Addendum to the hacking contest thread. cu -pete > -----Urspr�ngliche Nachricht----- > Von: cult hero [SMTP:[EMAIL PROTECTED]] > Gesendet am: Donnerstag, 13. Mai 1999 12:23 > An: InfoSec News > Betreff: [ISN] Asian Conference Hosts Hacking Contest > > > Forwarded From: William Knowles <[EMAIL PROTECTED]> > > [Another lame security stunt, Not worth anyones time. I would love to > see one of these security firms that sponsor these contests to post a > $100,000+ prize in a numbered account with 6-12 months to break the > security of the product in a real world enviroment, and not in the > span of a week on a trade show floor. - William Knowles] > > > http://www.techweb.com/printableArticle?doc_id=TWB19990512S0029 > > (TechWeb) [5.12.99] A conference in Singapore is working to show the > dangers of hacking, ironically, by holding a hacking contest with > thousands of dollars in prizes. The international Hackers Zone > competition, which started Wednesday, is offering $10,000 to the first > person to successfully break into servers connected to the Web and running > security products. One server is running security products from Voltaire > Advanced Data Security, while the second server is running software from > Conclave Integrated Security. > > Hosted by Infosecurity Asia '99, the computer-security conference that > will be held in Singapore next month, is open to anyone in the world. In > order to prove the success, hackers have to move a file onto the server, > or modify the Web page hosted there, and then send an e-mail describing > their action to an address set up at Yahoo. The conference has promised to > keep the names of all contestants confidential. > > The sponsors of the contest sought to point out that they did not endorse > hacking, the general term for breaking into computer networks. Some > computer enthusiast prefer the term "cracker," using the term hacker > instead to refer to any hard-core programmer. > > "We consider hacking a criminal offense prosecutable in many countries and > we do not condone such actions," said George Kane, regional director of > Conclave, in a statement. > > Dan Farmer, a well-known computer-security expert, said such contests are > not what they're cracked up to be. > > "Organizations do this from time to time -- it's not unusual," Farmer > said. "I view them as misguided and modestly dangerous publicity stunts." > > There are a number of problems with such contests, he said. For one thing, > the computer set-ups rarely mimic the way a network would be forced to > work in the real world. Thus, he said, some companies use such contest to > tout the invincibility of their systems and say how they foiled the > world's best crackers, even though the world's best hackers probably would > not get involved in something like this. > > Companies also get free testing of their systems. For instance, they can > get "attack signatures," digital fingerprints that show how people attack > a certain system. These can be used later to help companies realize when > they are being attacked in the future. Such signatures are hard to get in > the real world. Furthermore, such security testing can be quite expensive. > > > "10K is chump change in the corporate world," Farmer said. > > Farmer is the author of Security Administrator's Tool for Analyzing > Networks, a Unix tool that systems administrators use to test for security > breaches in networks. The program, known as SATAN, caused a stir when it > came out in 1995, prompting Farmer to publish multiple documents through > his website explaining the rationale behind the software. The difference, > Farmer said, is that contests encourage a certain type of behavior. > > "They're sending a message that breaking into systems is OK, that they'll > reward the best and brightest," Farmer said. > > > > -o- > Subscribe: mail [EMAIL PROTECTED] with "subscribe isn". > Today's ISN Sponsor: Hacker News Network [www.hackernews.com] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
