Re: [ISN] Hack Smackdown

From: InfoSec News (isnat_private)
Date: Fri Oct 25 2002 - 01:42:21 PDT

  • Next message: InfoSec News: "[ISN] Readers Rate Microsoft's Security Progress"

    Forwarded from: security curmudgeon <jerichoat_private>
    
    > http://www.eweek.com/article2/0,3959,633769,00.asp
    >
    > By Timothy Dyck
    > October 14, 2002
    > timothy_dyckat_private
    >
    > With OpenHack 4, eWeek Labs and a group of technology providers are
    > again entering the security ring to test enterprise systems'
    > fortitude under real-world conditions.
    
    Real world conditions? Yeah..
    
    > Each of the past three OpenHack tests was a challenge to hackers to
    > take down an e-business Web site built, secured and monitored using
    > common enterprise applications - and a unique opportunity to test
    > these applications in the process (see story [1]). With the OpenHack
    > 4 test site, we're focusing on an area that's becoming increasingly
    > problem-prone: application security.
    
    [snip..]
    
    And let's not forget their previous success in running this
    scam^H^H^H^Hcontest.
    
    http://www.attrition.org/security/rant/z/jericho.003.html
    
    > Indeed, previously unknown security holes in Web application code
    > provided unauthorized entry past firewalls and led to the successful
    > attacks against the OpenHack 1 and OpenHack 2 sites. Web application
    > programming techniques, therefore, come under close scrutiny in
    > OpenHack 4. (OpenHack 3, protected by a trusted operating system,
    > was not successfully hacked.)
    
    The third was when Argus put their PitBull software up for part of the
    challenge. It is quite odd that eweek forgets to mention the
    following:
    
      http://www.wired.com/news/technology/0,1282,42747,00.html
    
      by Michelle Delio
      10:10 a.m. Mar. 30, 2001 PST
    
      A hacker is claming that he has won Argus' ballyhooed OpenHack III
      competition by cracking its much-vaunted PitBull security system.
    
      Argus concedes the crack, but isn't awarding the promised big cash
      prize.
    
    And why aren't they awarding the succesfull hacker?
    
      A hacker calling himself Bladez won't receive the 3,000 ($4,250)
      prize offered by Argus because he says he misunderstood what time
      the competition ended and was under the impression that he had a
      few hours left to work.
    
    So they will quibble over a couple hours of a time frame, despite this
    being the farthest thing from real world scenario you could possibly
    get. I hate to be the one that breaks this to the cluebags over at
    Argus and Eweek.. but when friday afternoon rolls around, hacker's
    don't punch out and go home.
    
    Was this a one time fluke of Argus? Not at all!
    
      http://www.parallaxresearch.com/news/2001/0430/hackers_sink_teeth_into.html
    
      Argus Systems Group Inc., which won the recent eWEEK OpenHack III
      challenge, was dealt a blow this week when a group of Polish crackers
      hacked into its PitBull software.
    
      The company sponsored a hacking challenge at the Infosecurity Europe
      2001 conference in London, offering a $50,000 prize to anyone who could
      hack its PitBull trusted operating system package.
    
    > We feel confident, based on the coding and hardening that's been
    > done, that none of these attacks is possible, and we hope this test
    > will improve our current OpenHack record of one win and two losses.
    
    http://www.eweek.com/article2/0,3959,600435,00.asp
    
    This lists the defeat of the first and second, but fails to mention
    Bladez attack and success, despite being a couple hours late. They
    fail to mention that Argus failed the challenge for the third contest.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 25 2002 - 04:17:30 PDT