On Apr 9, 2005 12:16 AM, sHz <[EMAIL PROTECTED]> wrote:
> I don't know how Windows IT pro magazine even came up with this silly
> idea. Everyone (almost) knows that nothing remains impenetrable for
> long! Not only that, but these contests give certain people
> (managers/some admins) a false sense
I don't know how Windows IT pro magazine even came up with this silly
idea. Everyone (almost) knows that nothing remains impenetrable for
long! Not only that, but these contests give certain people
(managers/some admins) a false sense of security.
Then again, I want to see the box hacked to shreds
Marc,
I will buy you *two* Xbox's for a nice IIS 6.0 remote :-)
Seriously, the "market value" of a remote exploit for IIS 6.0 is
somewhere between two and twenty thousand dollars, depending on how
shady you want to get. These "find some 0day and give it to us"
challenges are a waste of a time
Has no one learned from these contests yet that they don't work, not
even for reasons of being a false way to test security, but because the
servers are never able to stay online for more than an hour because of
denial of service attacks.
The "funny" part is if the server gets DDoS'd then so will
But that's not quite real world.
Is the server running SQL server? Oracle?
Or is it just serving static pages and is sitting behind a reverse proxy
[on FreeBSD].
There aren't any details there.
Suppose no one cracks the box, that just means someone didn't want to spill
their guts for a retail Xb