When hackers crash their systems while developing viruses, the code is often sent directly to Microsoft, according to one of its senior security architects, Rocky Heckman.
When the hacker’s system crashes in Windows, as with all typical Windows crashes, Heckman said the user would be prompted to send the error details — including the malicious code — to Microsoft. The funny thing is that many say yes, according to Heckman.
"People have sent us their virus code when they’re trying to develop their virus and they keep crashing their systems," Heckman said. "It’s amazing how much stuff we get."
And I wonder how much code they get from regular developers, and what they do with it…
Heckman said there were two reasons why the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years.
“One, it tells me that the bad guys go with what they know, and two, it says the developers aren’t listening,” he said.
Heckman said that developers should consider all data input by a user as harmful until proven otherwise.