CRIME BrickServer

From: George Heuston (GeorgeH@private)
Date: Mon Jun 24 2002 - 13:38:01 PDT

  • Next message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"

    Folks,
    
    The following was sent to me by Jerry Krummel, pursuant to our discussions
    at the last CRIME meeting.  Jerry's group will be discussing this technology
    at the 9 July meeting:
    
    I need to clarify a very important point I made to CRIME members at the last
    meeting June 11.  I believe I may have created a misconception among you
    when I invited you to test the capabilities of the BRICKServer(tm) by
    logging on to demo.thirdpig.com and attempt to penetrate our server.  By
    logging onto this site you are not logging on to an actual BRICKServer(tm)
    controlled by Process-Based Security(tm) (PBS), but rather a site developed
    to function as a playground for anyone wanting to test his or her skills
    against PBS.  This site is designed to develop a better understanding of our
    security model.    
    
    We have created three test scenarios for PBS and the BRICKServer(tm) with
    three separate sites.  Each of these sites has a specific function and
    challenge.  These sites are:
    
    		Demo.thirdpig.com
    				This server runs Red Hat 5.2 Linux on an X86
    platform. PBS is implemented into the Linux 2.2.2 Kernel. It allows telnet
    access. A user can create and compile programs in "C" on this server. It is
    set up for users to test their skills and develop a better understanding of
    programming in PBS.
    
    				Challenge: view or change the password file
    located in /etc/passwd.
    
    		BRICKServer.thirdpig.com or 206.61.52.34
    				A BRICKServer(tm) demonstrating the ease of
    administration using web, email, ftp, and administration programs. Potential
    users can ask any senior account representative for account access.
    
    	Challenge: There is no hacking challenge on this box other than
    learning the BRICKServer(tm) administration functions and capabilities. 
    		  
    		Hack.thirdpig.com
    				A commercially available BRICKServer(tm)
    online and operational specifically for you to test your penetration skills.
    A user has valid permission to hack this machine. This is a standard
    BRICKServer(tm) which does not allow telnet access or a "C" compiler.  
    
    				Challenge: Deface the web page index.html.
    There is a $1000 pot to be split between any CRIME members achieving web
    page defacement.
    
    	I apologize for any confusion or misunderstanding I may have
    created.  The challenge still remains.  Log onto our sites, learn about
    Process-Based Security(tm) and the BRICKServer(tm), and test your skills
    against our security model.
    
      
    



    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 14:54:36 PDT