Folks, The following was sent to me by Jerry Krummel, pursuant to our discussions at the last CRIME meeting. Jerry's group will be discussing this technology at the 9 July meeting: I need to clarify a very important point I made to CRIME members at the last meeting June 11. I believe I may have created a misconception among you when I invited you to test the capabilities of the BRICKServer(tm) by logging on to demo.thirdpig.com and attempt to penetrate our server. By logging onto this site you are not logging on to an actual BRICKServer(tm) controlled by Process-Based Security(tm) (PBS), but rather a site developed to function as a playground for anyone wanting to test his or her skills against PBS. This site is designed to develop a better understanding of our security model. We have created three test scenarios for PBS and the BRICKServer(tm) with three separate sites. Each of these sites has a specific function and challenge. These sites are: Demo.thirdpig.com This server runs Red Hat 5.2 Linux on an X86 platform. PBS is implemented into the Linux 2.2.2 Kernel. It allows telnet access. A user can create and compile programs in "C" on this server. It is set up for users to test their skills and develop a better understanding of programming in PBS. Challenge: view or change the password file located in /etc/passwd. BRICKServer.thirdpig.com or 206.61.52.34 A BRICKServer(tm) demonstrating the ease of administration using web, email, ftp, and administration programs. Potential users can ask any senior account representative for account access. Challenge: There is no hacking challenge on this box other than learning the BRICKServer(tm) administration functions and capabilities. Hack.thirdpig.com A commercially available BRICKServer(tm) online and operational specifically for you to test your penetration skills. A user has valid permission to hack this machine. This is a standard BRICKServer(tm) which does not allow telnet access or a "C" compiler. Challenge: Deface the web page index.html. There is a $1000 pot to be split between any CRIME members achieving web page defacement. I apologize for any confusion or misunderstanding I may have created. The challenge still remains. Log onto our sites, learn about Process-Based Security(tm) and the BRICKServer(tm), and test your skills against our security model.
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 14:54:36 PDT