Anyone who would pose a potential threat to your server probably would
not spend the time to attack it. There is a very big difference between
being able to protect a system and being able to break into it. I
suspect (due to the nature of this list) that the majority of people
here tend to lean towards the "protection" side of the fence.
Further, contests of these sorts really don't prove anything. You can
NEVER prove that a system/algorithm/implementation is secure. All you
can ever do is prove its insecurity. Putting a time limit on "hacking"
your web site isn't really necessary - put it out there and monitor it,
you'll see enough attempts in the first week or two to learn what's
going on (without the "contest").
To answer your last question, advertisement beyond assigning it an
Internet reachable IP address is probably not necessary.
Joshua Chamas wrote:
>
> Hi,
>
> I have been spending a lot of time on system security
> prior to going live with a www service, and I was interested
> in the prospect of running a hacking contest with a
> cash reward for breaking in, and visibly modifying
> the www site.
>
> I believe the conditions of winning the prize would be:
>
> ) documenting the hack
> ) forbidding hacking systems of upstream ISPs
> ) proposals for fixing the found security holes
> ) a finite timeline for the hack to occur in, say a week
> ) preservation of the system logs, so I can observe and learn
> from hacking strategies
>
> The upside of course is seeing what system vulnerabilities
> that I may have overlooked by having a hacker uncover them.
> I fear the potential downside of drawing too much unwanted
> attention in the future to the site from would be hackers,
> after the contest is over.
>
> What do you all think about this?
>
> If I should choose to proceed, how should I best advertise
> this contest?
>
> Thanks,
>
> Joshua
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
