Slashdot Log In
Microsofts "Honeymonkey" Project
Posted by
samzenpus
on Wed May 18, 2005 06:04 PM
from the how-could-this-go-wrong dept.
from the how-could-this-go-wrong dept.
g0bshiTe writes "Ever hear the saying, 'given enough time a room full of monkeys could type out Shakespeare'? Well Microsoft seems to be taking this saying to heart, and taking a cue from the Honeynet project, they have created what they have dubbed 'honeymonkeys.' Security Focus has an article which describes this honeymonkey network, which is little more than a network of virtual Windows XP boxes in various patch states. These boxes are setup to crawl the seedier side of the web in search of vulnerabilities not bieng reported, and are being actively exploited in an attempt to further secure their product. Sounds like a decent idea from the Redmond crew to me."
Related Stories
[+]
MS Research Automates Search Engine Spam Hunt 68 comments
Barbie Dollar writes "Researchers at Microsoft are working on an ambitious new project to hunt down and neutralize large-scale search engine spammers. The project, called Strider Search Defender, automates the discovery of search spammers through non-content analysis. The project integrates technology from two previous Microsoft Research prototypes (Strider HoneyMonkey and Strider URL Tracer) and promises a new approach to removing junk results from search engine queries."
This discussion has been archived.
No new comments can be posted.
Microsofts "Honeymonkey" Project
|
Log In/Create an Account
| Top
| 320 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
(1)
|
2
secret name of the honeymonkeys (Score:5, Funny)
(http://www.gatecrash.org/)
Re:secret name of the honeymonkeys (Score:5, Funny)
Re:secret name of the honeymonkeys (Score:5, Funny)
No, those are developers. Developers. Developers. Developers. Developers. Developers. Developers.
Re:secret name of the honeymonkeys (Score:5, Funny)
I like monkeys. The pet store was selling them for five cents a piece. I thought that odd since they were normally a couple thousand each. I decided not to look a gift horse in the mouth. I bought 200. I like monkeys.
I took my 200 monkeys home. I have a big car. I let one drive. His name was Sigmund. He was retarded. In fact, none of them were really bright. They kept punching themselves in their genitals. I laughed. Then they punched my genitals. I stopped laughing.
I herded them into my room. They didn't adapt very well to their new environment. They would screech, hurl themselves off of the couch at high speeds and slam into the wall. Although humorous at first, the spectacle lost its novelty halfway into its third hour.
Two hours later I found out why all the monkeys were so inexpensive: they all died. No apparent reason. They all just sorta' dropped dead. Kinda' like when you buy a goldfish and it dies five hours later. Damn cheap monkeys.
I didn't know what to do. There were 200 dead monkeys lying all over my room, on the bed, in the dresser, hanging from my bookcase. It looked like I had 200 throw rugs.
I tried to flush one down the toilet. It didn't work. It got stuck. Then I had one dead, wet monkey and 199 dead, dry monkeys.
I tried pretending that they were just stuffed animals. That worked for a while, that is until they began to decompose. It started to smell real bad.
I had to pee but there was a dead monkey in the toilet and I didn't want to call the plumber. I was embarrassed.
I tried to slow down the decomposition by freezing them. Unfortunately there was only enough room for two monkeys at a time so I had to change them every 30 seconds. I also had to eat all the food in the freezer so it didn't all go bad.
I tried burning them. Little did I know my bed was flammable. I had to extinguish the fire.
Then I had one dead, wet monkey in my toilet, two dead, frozen monkeys in my freezer, and 197 dead, charred monkeys in a pile on my bed. The odor wasn't improving.
I became agitated at my inability to dispose of my monkeys and to use the bathroom. I severely beat one of my monkeys. I felt better.
I tried throwing them way but the garbage man said that the city wasn't allowed to dispose of charred primates. I told him that I had a wet one. He couldn't take that one either. I didn't bother asking about the frozen ones.
finally arrived at a solution. I gave them out as Christmas gifts. My friends didn't know quite what to say. They pretended that they like them but I could tell they were lying. Ingrates. So I punched them in the genitals.
I like monkeys
Re:secret name of the honeymonkeys (Score:4, Funny)
(Last Journal: Friday December 17 2004, @07:14PM)
Mod parent +5 funny!
Re:Hmm. (Score:5, Funny)
(http://nguti.blogspot.com/)
"he is a doubleplusgood honeyeymonkeyer."
"Bluescree! Praise m.s.!"
"MSCalc: 2+2=5!"
Re:Hmm. (Score:5, Funny)
The First Crash (Score:5, Funny)
(http://www.underachievement.org/ | Last Journal: Sunday January 21 2007, @10:58PM)
I think they were computing pi.
Get ready for a ton of these (Score:5, Funny)
Just thought I'd head everyone off here...
(lameness filter padding lameness filter padding lameness filter padding)
Nope (Score:5, Funny)
It takes a Terminator to defeat Skynet. It takes a script kiddie and a buffer overflow to defeat Windows.
Warning: This Operation Has Side Effects (Score:5, Interesting)
mmmmmm... honeymonkey (Score:5, Funny)
But the real reason they named the project this is because they intend to sting you like a bee and then throw fecal matter at you.
Re:mmmmmm... honeymonkey (Score:4, Funny)
(http://n1vg.net/)
Good idea (Score:5, Interesting)
(http://keleus.freeshell.org/ | Last Journal: Sunday October 28, @02:17PM)
Re:Good idea (Score:5, Funny)
(http://www.covenantspice.com/)
Re:Good idea (Score:5, Insightful)
Not really, as script kiddies, by definition, don't typically discover exploits, they're more thrill seekers looking for an ego trip. When an exploit stops working, they'll just move on to another. When (if?) exploits become hard to find, because true crackers protect them better, the script kiddies will return to their previous pursuits, games and porn.
Re:Good idea (Score:5, Funny)
...
God I'm depressed now.
"bieng"? (Score:5, Funny)
New job posting at Microsoft (Score:5, Funny)
Help Wanted:
Can you surf for porn at least 8 hours a day?
Self-motivated, goal-oriented individual needed full-time.
Pay commensurate with experience.
Re:New job posting at Microsoft (Score:5, Funny)
(http://brokenhut.livejournal.com/)
Re:A good idea (Score:5, Insightful)
(http://www.dakiniband.com/)
""Just by visiting a Web site, (if) suddenly an executable is created on your machine outside the Internet Explorer folder, it is an exploit with no false positive -- it's that simple," Yi-Ming Wang, senior researcher with Microsoft Research, said during a presentation at the IEEE Security and Privacy conference in Oakland last week."
Want this sillyness fixed? Kill the ActiveX shit! Microsoft created that mess in the first place trying to dominate Java and like usual instead of going for the cause they go for the symptom.
B.
Re:Hmm sounds like a great idea (Score:4, Insightful)
(http://www.public.asu.edu/~corba3/)
In articles I tend to see just a small fraction of posts showing this supposed typical groupthink... and then a gigantic mass of posts from people who think they're observant and different and insightful for pointing out that it's going on.
I'm available... (Score:5, Funny)
(http://scott-klein.com/)
I like to call it, "break time"
Re:Sounds stupid (Score:5, Insightful)
This group also did "ghostbuster" (Score:5, Informative)
(http://www.icsi.berkeley.edu/~nweaver/)
This is part of the general Strider Project [microsoft.com] in Microsoft Research. They do very good work.
I say (Score:5, Funny)
(http://www.emacswiki...iki/ChristopherSmith | Last Journal: Monday November 12, @06:29PM)
So your saying... (Score:4, Funny)
Exploits on real vs. virtual XP boxen (Score:3, Interesting)
The point is that to the extent that the virtual XP box fails to emulate ALL the features of real hardware, there will be some room for doubt. Despite this misgiving, I commend Microsoft for tackling this problem.
this news is BIG (Score:5, Funny)
(http://www.ubuntunews.info/)
-- someone exploits a vulnerability
-- 2 weeks later someone discovers it
-- half a year later M$ patches it
-- three years later new version of Windows is released and finally the last 80% of users have patched systems.
it took 3 years, 6 months and 2 weeks to patch most computers.
Post-Monkey Era:
-- someone exploits a vulnerability
-- 2 days later monkeys report it
-- half a year later M$ patches it
-- three years later new version of Windows is released and finally the last 80% of users have patched systems.
it took 3 years 6 months and 2 days to patch most computers.
nice PR move though.
how much thought went into this? (Score:5, Insightful)
1. Are these machines using non-Microsoft IP addresses for their 'net access?
2. If not, how long until the worm authors take that into account?
Honeymonkey Blacklist (Score:4, Informative)
(http://www.virtualglobetrotting.com/)
Disappointing story (Score:5, Funny)
(http://www.thefryhole.co.uk/)
It's a coverup (Score:5, Funny)
sounds to me like they copied this guy (Score:3, Informative)
(http://www.juniperforum.com/)
http://www.malwareblog.com [malwareblog.com]
He's been doing this exact same thing for almost the past year. The site just went up a couple months ago, but he's been sending his findings to AV companies and some mailing lists for much longer. There's a lot of undiscovered stuff floating around out there.
For Those in the Corporate IT World (Score:3, Insightful)
(http://tomatobasil.blogspot.com/)
You mean... (Score:3, Insightful)
MS - the security company (?) (Score:3, Insightful)
Re:Did the sun rise from the West? (Score:3, Insightful)
Sort of.
A good idea from the MS guys is a really rare thing.
And as such, it is certainly worth the praise.
Re:why various patch states? (Score:3, Insightful)
Maybe because they're trying to simulate the real world?