I was sent a few copies from ISN readers of a flyer below that has been making the rounds in the San Francisco Bay area and later I recieved another note from a Scott Wimer from Cylant which gave this information... -=- Cylant Technology has developed a behavioral measurement approach to intrusion prevention. The CylantSecure architecture uses real-time behavioral measurement to prevent intrusions and malicious misuse of computer systems. As a demonstration of CylantSecure, we have deployed victim.cylant.com. This machine is a stock RedHat 6.2 Linux box with Everything running, including several services with known vulnerabilities. We will be giving the hardware to the first person who successfully can get root on victim.cylant.com. [...] The CylantSecure architecture is designed to protect software against attacks without any signatures or rule-sets needed. To our knowledge, this is the best way to protect a system from being compromised. -=- So curious that this wasn't an inside joke to hack someone else's network I called Mr. Wimer to find out a little more information. The first thing that caught me offguard is that Cylant has no in-house security people, no computer hackers, no ex-military, or fun three-lettered agency types working for them, that they looked at all the security models out there now and wrote a security program from a clean sheet of paper and this is their first real-world test of the software. I asked Scott Wimer why the prize is so small, for what looks to be a hard task, and if they are so sure this technology is secure, why not offer something like an SGI server that runs Linux and $50,000 in cash. Mr. Wimer said that they are a small company and can't afford that kind of prize package now. So a little guerrilla marketing from Cylant got my attention, I guess if anyone wants to try hacking this for a new MP3 server at home can take a shot at it, & all the details are below, also don't worry about putting down your name, addy and telephone number. Parties wishing to use contact information for C4I.org for this contest are more than welcome. Cylant is more interested on where to ship Victim to, and how you were able to break the security. Good Luck! William Knowles isnat_private -=- Own This Box! http://victim.cylant.com Rules: o Break through the CylantSecure barrier on victim. o Email us (mattat_private) as root from this machine. o Create a file on victim: /etc/owned_YourName o In this file put the following information: * Your name * Your mailing address * Your telephone number * How you were able to bypass the security Cookie: We will ship you victim: o 850Mhz Athlon o 256MB Ram o 20GB Disk o ATI Rage 128 Video Card Services running on victim: The machine is a Redhat 6.2 default install. o compressnet, echo, discard, systat, daytime, netstat, chargen, ftp ssh, telnet, smtp, time, domain, finger, http, linuxconf, pop2, pop3, sunrpc, auth, netbios-ssn, imap2, ldap, exec, login, shell, printer, uucp, samba-swat, garcon, cfingerd, and squid-http. Cylant Technology www.cylant.com ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Thu May 03 2001 - 04:33:45 PDT