Domain: ghettohackers.net
Stories and comments across the archive that link to ghettohackers.net.
Comments · 6
-
Re:Next up your Hacker test!
Actually, there are such things as hacker tests... one of the better known examples is Capture The Flag. (Also see here.)
-
This isn't really that new...
This really isn't all that new. The U.S. Naval Postgraduate School has been
sending their Infosec students to play Capture the Flag at Defcon for the last couple years as well as
this year's Interz0ne conference. In
fact, there was only one team (Anomaly - and they won ironically) that didn't
have government personnel or contractors on their team.
Also, Immunix, a DARPA funded hardened Linux version has also
been put under fire during CTF for the last couple year. (Their team placed a
solid second both times).
The Feds have learned over the last couple years that they
are behind the ball in terms of normal unclassified security training for their
personnel. These conferences have been really good at given them some real
world training that they normally don't get.
It's nice to see my tax dollars being put to a good use for
a change. Plus it makes the "Spot
the Fed" game MUCH easier.
-
Re:How are they going to make this interesting?At CTF at Defcon the Ghettohackers had the teams attacking each other, instead of a central server. They were given an custom distro of linux that was specifically engineered to be horribly insecure. In addition, in order to score points, they had to keep some of these insecure services running. So they couldn't just boot off their CD Image of OpenBSD, and sit there and chuckle. They had to keep things like Finger, and Telnet working and functional in order to get points.
This meant that the "action" starts off hard and heavy. We saw people rooting and getting rooted right away.
To make things a little more interesting, we designed the scoreboard after the NASDAQ Big Board, and projected it on two walls. The teams' scores were displayed as stock prices. The scoreboard was also played over the Alexis Park television system. We had news updates on the status of the teams every so often.
Of course, we didn't broadcast the action as a cute little 'gibson' visualization. Nor were their live DJs (We used pre-set playlists). However, people still seemed to get a kick out of it. You could see the whole room go quiet and stare when a news update would come on...
Next year is going to be even better (Yes, this is a bit of shameless promotion).
R
-
Re:How are they going to make this interesting?At CTF at Defcon the Ghettohackers had the teams attacking each other, instead of a central server. They were given an custom distro of linux that was specifically engineered to be horribly insecure. In addition, in order to score points, they had to keep some of these insecure services running. So they couldn't just boot off their CD Image of OpenBSD, and sit there and chuckle. They had to keep things like Finger, and Telnet working and functional in order to get points.
This meant that the "action" starts off hard and heavy. We saw people rooting and getting rooted right away.
To make things a little more interesting, we designed the scoreboard after the NASDAQ Big Board, and projected it on two walls. The teams' scores were displayed as stock prices. The scoreboard was also played over the Alexis Park television system. We had news updates on the status of the teams every so often.
Of course, we didn't broadcast the action as a cute little 'gibson' visualization. Nor were their live DJs (We used pre-set playlists). However, people still seemed to get a kick out of it. You could see the whole room go quiet and stare when a news update would come on...
Next year is going to be even better (Yes, this is a bit of shameless promotion).
R
-
even better
the shmoo group's data gives an idea of the type of attack tools that are most commonly used in intrusion attempts, but if you want to know the tools and techniques that are the most likely to succeed, it would be good to talk to Caezar or some other member of the ghettohackers. After all, they are the ones who win at capture the flag year after year....
-
It's sad to say that article was basically FUDThat was quite a poor article. I can sum it up as : "cyberterrorism is dangerous. It takes money and training to accomplish it. Look out". It was basically a pure FUD (fear, uncertainty and doubt) article. Lumping cyberterrorism, which today usually consists of defacing a website, in with nefarious weapons such as chemical, biological, and nuclear, is a disservice to the reader.
The article does not touch at all on specific threats (or "exploits") that cyberterrorists might use. Nor does it list any prevention measures. The article simply stirs the crowd up and leaves them hanging with little information, a classic rhetorical device for provoking fear and/or anger.
That being said, here are some general tips for security:
1) Don't connect anything to the internet that is "secret" or "classified".
2) If a terrorist can get physical access to a computer, then they can hack it. Period.
3) Always have physical safeguards that cannot be bypassed for critical systems.If everyone followed those rules, cyber life might be a whole lot safer.