CRIME BrickServer

From: George Heuston (GeorgeH@private)
Date: Mon Jun 24 2002 - 13:38:01 PDT

Next message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"

Previous message: Jeffrey_Korte/Security/FCNB/Spgla@private: "CRIME AOL Backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Folks,

The following was sent to me by Jerry Krummel, pursuant to our discussions
at the last CRIME meeting.  Jerry's group will be discussing this technology
at the 9 July meeting:

I need to clarify a very important point I made to CRIME members at the last
meeting June 11.  I believe I may have created a misconception among you
when I invited you to test the capabilities of the BRICKServer(tm) by
logging on to demo.thirdpig.com and attempt to penetrate our server.  By
logging onto this site you are not logging on to an actual BRICKServer(tm)
controlled by Process-Based Security(tm) (PBS), but rather a site developed
to function as a playground for anyone wanting to test his or her skills
against PBS.  This site is designed to develop a better understanding of our
security model.    

We have created three test scenarios for PBS and the BRICKServer(tm) with
three separate sites.  Each of these sites has a specific function and
challenge.  These sites are:

		Demo.thirdpig.com
				This server runs Red Hat 5.2 Linux on an X86
platform. PBS is implemented into the Linux 2.2.2 Kernel. It allows telnet
access. A user can create and compile programs in "C" on this server. It is
set up for users to test their skills and develop a better understanding of
programming in PBS.

				Challenge: view or change the password file
located in /etc/passwd.

		BRICKServer.thirdpig.com or 206.61.52.34
				A BRICKServer(tm) demonstrating the ease of
administration using web, email, ftp, and administration programs. Potential
users can ask any senior account representative for account access.

	Challenge: There is no hacking challenge on this box other than
learning the BRICKServer(tm) administration functions and capabilities. 
		  
		Hack.thirdpig.com
				A commercially available BRICKServer(tm)
online and operational specifically for you to test your penetration skills.
A user has valid permission to hack this machine. This is a standard
BRICKServer(tm) which does not allow telnet access or a "C" compiler.  

				Challenge: Deface the web page index.html.
There is a $1000 pot to be split between any CRIME members achieving web
page defacement.

	I apologize for any confusion or misunderstanding I may have
created.  The challenge still remains.  Log onto our sites, learn about
Process-Based Security(tm) and the BRICKServer(tm), and test your skills
against our security model.

Next message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"
Previous message: Jeffrey_Korte/Security/FCNB/Spgla@private: "CRIME AOL Backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 14:54:36 PDT