[ISN] Asian Conference Hosts Hacking Contest

From: cult hero (jerichoat_private)
Date: Thu May 13 1999 - 03:22:59 PDT

  • Next message: cult hero: "[ISN] Ban on Unauthorized Online Access in Japan to be Enacted"

    Forwarded From: William Knowles <erehwonat_private>
    [Another lame security stunt, Not worth anyones time. I would love to
     see one of these security firms that sponsor these contests to post a
     $100,000+ prize in a numbered account with 6-12 months to break the
     security of the product in a real world enviroment, and not in the
     span of a week on a trade show floor.    - William Knowles]
    (TechWeb) [5.12.99] A conference in Singapore is working to show the
    dangers of hacking, ironically, by holding a hacking contest with
    thousands of dollars in prizes. The international Hackers Zone
    competition, which started Wednesday, is offering $10,000 to the first
    person to successfully break into servers connected to the Web and running
    security products.  One server is running security products from Voltaire
    Advanced Data Security, while the second server is running software from
    Conclave Integrated Security. 
    Hosted by Infosecurity Asia '99, the computer-security conference that
    will be held in Singapore next month, is open to anyone in the world.  In
    order to prove the success, hackers have to move a file onto the server,
    or modify the Web page hosted there, and then send an e-mail describing
    their action to an address set up at Yahoo. The conference has promised to
    keep the names of all contestants confidential. 
    The sponsors of the contest sought to point out that they did not endorse
    hacking, the general term for breaking into computer networks.  Some
    computer enthusiast prefer the term "cracker," using the term hacker
    instead to refer to any hard-core programmer. 
    "We consider hacking a criminal offense prosecutable in many countries and
    we do not condone such actions," said George Kane, regional director of
    Conclave, in a statement. 
    Dan Farmer, a well-known computer-security expert, said such contests are
    not what they're cracked up to be. 
    "Organizations do this from time to time -- it's not unusual," Farmer
    said. "I view them as misguided and modestly dangerous publicity stunts." 
    There are a number of problems with such contests, he said. For one thing,
    the computer set-ups rarely mimic the way a network would be forced to
    work in the real world. Thus, he said, some companies use such contest to
    tout the invincibility of their systems and say how they foiled the
    world's best crackers, even though the world's best hackers probably would
    not get involved in something like this. 
    Companies also get free testing of their systems. For instance, they can
    get "attack signatures," digital fingerprints that show how people attack
    a certain system. These can be used later to help companies realize when
    they are being attacked in the future. Such signatures are hard to get in
    the real world. Furthermore, such security testing can be quite expensive. 
    "10K is chump change in the corporate world," Farmer said. 
    Farmer is the author of Security Administrator's Tool for Analyzing
    Networks, a Unix tool that systems administrators use to test for security
    breaches in networks. The program, known as SATAN, caused a stir when it
    came out in 1995, prompting Farmer to publish multiple documents through
    his website explaining the rationale behind the software. The difference,
    Farmer said, is that contests encourage a certain type of behavior. 
    "They're sending a message that breaking into systems is OK, that they'll
    reward the best and brightest," Farmer said. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:26 PDT