting on participants to develop killer apps for their Android platform. Android's success depends on the results of that contest. I've contributed to it and I know people who have spent months and lots of money developing apps for that contest.

The Microsoft thing seems to be a week-long "speed hack" aimed at a small audience just for fun. Hardly the same thing. Oh, but this is /. and the subject is M$, so let's all foam at the mouths and spew venom all over ourselves.

Re:

[Monkey-some]

200 available hours and 90% of their entries are a bunch of calculators ? And they probably used the "+,-,%,..." available operands And yeah we bash M$ because they usually promote BAD computer science/engineering. Good if you want to keep your job (your windows stuff is always going to be buggy but the management like it"

Re:

[NovaHorizon]

is only thing having me foaming at the mouth is that out of all of my tech friends.. NONE OF US KNEW ABOUT THIS CHALLENGE!!!

I'm really poor.. I could use a few things to sell on eBay :(..

Re:

[nschubach]

Damn it, I just got done cleaning up all the venom.

Re:

[narcberry]

Google doesn't have an IDE with a built in application creator wizard.

An Xbox sounds pretty cool if all I have to do is

Project -> New
Select "calculator" from list, next
Select radial button "scientific", next
Checkbox a few skins and an include contentless help-pages, next
Hit Create
Run it, accept the EULA

Hello Xbox.

Re:XBox for rewriting calc

[RuBLed]

Microsoft said they're going to award lamerdir and ov3rlord each an elite xbox 360 as an appropriate punishment.

Re:

[at_slashdot]

...no, actually the punishment is sending them 2 copies of Vista.

Re:

[MrNaz]

Not even Microsoft is that cruel and unusual, surely?

Obligatory

[zooblethorpe]

Not even Microsoft is that cruel and unusual, surely?

They are. And don't call me Shirley.

Cheers,

Re:Obligatory

[Rayban]

Looks like I picked the wrong week to ditch C#.

Re:

[Anonymous Coward]

Just wanted to let you both know...we're all counting on you back here.

Re:

[Legion_SB]

Looks like I picked the wrong week to ditch C#.

If it took you a week, you weren't doing it right.

Re:

[tangent3]

I've always wondered why there's no equivalent of std::victor or java.util.Victor in C#

Re:

[XDirtypunkX]

There is, it's called System.Collections.Generic.Lust.

Re:

[tangent3]

Oh, right. It's Oveur at System.Collections.Generic.List

Re:

[Longwalker-MGO]

If they are going to send them from the club live system, they will be accussed of cheating and never send them anything.

Microsoft Programming Contest Hacked and Defaced

[$RANDOMLUSER]

So it's like all their other software then?

Oh come now, mods, have a sense of humor!

[zooblethorpe]

The parent post warrants a +1 Funny more than a troll. :)

Cheers,

Hacked or just a blog post?

[The_Fire_Horse]

Screenshots dont look too spectacular - how do we know they didnt just create a bunch of accounts and post shit on their website.

Or is that what passes off as hacking these days?

Re:

[MichaelSmith]

Or is that what passes off as hacking these days?

Sadly, yes.

Was SELinux enabled?

[pembo13]

They really shouldn't be running HTTP daemons without SELinux running. Such services are just too popular a target.

rewriting the windows calculator?

[Punto]

What about the guy who found a security hole on IIS and wrote and exploit for it? that sounds way cooler than rewriting calc.

Re:rewriting the windows calculator?

[Anonymous Coward]

What about the guy who found a security hole on IIS and wrote and exploit for it? that sounds way cooler than rewriting calc.

Easier too.

Re:

[Fluffeh]

I can't help but agree.

You kill two birds with one stone, first it would show Microsoft with a sense of humor, second it would probably give the hacker who hates Microsoft something to do other than hack Microsoft websites - like play Xbox.

Re:

[mixmatch]

like hack Xbox Live.

There, fixed that for ya.

Hardly hacked

[NeumannCons]

To me it would appear that someone submitted entries with an bogus title and accompanying description. Hacked? Hardly. What surprises me is that no one submitted Viagra programs with accompanying links in the description.

These aren't the droids you're looking for. Move along.

Re:

[Anonymous Coward]

Existing entries were overwritten with the bogus data. That sounds like it was hacked to me.

Re:

[WTF Chuck]

Judging from some of the entries, the bogus data would have been more useful.

Re:

[aka_big_wurm]

I am with you this site was not hacked, seems like some are so quick to jump on MS about anything. By the way the guy who submitted the article is the same guy who wrote it.

Re:Hardly hacked

[thatskinnyguy]

My thoughts exactly. News? no. Waste of time to look at? Definitely. NEXT!

Re:

[againjj]

Microsoft agrees with you. [itwire.com] However, the article writer is not so sure.

Lame

[Anonymous Coward]

If you want a prize, why not come up with a hack that releases OEMs from their contractual obligation to pre-load Windows? Or maybe a hack that dis-allows Microsoft from counting the sale of a Dell server with Linux installed as a sale of a Windows license. How about a hack that gives the ISO people a spine and some cojones?

Now, those would be worth a prize.

Re:

[X0563511]

Now, those would not be hacks. Feats worthy of praise they would be, but they would not be hacks.

Let's See...

[DougF]

If I write an app for Apple's iPhone, I run the chance of being denied, but I could make lots of $$$. If I write an app for MS, I could get some lovely departing gifts. Tough choice.

Re:

[I'm not really here]

Option C. Write for Android - could make millions, could make nothing, but hey, there's less competition and almost no restrictions!

Microsoft programmers....stars? Too funny...

[subnomine]

I speak from about 15 years experience at multiple companies and not bias that the more "Microsofty" the programmer is, the worse they are.
The current project I am on is full of the Microsoft way of doing things. And get this:
We have a Linux server and Windows client, and they designed a Windows Registry as an interface to the database on Linux. They are having piss-poor performance due to many design issues related to this thing. I should probably post it to Daily WTF. I mean WTF indeed.

Who wants to be a Microsoft Star!! Wooohoo!

Re:Microsoft programmers....stars? Too funny...

[Seakip18]

Please do! As a young programmer starting out, I keep an eye on Daily WTF for what NOT to do. Well, most of the time anyways.

The fact they use the registry as the interface makes my eye twitch.

Re:

[akoltz]

The fact they use the registry as the interface makes my eye twitch.

The fact that you take an anti-MS post on /. at face value makes me sad for humans.

Re:

[Seakip18]

Oh sorry. Didn't see you there. You must be new.

There has nothing to with MS, rather how, in my limited experience, coders would use the registry as the preferred interface. While I guess I could have been more clear is qualifying what I thought about Microsoft, this has nothing to do with them, but rather bad design. I think the OP had the same idea, though he clearly shows no love for MS.

If you get sad from internet post, maybe this isn't the place for you.

Re:

[cjb658]

I speak from about 15 years experience at multiple companies and not bias that the more "Microsofty" the programmer is, the worse they are.

Works the same for users, too.

Re:

[Liquidrage]

So what about the /. poster that spends post after post in meaningless MS stories, that if they actually ready them, aren't even stories?

What I don't get is, as intelligent people (which is relative), don't some of you feel the least bit ashamed at the quality of the anti-MS stories here? There is plenty of legit bashing to do. But /. has fallen to the level of posting stuff like this.

/. consistently has misleading headlines on MS stories, not to mention sensationalism. I just don't understand how peo

Re:

[RulerOf]

they designed a Windows Registry as an interface to the database on Linux.

So wait, let me get this straight... these people know both Windows *and* Linux so well that they wrote a Windows Registry for Linux, rather than cutting the bullshit and using SQL?

That sounds very... irresponsible.

Re:

[subnomine]

Yes, "irresponsible." You have a way with words!

Well...This is more of a hardware shop with Windows experience and the lead engineer doesn't know SQL. The database didn't need performance (until now).
Updating each and every single variable means connecting to the database, authenticating, starting a transaction, committing, and disconnecting. Once per variable.

Re:

[Bodrius]

I'm sure you have other reasons to dislike it - but that sounds like a design mistake that has little to do with the 'registry-like' interface.

I've seen the same 'feature' (commit on-change) on a lot of other naive user interfaces for remote database storage - web forms, spreadsheets, desktop clients... Typically the product of good intentions, and very optimistic assumptions about the usage.

There's nothing magical about a 'registry-like' tree that makes explicit batch updates impossible - or on other inter

Re:

[ChienAndalu]

I don't think you could use SQL that well - I mean, the registry is hierarchically organized, so you would have to use a hierarchical DB like *shudder* LDAP.

OR you just could plain text files and store them in specified directories.

Re:

[deniable]

Would you care to explain what you mean by "Windows Registry." You're not talking about the actual Registry or hive files are you? It would be possible to build a service that monitored the local hive and replicated the changes to a back end DB. It could get ugly, but would make for an interesting product.

If you simply mean a tree-like data structure then I can see what you're talking about, but I've seen that kind of retardation in Unix software as well. It's not a Microsoft only phenomenon.

If they were re

Re:

[eagee]

>>>"Microsofty" the programmer is

I think what you're trying to say is the more a programmer buys into *hype* the worse they are.

I work in an Microsoft shop, I don't especially like using linux, and I enjoy the luxuries M$ products have to offer. That doesn't make me a bad programmer.

What makes someone a bad programmer is if they make design decisions based on what sounds cool instead of what makes sense (or if they put that stupid "_" in front of my member variables instead of using "this.

Microsoft Programming Contest Hacked...

[Anonymous Coward]

1. Microsoft Programming Contest Hacked and Defaced.
2. Story posted to Slashdot and nobody cares.
3. Posting Anonymously to protect my kharma - priceless.

Well...

[Puffy Director Pants]

It's no Atari Computer Camp, that's for sure. For one thing, I heard there was actually a female applicant.

Which app would you pick off that list?

[Anonymous Coward]

I want to see the calculator wins, it would be damn funny if the STAR application is the calculator.

Who knew this contest was happening?

[zaffir]

I had now idea this contest was going on. I'd have been happy to enter. Throwing together something small, but better than a .Net calculator, for a chance at a free XBox? Absolutely!

Way to go, Microsoft Marketing dept!

As for Reading TFA...

[YenTheFirst]

It's more than JUST an xbox.

The grand prize on offer includes airfare to Las Vegas, accommodation at the Venetian and tickets to the MIX09 Developer Conference in March next year, along with Visual Studio 2008, an Xbox 360 Elite console pack and a Samsung Omnia mobile phone. Runners up win various combinations of Visual Studio, Xbox 360 Elite packs and Wireless Entertainment Desktop 8000 keyboard and mouse combos.

HACKED BY BENJYMOUSE

[benjymouse]

HACKED BY BENJYMOUSE HACKED BY BENJYMOUSE HACKED BY BENJYMOUSE There, now I "hacked" slashdot the very same way. The "hacked" and "defaced" site is nothing more than submissions (like comments on slashdot) with "HACKED BY OVERLORD" text. No JavaScript injection, no SQL injection, no nothing. Some medias will go to any length to capture traffic. sheesh.

Re:HACKED BY BENJYMOUSE

[Patrik_AKA_RedX]

The Headlines:
A hacker known by the name BENJYMOUSE has today been arrested for defacing a popular news site. The 2 SWAT teams were deemed necessary as hackers are known to be armed and dangerouse and usualy in company of muslim terrorists. Only 2400 rounds were fired and a mere 25 bystanders were killed. Rumors that the terrorist-hacker was playing a loud videogame instead of firing his as yet undiscovered arsenal of weapons show that these terrorists are not just evil, but also lazy.

The hacker will be put on trail for possesion of illegal invisible weapons of mass destruction.

just submitted to the slashdot story queue

[commodoresloat]

commodoresloat writes "Slashdot followed their major annual asteroid-collision article with an article called 'Microsoft Programming Contest Hacked and Defaced.' While the quantity and quality of posts suggest a poor turnout, it certainly caught the attention of a hacker named 'BENJYMOUSE' who left his mark. Here is the low-down on the slashdot post, what happened, by whom, and screen shots for posterity in case it's been fixed by the time you read this. And unless the quality of posts increase dramatically within the next few hours, someone may be awarded mod points for doing nothing more than rewriting the *BSD troll as an anti-M$ post."

Re:

[I.M.O.G.]

"F-" ...I'm concerned, please see me after class!

Just kidding... But actually, its slightly more impressive than you noticed. They modified existing submissions thereby appearing as the top submission. While not groundbreaking, its more than simply posting garbled messages to a public board.

Re:

[Synjyn]

It seems any tiny bit of news can be sensationalised into something to grab headlines these days

Captain Obvious

[mcbutterbuns]

My favorite submission was posted by Captain Obvious and his uber cool "windows media radio 4 windows mobile" application.

Description:
The past: Listening mp3s
The future: Listening streaming music.



Watch out Apple!

DevSta? Seriously?

[paniq]

This is what we need in the programming world, more developers with an ego complex. "Star developers", way to go, when a part of skill lies deeply in being able to communicate and organize oneself in a community or company.

"Star developers" sounds like these people need three flatscreen monitors, a massage chair and a personal makeup assistant to be happy.

The reason why no serious programmers will turn up at this event is the same reason, why I'm not at this event: I am busy doing serious, real life code. I have no time for marketing shams.

So, how are those sour grapes?

[SmallFurryCreature]

If you are not good enough to get the best work enviroment possible, then well, that sucks for you.

I doubt you are even a decent developer anyway, flatscreen monitors? Hello? Can you even buy CRT's anymore that are cheaper then totally flat LCD's.

If your boss did a cost/benefit study he would quickly realize that a good chair and interface pays for itself. A good chair allows you to remain comfortably seated for longer. Same with a quiet office, more hours spend coding means more money made. Three screens

Re:

[Jesus_666]

Now that's just mean. I happen to be a star developer and I tell you it's hard work. If you don't balance mass vs. density, hydrogen vs. deuterium vs. tritium vs. helium etc. just right you end up with something that blows up or goes brown dwarf in a couple dozen myriads alredy. Developing a solid (ha!) star that keeps burning for millions of years (without the spectral lines creeping out of spec, to boot) is pretty difficult, really.

Star development really should become an engineering job and I don't thi

Re:

[i.r.id10t]

Nah, stars are easy. Its the planets that take work - ever seen what it takes to make a good fjord or two?

Re:

[Jesus_666]

If you think fjords are easy you never had to tweak a star's chemistry to get the protuberances just right. That's not to say a good fjord doesn't deserve recognition, though.

!hacked

[DarkTitan_X]

I had my organization's site "hacked" the same way three weeks ago.

Had I known it were news, I'd have contacted local news media rather than the modest response of contacting my web hosting provider and asking that they patch the vulnerability in their SQL server.

Chickenshit

[c0d3r]

After working for Microsoft, I had a lowered respect for them, but now after this kind of chickenshit stuff, I have new found respect for them (unless its an inside job). Its creating thats challenging, destroying is easy. Most any engineer won't crack, because they create, not destroy, when in fact they can cause the most havoc, but its not worth it due to integrity, and the fact that its too easy.

Re:How about this one...

[Bill, Shooter of Bul]

Maybe because Mono 2.0 was released [mono-project.com], but not by microsoft.

Re:

[Anonymous Coward]

According to TFA, those were valid contest submissions that were subsequently defaced. Not sure whether that's true or not though.

Re:

[Anonymous Coward]

Well, if you read the article, you'll see that it's not just bogus posts, they've apparently actually managed to alter existing submissions, which is how they became the top submissions. Not nearly as significant as actually defacing the site entirely, but certainly more impressive than just making fake posts.

Re:

[jcuervo]

I'm using the INTERNETS!

Re:Let me be the first to say

[dhalgren]

In other news, Alanis Morissette is found posting on Slashdot under the name 'db32'.

Re:

[Rob Kaper]

Alanis Morisette is either very stupid (not a single line in her song is about irony) or very clever (for calling a song about sarcasm Ironic).

Re:mhm

[narcberry]

The screenshots look like these "hackers" defaced the site by ...

*drum roll* ... posting to a forum!!!

OMG /. HACKED BY NARCBERRYHACKED BY NARCBERRYHACKED BY NARCBERRYHACKED BY NARCBERRY

Re:

[Reece400]

Lame hack, but much more lame trying to pass this as news......