Oooh MD5
by Devanshu Mehta
“C-net’s News.com”:http://news.com.com/Microsoft+meets+the+hackers/2009-1002_3-5747813.html?tag=nefd.lede has an article about how “Microsoft”:http://www.microsoft.com apparently had a conference where they invited ‘hackers’ to help them discover security flaws. My first and humongous beef with the article is the usage of the term ‘hacker’; but that’s a whole ‘nother issue for a whole other day.
The more subtle issue is from this paragraph:
“this one guy with a shock of white hair looks straight at me and just says, ‘MD5.'” Kaminsky, who said the comment seemed more like an order than a request for information, complied by demonstrating how two Web pages could have the same “hash,” as the man listened and nodded knowingly.
A week later, Kaminsky learned that his interrogator was Jim Allchin–one of the highest-ranking executives at Microsoft and, as the person in charge of the Windows operating system, one of the leaders in the technology industry as a whole. Allchin’s questions made clear just how deep the technical knowledge runs among the most senior ranks of the world’s biggest software company.
MD5- in the eyes of Ina Fried of CNet is ‘deep technical knowledge’. For someone who is in-charge of Windows- and I mean IN-CHARGE- knowledge of MD5 should never be impressive. What audience is this article meant for?
I have trouble with journalists misleading non-technical people with techspeak to push a story. The ‘hacker’ in the headline is there to draw readers and the ‘MD5’ in the anecdote is to get non-techs impressed with Microsoft’s interest in security. It will take more than an awesome, deep knowledge of MD5.
Science Addiction 
As I wrote on Slashdot…
It wasn’t so much the question, as the unexpected nature of it. I’d just finished talking about very different things — video over DNS, backtunnelling through dual-hosted name servers, etc — and it had been about 20 minutes since I’d mentioned that, *if* someone asked, I’d show what was wrong with MD5.
No matter. This guy — I had no idea who he was at the time — heard something he needed to precisely understand, and got his answer at his first opportunity.
It’s kind of cool that senior management at Microsoft a) showed up at an internal hacker con and b) knew enough to not only understand what I was talking about, but was interested enough to demand more.
Dude. Have you met anyone in senior management? There’s a reason so many people relate to the Dilbert PHB.
I have no issue with you being impressed with the person asking the question; I have trouble with the way the story was presented on C-Net. First off, they say it was a Microsoft event- not an internal hacker con. Also the only reason we are expected to be impressed is because it’s the guy in-charge of Windows (which is how C-net’s Fried described the guy); if Linus Torvalds asked about MD5 people would have yawned. And yes, I have met senior management and I know how they can get; but I refuse to view Microsoft in a different light because their senior management knows enough to ask about MD5. Like I said, all of this is an issue only because we are talking about Microsoft. If the senior management of any other company was interested in a security issue, people would take it in their stride.