Error Reporting Oops: Microsoft, Meter Maids and Malicious Code

At a Microsoft TechEd conference, a security expert said hackers "accidentally" send their malcious code via error reporting to Microsoft, and (oops) Microsoft sends global error report by bringing in scantily dressed meter maids.

Do you think hackers are dumb enough to send malicious code directly to Microsoft via Windows error reporting? Do you think Microsoft is foolish enough to flaunt scantily dressed women at a tech convention while celebrating women in IT? The answers are apparently yes to both, at least according to what happened Down Under last week.

At the Australian Microsoft TechEd 2010 conference, a Microsoft senior security architect explained top hacking methods and how developers could avoid those designing pitfalls.

According to ZDNet, Microsoft senior security architect Rocky Heckman, told attendees that when hackers write viruses, which in turn crash their Windows computers, those same hackers send the error reports, details and malicious code, directly to Microsoft. I doubt seriously that any real "hackers" do, but script kiddies might. Heckman stated, "The first thing [script kiddies] do is fire off all these attacks at On average we get attacked between 7,000 and 9,000 times per second at"

It seems likely that some of those error reports might be coming from infected computers that crash and not "hackers" attacking Microsoft, but who knows? The lesson here seems to be that error reporting should be disabled right away, kiddos. Or just say "No," or even "Do the right thing." I wonder if Microsoft wished it could turn off error reporting on a global social media scale? Some of the 2,700 IT workers that attended enjoyed the next publicity stunt, while some others were livid. It will be interesting to see if Redmond HR reacts as this "deepest sympathies" tweet predicts.

At the same TechEd conference, Matt Marlor, the AuTechHeads lead (also known on Twitter as the "SPIN *HATER*" @OhCrap) tweeted this photo of scantily clad meter maids, a.k.a. booth babes, who appeared at the conference.

The Sydney Morning Herald (SMH) came out with two articles about the meter maids at the Microsoft TechEd conference. In the first, Meter maid stunt backfires at Microsoft geek gathering: "Microsoft says it had no idea the 'meter maids' it hired to titillate attendees of its TechEd conference on the Gold Coast would be half naked after the promotional stunt backfired spectacularly."

"The meter maids, iconic figures on the Gold Coast with skimpy gold bikinis that leave little to the imagination, were present at the welcoming reception earlier this week. Ironically, a key session at the conference was devoted to 'women in IT'," SMH further explained. 

"It's official. The Meter Maids just took their tops off. #AuTechEd #WelcomeParty," tweeted @themolk, although I'm pretty sure it was a joke. Here are other tweets.

Later the SMH published this article, Chief meter maid hits back at Microsoft. The head meter maid, Roberta Aitchison, basically accused Microsoft of lying. Aitchison told a reporter during a phone interview that Microsoft and the Company events team knew of the skimpy outfits. "The garments were chosen specifically by them over a period of 2-3 weeks of them looking at photographs of the girls.," she stated. "They came back to me by email stating which garments they would like the girls to be wearing."

Microsoft...not telling the truth to the public? Surely not?

Some women and others were not at all pleased. Microsoft Australia's managing director, Tracy Fellows, tweeted, that it was "not acceptable PERIOD!" and "JUST WRONG!"

Microsoft "manned up" and took full responsibility. Aitchison added insult to injury by suggesting the meter maids added spice to a conference that would otherwise have been "boring."

Funny thing about error reporting, neither seems too bright: Script kiddies sending error reports if they are indeed trying to attack Microsoft with malicious code? Microsoft celebrating "women in IT" by bringing out meter maids with their hineys practically hanging out for a publicity stunt? That's sending a global error report to anyone who cares to view it.

image credit and linked to @themolk

Tweets are public, people...just ask the Library of Congress.

Copyright © 2010 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)