[ISN] CylantSecure Hacking Challenge

From: InfoSec News (isnat_private)
Date: Thu May 03 2001 - 03:33:22 PDT

  • Next message: InfoSec News: "[ISN] USAF Airman Arrested for Illegal Hacking"

    I was sent a few copies from ISN readers of a flyer below that has
    been making the rounds in the San Francisco Bay area and later I
    recieved another note from a Scott Wimer from Cylant which gave this
    Cylant Technology has developed a behavioral measurement approach to
    intrusion prevention.  The CylantSecure architecture uses real-time
    behavioral measurement to prevent intrusions and malicious misuse of
    computer systems.
    As a demonstration of CylantSecure, we have deployed
    victim.cylant.com.  This machine is a stock RedHat 6.2 Linux box with
    Everything running, including several services with known
    vulnerabilities.  We will be giving the hardware to the first person
    who successfully can get root on victim.cylant.com.
    The CylantSecure architecture is designed to protect software against
    attacks without any signatures or rule-sets needed.  To our knowledge,
    this is the best way to protect a system from being compromised.
    So curious that this wasn't an inside joke to hack someone else's
    network I called Mr. Wimer to find out a little more information.
    The first thing that caught me offguard is that Cylant has no in-house
    security people, no computer hackers, no ex-military, or fun
    three-lettered agency types working for them, that they looked at all
    the security models out there now and wrote a security program from a
    clean sheet of paper and this is their first real-world test of the
    I asked Scott Wimer why the prize is so small, for what looks to be a
    hard task, and if they are so sure this technology is secure, why not
    offer something like an SGI server that runs Linux and $50,000 in
    cash. Mr. Wimer said that they are a small company and can't afford
    that kind of prize package now.
    So a little guerrilla marketing from Cylant got my attention, I guess
    if anyone wants to try hacking this for a new MP3 server at home can
    take a shot at it, & all the details are below, also don't worry about
    putting down your name, addy and telephone number. Parties wishing to
    use contact information for C4I.org for this contest are more than
    welcome. Cylant is more interested on where to ship Victim to, and how
    you were able to break the security.
    Good Luck!
    William Knowles
    Own This Box!
     o Break through the CylantSecure barrier on victim.
     o Email us (mattat_private) as root from this machine.
     o Create a file on victim: /etc/owned_YourName
     o In this file put the following information:
        * Your name
        * Your mailing address
        * Your telephone number
        * How you were able to bypass the security
      We will ship you victim:
      o 850Mhz Athlon
      o 256MB Ram
      o 20GB Disk
      o ATI Rage 128 Video Card
    Services running on victim:
    The machine is a Redhat 6.2 default install.
      o compressnet, echo, discard, systat, daytime, netstat, chargen, ftp
        ssh, telnet, smtp, time, domain, finger, http, linuxconf, pop2, pop3,
        sunrpc, auth, netbios-ssn, imap2, ldap, exec, login, shell, printer,
        uucp, samba-swat, garcon, cfingerd, and squid-http.
    Cylant Technology
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Thu May 03 2001 - 04:33:45 PDT