Capture The Capture The Flag

bgp4 writes: "During DefCon 8, the Shmoo Group sniffed all the Capture the Flag network traffic. For those that don't know, Capture the Flag is weekend long hacking contest held at DefCon each year. The network dumps have now been posted and are available here. Hopefully by making this data available to the public, software developers will become more aware of how vulnerable their software really is and fix the root of the problem. Better intrusion detection isn't the answer ... Secure software is. We're looking for mirrors, so if you'd like to host the data, please let me know."

Another Thing I Would Like To See

[n3rd]

I would also enjoy seeing the shell histories of the people who participated in this event.

When I seen intrusion detection and honeypot articles, the most interesting thing IMO is seeing the shell history of the intruder. Shell history is one of the best ways to actually see an intruder's train of thought step by step, uncensored. Getting in, obtaining root, cleaning the logs, setting up rootkits and trojans, etc.

The other thing I take much joy in reading is IRC logs of hackers (posted in some honeypot articles). I feel the IRC logs are the best insight as to which hackers are the real thing, and which ones are just script kiddies begging new spl0its off of the veterans and innovators.

Re:Another Thing I Would Like To See

Here ya go:

------------------------------

$ ./wuftpd2600.c
bash: ./wuftpd2600.c: Permission denied
$ compile wuftpd2600.c
bash: compile: command not found
$ make wuftpd2600.c
make: Nothing to be done for `wuftpd2600.c'.
$ BitchX h4x0rd3wd irc.h4x0r.net
.
..
...
..
.
> /join #h4x0r
> whose got ne 'sploitz? i will trade you my entire 36gig pr0n collection!
<l33tist> g0 4waY l4m3R. j00 R n0T a h4x0R l1Ke uS 'l33t p0eople!!!
<supahacker> gotta go, my dad wants to use his computer.
<p1mpx0r> d3wDz! 3y3 juST 0wN3D www.sheep-pr0n.com! we g0t 3n0ugh sh33p pr0n t0 mak3 0ur d1ckZ bl33d f0r w33kS!!!!11!1!!!1!!1!!
*** You have been kicked off channel #h4x0r by l33tist (j00 R n0T l33T enUf f0r #h4x0r!)

------------------------------

did this give you any insight?

This is good

[Hard_Core_Nerdity]

Maybe this will teach software companies to put less pressure overworked programmers trying desperately to meet unrealistic deadlines. They don't realize that people don't work well when they don't have time to do their jobs properly. Many of these companies will never learn their lesson, if you doubt me, look at he number of known security holes in a certain operating system fittingly named after a hole in a wall.

The Rules:

[chazR]

Rule 1: It's not secure unless it's encrypted.
Rule 2: It's not secure unless it's encrypted.
.
.
Rule 47: It's not secure unless it's encrypted.
.
etc

Rule 0: Encryption (on it's own) does not give you security. Sorry.

And, now, the important rules:

It's not secure "Because thay told me it was secure". The people at the other end of the link know less about security than you do. And that's scary.

It's not secure because "Nobody cares what I do online." Wrong. somebody might care. If it's online gaming, I will happily snoop your packets for an advantage.

I hate to spout the truism again, but here I go anyway: "Security is not a product. It's a process"

All you can do is manage the risks. There is no security.

Re:Very creative

[bgp4]

We've been planning this for a while now.. I think since April or so. It wasn't based on the MacHack thing at all... the group just came up with the idea.

As far as the "decency" thing... The capture the flag network at DefCon is a LOT different than the public network at MacHack. There was only one purpose of the data on those wires; attempted compromises of remote systems. This data has real value to the security community, not random artistic value like the machack data ;)

no pun intended?

[canthidefromme]

"Hopefully by making this data available to the public, software developers will become more aware of how vulnerable their software really is and fix the root of the problem."

Get it?? the ROOT of the problem? hehe...

-j

Re:Better intrusion detection not the answer?

[Chuck+Chunder]

Talking of evolution, the human body and the 'success' of the human race is misleading.

In your original post you state that the immune system 'stops them before they can cause damage'. That's somewhat untrue. The human body (and in fact race) survives by having enough redundancy that it can sustain vast amounts of damage but continue to function and replace the parts that fail.

Evolution works not by choosing intrusion detection as a good method of protecting the individual, but by having enough redundancy and variety such that the failure of a individuals doesn't matter a great deal to the race as a whole.

I don't see that as a good (cost effective) solution for a computer network. Individual parts are likely to contain unique information and cannot simply be recreated after destruction.

That doesn't mean that intrusion detection doesn't have it's place, but using the human body/race as an example to promote it's effectiveness is rather dubious. The human body/race simply 'works' on an entirely different scale with a relatively unlimited amount of resources.