Hackers at Microsoft?! Now, wait a minute ...

Their existence is inarguable; it's the title that's weirding some folks out
For the record, there are hackers at Microsoft. Just don't call them hackers.

In August, a blogger using the handle "Techjunkie" started a Microsoft Developer Network blog called Hackers @ Microsoft that, he claimed, would introduce the world to some of the ethical "white hat" hackers working there.

White-hat hackers are security professionals who use many of the same techniques as the bad guys, but who learn how to break into systems for research purposes only. "The focus of this blog is likely to be a little different from most other blogs you'll see on blogs.msdn.com," Techjunkie wrote.

Then he went silent for a month and a half.

Late Thursday, however, Techjunkie resurfaced, saying that he was dropping the Hackers @ Microsoft name. "There was some concerns raised that the average blog reading audience may not be able to discern the difference, and we may inadvertently associate Microsoft with the negative connotations of the word 'hacker' that is out there," he wrote.

Techjunkie didn't say whether the decision to drop the name came from Microsoft Corp.'s marketing department, but if it did, he's found a way to get even. "To alleviate that concern, I've changed the name of the blog to '%41%43%45%20%54%65%61%6d'," he wrote.

"%41%43%45%20%54%65%61%6d" may not be as memorable as Hackers @ Microsoft, but it does mean something. It is code for "ACE Team," a reference to Microsoft's Application Consulting & Engineering Team, which does performance, security and privacy development work at Microsoft. They have a blog too.

Microsoft's PR agency said Friday that Techjunkie is, in fact, Ahmad Mahdi, a manager with the ACE Team. The %41%43%45%20%54%65%61%6d name was chosen to "better reflect the intent of the blog, its posts and content, as well as the work conducted by security researchers at Microsoft," a spokeswoman said via email.

Microsoft has talked frequently about its growing use of ethical hackers to test its products for bugs. The software vendor even invites them onsite twice a year for its Blue Hat security conference.

Techjunkie followed up his Thursday evening post explaining the name change with a generic blog item on the need for security processes when developing software.

The debate over the term "hacker" is long running and bitter. Originally used to denote someone creative who enjoyed building new things with computers the term has also come to mean computer attacker in the popular culture, much to the dismay of the white hats.

One security professional who also maintains a hacking blog said he understood why Microsoft may have wanted to drop the name. "Unfortunately, I think there's a bit of a stigma associated with the word hacker," said Robert Hansen, CEO of security consultancy SecTheory LLC and also the man behind the ha.ckers.org Web site.

Though Hansen considers himself a hacker, he says that he sometimes downplays this fact in business situations. "There are definitely times at which I use the ha.ckers.org persona more than I use the SecTheory persona," he said. "Some people aren't comfortable with the concept."

(Theo ComputerWorld)

Microsoft offers IE7 to all, pirates included

Browser download in XP no longer requires a WGA check
Users running pirated or counterfeit copies of Windows XP or Windows Server 2003 can now download Internet Explorer 7, Microsoft announced yesterday.

From the moment it released IE7 almost a year ago, Microsoft has restricted the browser to users who can prove they own a legitimate copy of the operating system. Before Microsoft allows the browser to download, it runs the user's PC through a Windows Genuine Advantage (WGA) validation test, a prime part of XP's antipiracy software.

When it instituted the requirement in 2006, Microsoft said rights to IE7 was one of the rewards for being legal. It changed its mind yesterday, saying the move is in users' best interest.

"Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we're updating the IE7 installation experience to make it available as broadly as possible to all Windows users," said Steve Reynolds, an IE program manager in a posting to a Microsoft company blog. "With today's 'Installation and Availability Update,' Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users."

Microsoft has consistently touted IE7 as a more secure browser, and post-launch patch counts back that up. In the past 11 months, IE6 for Windows XP SP2 has been patched for 22 vulnerabilities, 20 of them rated critical. IE7 for XP SP2, however, has been patched only 13 times; 10 of those fixes were ranked critical. In fact, when Microsoft announced that IE7 would not be offered to users running illegal copies of XP, some analysts questioned the company's commitment to security.

This is the first time that Microsoft has removed a WGA check for a major product. Among those that still require validation are Windows Defender, the company's antispyware software, and Windows Media Player 11.

Several people who left comments on Reynold's post wondered if there's more to the decision than meets the eye. "I am guessing that this is in reaction to Firefox's growing market share," said someone identified as Dileepa. "I am not surprised at this at all."

Mozilla Corp.'s Firefox has gained some ground on Internet Explorer since IE7's launch. According to Net Applications, a Web metrics company, Firefox's share is up by about two percentage points since October 2006, while IE's total -- IE6 and IE7 combined -- slipped by more than three points.

IE7's uptake was dramatic late last year, when it went from about a 3% share in October to 18% in December, but growth has slowed. Since April, for instance, it has increased its share by four percentage points, almost all of it at the expense of the older IE6.

The IE7 update also sports a few tweaks: The menu bar is now visible by default, for example, and a new administration kit that includes a revamped MSI installer is available to smooth corporate deployment.

Users can download IE7 from Microsoft's site immediately or wait for it to appear in Windows Update as a high-priority item. It will take several months for Windows Update to roll out IE7 to all XP customers, and anyone dissatisfied with the new browser can downgrade to IE6 by using the Add/Remove Programs control panel applet.

A blocking tool kit is still available for companies and organizations that don't use Windows Server Update Services and want to permanently prevent IE7 from automatically installing on PCs equipped with IE6.

(ComputerWorld)