A New Challenge from Honeynet

cjpez writes: "The people at the Honeynet have issued another challenge on the Bugtraq mailing list. Instead of hacking into a box, though, this time your goal is to submit the best analysis of a binary file they'll post on Monday, May 6th. Think you're good at reverse engineering? Then try it out! They're even offering actual prizes, so you can get something besides the feeling of personal fulfillment for your trouble. The post hasn't quite made it to SecurityFocus' Bugtraq Archive yet, but I did find it at another Bugtraq archive in Germany (slashdottings abound!). The URL included in the email, http://project.honeynet.org/reverse/, doesn't seem to be active yet, so presumably we can assume it'll go up on Monday. The post fails to address other concerns, though: will the winner be in violation of the DMCA? :P The challenge was also issued, obviously enough, on SecurityFocus' Honeypot mailing list."" In a later note, he points out that the announcement has finally made it to the Bugtraq archive page." (And that URL is active now.)

Tricky.

[Anti-Microsoft+Troll]

Actually, Microsoft is bankrolling this competition. It's their way of getting clever programmers to self-register.

This way, when it finishes buying up the U.S. Government and moves the nation's capital to Redmond, all potential [h|cr]ackers can be rounded up and interred in camps. Security holes in Windows will then be a thing of the past.

Re:Tricky.

more so that there will be no one left to detect the security holes, much less patch them.

Binary files

[molywi]

binary files are hard to evaluate ... but it might be an interesting challenge to see what we can come up with.. somebody should set-up a site where people could post their results after the challenge was over .. that way we could check out how and what people did.. always good for learning....

Re:Binary files

[freejamesbrown]

i hope it's some old amiga binary. m. http://www.pataphysics-lab.com

Re:Binary files

[xmedar]

Yeah, you suddenly find it's self modifying code for Itanium complete with undocumented API calls to Win64, or possibly worse, self modifying code for a Connection Machine or other massively parrallel boxen, my bet is that the binary file will be the same size as the database for the Human Genome project, now do they use MySQL 3 or 4??

Re:Binary files

[fizbin]

Why bother?

I mean, the people from the honeynet project are going to post the complete entries of the top 20 anyway, and one of the criteria they're going to use is how well documented (i.e. "good for learning") the entry is. 'Tis better to learn that way than to stumble through hundreds of "I got this far and then quit" entries on some quickly pieced together slash site.

I for one hope that I'll actually get off my ass and enter this one; I've analyzed a few of their forensics "scan of the month" but have never gotten around to submitting a writeup. (Expository writing always seems so draining)

That's easy...

[C60]

It's "ntldr" ... And boy is MS gunna be pissed.

Re:That's easy...

Lima, 8th of April, 2002.

To: Señor
JUAN ALBERTO GONZÁLEZ
General Manager of Microsoft, Perú

Dear Sir.

First of all, I thank you for your letter of March 25 2002 in which you state the official position of Microsoft relative to Bill Number 1609, Free Software in Public Administration, which is indubitably inspired by the desire for Peru to find a suitable place in the global technological context. In the same spirit, and convinced that we will find the best solutions through an exchange of clear and open ideas, I will take this opportunity to reply to the commentaries included in your letter.

While acknowledging that opinions such as yours constitute a significant contribution, it would have been even more worthwhile for me if, rather than formulating objections of a general nature (which we will analyse in detail later) you had gathered solid arguments for the advantages that proprietary software could bring to the Peruvian State, and to its citizens in general, since this would have allowed a more enlightening exchange in respect of each of our positions.

With the aim of creating an orderly debate, we will assume that what you call "open source software" is what the Bill defines as "free software", since there exists software for which the source code is distributed together with the program, but which does not fall within the definition established by the Bill; and that what you call "commercial software" is what the Bill defines as "proprietary" or "unfree", given that there exists free software which is sold in the market for a price like any other good or service.

It is also necessary to make it clear that the aim of the Bill we are discussing is not directly related to the amount of direct savings that can by made by using free software in state institutions. That is in any case a marginal aggregate value, but in no way is it the chief focus of the Bill. The basic principles which inspire the Bill are linked to the basic guarantees of a state of law, such as:

Free access to public information by the citizen.

Permanence of public data.

Security of the State and citizens.

To guarantee the free access of citizens to public information, it is indespensable that the encoding of data is not tied to a single provider. The use of standard and open formats gives a guarantee of this free access, if necessary through the creation of compatible free software.

To guarantee the permanence of public data, it is necessary that the usability and maintenance of the software does not depend on the goodwill of the suppliers, or on the monopoly conditions imposed by them. For this reason the State needs systems the development of which can be guaranteed due to the availability of the source code.

To guarantee national security or the security of the State, it is indispensable to be able to rely on systems without elements which allow control from a distance or the undesired transmission of information to third parties. Systems with source code freely accessible to the public are required to allow their inspection by the State itself, by the citizens, and by a large number of independent experts throughout the world. Our proposal brings further security, since the knowledge of the source code will eliminate the growing number of programs with *spy code*.

In the same way, our proposal strengthens the security of the citizens, both in their role as legitimate owners of information managed by the state, and in their role as consumers. In this second case, by allowing the growth of a widespread availability of free software not containing *spy code* able to put at risk privacy and individual freedoms.

In this sense, the Bill is limited to establishing the conditions under which the state bodies will obtain software in the future, that is, in a way compatible with these basic principles.

From reading the Bill it will be clear that once passed:
-the law does not forbid the production of proprietary software
-the law does not forbid the sale of proprietary software
-the law does not specifiy which concrete software to use
-the law does not dictate the supplier from whom software will be bought
-the law does not limit the terms under which a software product can be licensed.

What the Bill does express clearly, is that, for software to be acceptable for the state it is not enough that it is technically capable of fulfilling a task, but that further the contractual conditions must satisfy a series of requirements reguarding the license, without which the State cannot guarantee the citizen adequate processing of his data, watching over its integrity, confidentiality, and accessibility throughout time, as these are very critical aspects for its normal functioning.

We agree, Mr. Gonzalez, that information and communication technology have a significant impact on the quality of life of the citizens (whether it be positive or negative). We surely also agree that the basic values I have pointed out above are fundamental in a democratic state like Peru. So we are very interested to know of any other way of guaranteeing these principles, other than through the use of free software in the terms defined by the Bill.

As for the observations you have made, we will now go on to analyse them in detail:

Firstly, you point out that: "1. The bill makes it compulsory for all public bodies to use only free software, that is to say open source software, which breaches the principles of equality before the law, that of non-discrimination and the right of free private enterprise, freedom of industry and of contract, protected by the constitution."

This understanding is in error. The Bill in no way affects the rights you list; it limites itself entirely to establishing conditions for the use of software on the part of state institutions, without in any way meddling in private sector transactions. It is a well established principle that the State does not enjoy the wide spectrum of contractual freedom of the private sector, as it is limited in its actions precisely by the requirement for transparency of public acts; and in this sense, the preservation of the greater common interest must prevail when legislating on the matter.

The Bill protects equality under the law, since no natural or legal person is excluded from the right of offering these goods to the State under the conditions defined in the Bill and without more limitations than those established by the Law of State Contracts and Purchasing (T.U.O. por Decreto Supremo No. 012-2001-PCM).

The Bill does not introduce any discrimination whatever, since it only establishes *how* the goods have to be provided (which is a state power) and not *who* has to provide them (which would effectively be discriminatory, if restrictions based on national origin, race religion, ideology, sexual preference etc. were imposed). On the contrary, the Bill is decidedly antidiscriminatory. This is so because by defining with no room for doubt the conditions for the provision of software, it prevents state bodies from using software which has a license including discriminatory conditions.

It should be obvious from the preceding two paragraphs that the Bill does not harm free private enterprise, since the latter can always choose under what conditions it will produce software; some of these will be acceptable to the State, and others will not be since they contradict the guarantee of the basic principles listed above. This free initiative is of course compatible with the freedom of industry and freedom of contract (in the limited form in which the State can exercise the latter). Any private subject can produce software under the conditions which the State requires, or can refrain from doing so. Nobody is forced to adopt a model of production, but if they wish to provide software to the State, they must provide the mechanisms which guarantee the basic principles, and which are those described in the Bill.

By way of an example: nothing in the text of the Bill would prevent your company offering the State bodies an office "suite", under the conditions defined in the Bill and setting the price that you consider satisfactory. If you did not, it would not be due to restrictions imposed by the law, but to business decisions relative to the method of commercializing your products, decisions with which the State is not involved.

To continue; you note that:" 2. The bill, by making the use of open source software compulsory, would establish discriminatory and non competitive practices in the contracting and purchasing by public bodies..."

This statement is just a reiteration of the previous one, and so the response can be found above. However, let us concern ourselves for a moment with your comment regarding "non-competitive ... practices."

Of course, in defining any kind of purchase, the buyer sets conditions which relate to the proposed use of the good or service. From the start, this excludes certain manufacturers from the possibility of competing, but does not exclude them "a priori", but rather based on a series of principles determined by the autonomous will of the purchaser, and so the process takes place in conformance with the law. And in the Bill it is established that *no-one* is excluded from competing as far as he guarantees the fullfilment of the basic principles.

Furthermore, the Bill *stimulates* competition, since it tends to generate a supply of software with better conditions of usability, and to better existing work, in a model of continuous improvement.

On the other hand, the central aspect of competivity is the chance to provide better choices to the consumer. Now, it is impossible to ignore the fact that marketing does not play a neutral role when the product is offered on the market (since accepting the opposite would lead one to suppose that firms' expenses in marketing lack any sense), and that therefore a significant expense under this heading can influence the decisions of the purchaser. This influence of marketing is in large measure reduced by the bill that we are backing, since the choice within the framework proposed is based on the *technical merits* of the product and not on the effort put into commercialization by the producer; in this sense, competitvity is increased, since the smallest software producer can compete on equal terms with the most powerful corporations.

It is necessary to stress that there is no position more anti-competitive than that of the big software producers, which frequently abuse their dominant position, since in innumerable cases they propose as a solution to problems raised by users: "update your software to the new version" (at the user's expense, naturally); furthermore, it is common to find arbitrary cessation of technical help for products, which, in the provider's judgement alone, are "old"; and so, to receive any kind of technical assistance, the user finds himself forced to migrate to new versions (with non-trivial costs, especially as changes in hardware platform are often involved). And as the whole infrastructure is based on proprietary data formats, the user stays "trapped" in the need to continue using products from the same supplier, or to make the huge effort to change to another environment (probably also proprietary).

You add: "3. So, by compelling the State to favour a business model based entirely on open source, the bill would only discourage the local and international manufacturing companies, which are the ones which really undertake important expenditures, create a significant number of direct and indirect jobs, as well as contributing to the GNP, as opposed to a model of open source software which tends to have an ever weaker economic impact, since it mainly creates jobs in the service sector."

I do not agree with your statement. Partly because of what you yourself point out in paragraph 6 of your letter, regarding the relative weight of services in the context of software use. This contradiction alone would invalidate your position. The service model, adopted by a large number of companies in the software industry, is much larger in economic terms, and with a tendency to increase, than the licensing of programs.

On the other hand, the private sector of the economy has the widest possible freedom to choose the economic model which best suits its interests, even if this freedom of choice is often obscured subliminally by the disproportionate expenditure on marketing by the producers of proprietary software.

In addition, a reading of your opinion would lead to the conclusion that the State market is crucial and essential for the proprietary software industry, to such a point that the choice made by the State in this bill would completely eliminate the market for these firms. If that is true, we can deduce that the State must be subsidising the proprietary software industry. In the unlikely event that this were true, the State would have the right to apply the subsidies in the area it considered of greatest social value; it is undeniable, in this improbable hypothesis, that if the State decided to subsidize software, it would have to do so choosing the free over the proprietary, considering its social effect and the rational use of taxpayers money.

In respect of the jobs generated by proprietary software in countries like ours, these mainly concern technical tasks of little aggregate value; at the local level, the technicians who provide support for proprietary software produced by transnational companies do not have the possibility of fixing bugs, not necessarily for lack of technical capability or of talent, but because they do not have access to the source code to fix it. With free software one creates more technically qualified employment and a framework of free competence where success is only tied to the ability to offer good technical support and quality of service, one stimulates the market, and one increases the shared fund of knowledge, opening up alternatives to generate services of greater total value and a higher quality level, to the benefit of all involved: producers, service organizations, and consumers.

It is a common phenomenon in developing countries that local software industries obtain the majority of their takings in the service sector, or in the creation of "ad hoc" software. Therefore, any negative impact that the application of the Bill might have in this sector will be more than compensated by a growth in demand for services (as long as these are carried out to high quality standards). If the transnational software companies decide not to compete under these new rules of the game, it is likely that they will undergo some decrease in takings in terms of payment for licences; however, considering that these firms continue to allege that much of the software used by the State has been illegally copied, one can see that the impact will not be very serious. Certainly, in any case their fortune will be determined by market laws, changes in which cannot be avoided; many firms traditionally associated with proprietary software have already set out on the road (supported by copious expense) of providing services associated with free software, which shows that the models are not mutually exclusive.

With this bill the State is deciding that it needs to preserve certain fundamental values. And it is deciding this based on its sovereign power, without affecting any of the constitutional guarantees. If these values could be guaranteed without having to choose a particular economic model, the effects of the law would be even more beneficial. In any case, it should be clear that the State does not choose an economic model; if it happens that there only exists one economic model capable of providing software which provides the basic guarantee of these principles, this is because of historical circumstances, not because of an arbitrary choice of a given model.

Your letter continues: "4. The bill imposes the use of open source software without considering the dangers that this can bring from the point of view of security, guarantee, and possible violation of the intellectual property rights of third parties."

Alluding in an abstract way to "the dangers this can bring", without specifically mentioning a single one of these supposed dangers, shows at the least some lack of knowledge of the topic. So, allow me to enlighten you on these points.

On security:

National security has already been mentioned in general terms in the initial discussion of the basic principles of the bill. In more specific terms, relative to the security of the software itself, it is well known that all software (whether proprietary or free) contains errors or "bugs" (in programmers' slang). But it is also well-known that the bugs in free software are fewer, and are fixed much more quickly, than in proprietary software. It is not in vain that numerous public bodies reponsible for the IT security of state systems in developed countries require the use of free software for the same conditions of security and efficiency.

What is impossible to prove is that proprietary software is more secure than free, without the public and open inspection of the scientific community and users in general. This demonstration is impossible because the model of proprietary software itself prevents this analysis, so that any guarantee of security is based only on promises of good intentions (biased, by any reckoning) made by the producer itself, or its contractors.

It should be remembered that in many cases, the licensing conditions include Non-Disclosure clauses which prevent the user from publicly revealing security flaws found in the licensed proprietary product.

In respect of the guarantee:

As you know perfectly well, or could find out by reading the "End User License Agreement" of the products you license, in the great majority of cases the guarantees are limited to replacement of the storage medium in case of defects, but in no case is compensation given for direct or indirect damages, loss of profits, etc... If as a result of a security bug in one of your products, not fixed in time by yourselves, an attacker managed to compromise crucial State systems, what guarantees, reparations and compensation would your company make in accordance with your licencing conditions? The guarantees of proprietary software, inasmuch as programs are delivered ``AS IS'', that is, in the state in which they are, with no additional responsibility of the provider in respect of function, in no way differ from those normal with free software.

On Intellectual Property:

Questions of intellectual property fall outside the scope of this bill, since they are covered by specific other laws. The model of free software in no way implies ignorance of these laws, and in fact the great majority of free software is covered by copyright. In reality, the inclusion of this question in your observations shows your confusion in respect of the legal framework in which free software is developed. The inclusion of the intellectual property of others in works claimed as one's own is not a practice that has been noted in the free software community; whereas, unfortunately, it has been in the area of proprietry software. As an example, the condemnation by the Commercial Court of Nanterre, France, on 27th September 2001 of Microsoft Corp. to a penalty of 3 million francs in damages and interest, for violation of intellectual property (piracy, to use the unfortunate term that your firm commonly uses in its publicity).

You go on to say that: "The bill uses the concept of open source software incorrectly, since it does not necessarily imply that the software is free or of zero cost, and so arrives at mistaken conclusions regarding State savings, with no cost-benefit analysis to validate its position."

This observation is wrong; in principle, freedom and lack of cost are orthogonal concepts: there is software which is proprietary and charged for (for example, MS Office), software which is proprietary and free of charge (MS Internet Explorer), software which is free and charged for (RedHat, SuSE etc Gnu/Linux distributions), software which is free and not charged for (Apache, OpenOffice, Mozilla), and even software which can be licensed in a range of combinations (MySQL).

Certainly free software is not necessarily free of charge. And the text of the bill does not state that it has to be so, as you will have noted after reading it. The definitions included in the Bill state clearly *what* should be considered free software, at no point referring to freedom from charges. Although the possibility of savings in payments for proprietary software licenses are mentioned, the foundations of the bill clearly refer to the fundamental guarantees to be preserved and to the stimulus to local technological development. Given that a democratic State must support these principles, it has no other choice than to use software with publicly available source code, and to exchange information only in standard formats.

If the State does not use software with these characteristics, it will be weakening basic republican principles. Luckily, free software also implies lower total costs; however, even given the hypothesis (easily disproved) that it was more expensive than proprietary software, the simple existence of an effective free software tool for a particular IT function would oblige the State to use it; not by command of this Bill, but because of the basic principles we enumerated at the start, and which arise from the very essence of the lawful democratic State.

You continue: "6. It is wrong to think that Open Source Software is free of charge. Research by the Gartner Group (an important investigator of the technological market recognized at world level) has shown that the cost of purchase of software (operating system and applications) is only 8% of the total cost which firms and institutions take on for a rational and truely beneficial use of the technology. The other 92% consists of: installation costs, enabling, support, maintenance, administration, and down-time."

This argument repeats that already given in paragraph 5 and partly contradicts paragraph 3. For the sake of brevity we refer to the comments on those paragraphs. However, allow me to point out that your conclusion is logically false: even if according to Gartner Group the cost of software is on average only 8% of the total cost of use, this does not in any way deny the existence of software which is free of charge, that is, with a licensing cost of zero.

In addition, in this paragraph you correctly point out that the service components and losses due to down-time make up the largest part of the total cost of software use, which, as you will note, contradicts your statement regarding the small value of services suggested in paragraph 3. Now the use of free software contributes significantly to reduce the remaining life-cycle costs. This reduction in the costs of installation, support etc. can be noted in several areas: in the first place, the competitive service model of free software, support and maintenance for which can be freely contracted out to a range of suppliers competing on the grounds of quality and low cost. This is true for installation, enabling, and support, and in large part for maintenance. In the second place, due to the reproductive characteristics of the model, maintenance carried out for an application is easily replicable, without incurring large costs (that is, without paying more than once for the same thing) since modifications, if one wishes, can be incorporated in the common fund of knowledge. Thirdly, the huge costs caused by non-functioning software ("blue screens of death", malicious code such as virus, worms, and trojans, exceptions, general protection faults and other well-known problems) are reduced considerably by using more stable software; and it is well-known that one of the most notable virtues of free software is its stability.

ou further state that: "7. One of the arguments behind the bill is the supposed freedom from costs of open-source software, compared with the costs of commercial software, without taking into account the fact that there exist types of volume licensing which can be highly advantageous for the State, as has happened in other countries."

I have already pointed out that what is in question is not the cost of the software but the principles of freedom of information, accessibility, and security. These arguments have been covered extensively in the preceding paragraphs to which I would refer you.

On the other hand, there certainly exist types of volume licensing (although unfortunately proprietary software does not satisfy the basic principles). But as you correctly pointed out in the immediately precding paragraph of your letter, they only manage to reduce the impact of a component which makes up no more than 8% of the total.

You continue: "8. In addition, the alternative adopted by the bill (i) is clearly more expensive, due to the high costs of software migration, and (ii) puts at risk compatibility and interoperability of the IT platforms within the State, and between the State and the private sector, given the hundreds of versions of open source software on the market."

Let us analyze your stament in two parts. Your first argument, that migration implies high costs, is in reality an argument in favour of the Bill. Because the more time goes by, the more difficult migration to another technology will become; and at the same time, the security risks associated with proprietary software will continue to increase. In this way, the use of proprietary systems and formats will make the State ever more dependent on specific suppliers. Once a policy of using free software has been established (which certainly, does imply some cost) then on the contrary migration from one system to another becomes very simple, since all data is stored in open formats. On the other hand, migration to an open software context implies no more costs than migration between two different proprietary software contexts, which invalidates your argument completely.

The second argument refers to "problems in interoperability of the IT platforms within the State, and between the State and the private sector" This statement implies a certain lack of knowledge of the way in which free software is built, which does not maximize the dependence of the user on a particular platform, as normally happens in the realm of proprietary software. Even when there are multiple free software distributions, and numerous programs which can be used for the same function, interoperability is guaranteed as much by the use of standard formats, as required by the bill, as by the possibility of creating interoperable software given the availability of the source code.

You then say that: "9. The majority of open source code does not offer adequate levels of service nor the guarantee from recognized manufacturers of high productivity on the part of the users, which has led various public organizations to retract their decision to go with an open source software solution and to use commercial software in its place."

This observation is without foundation. In respect of the guarantee, your argument was rebutted in the response to paragraph 4. In respect of support services, it is possible to use free software without them (just as also happens with proprietary software), but anyone who does need them can obtain support separately, whether from local firms or from international corporations, again just as in the case of proprietary software.

On the other hand, it would contribute greatly to our analysis if you could inform us about free software projects *established* in public bodies which have already been abandoned in favour of proprietary software. We know of a good number of cases where the opposite has taken place, but not know of any where what you describe has taken place.

You continue by observing that: "10. The bill demotivates the creativity of the peruvian software industry, which invoices 40 million US$/year, exports 4 million US$ (10th in ranking among non-traditional exports, more than handicrafts) and is a source of highly qualified employment. With a law that incentivates the use of open source, software programmers lose their intellectual property rights and their main source of payment."

It is clear enough that nobody is forced to commercialize their code as free software. The only thing to take into account is that if it is not free software, it cannot be sold to the public sector. This is not in any case the main market for the national software industry. We covered some questions referring to the influence of the Bill on the generation of employment which would be both highly technically qualified and in better conditions for competition above, so it seems unnecessary to insist on this point.

What follows in your statement is incorrect. On the one hand, no author of free software loses his intellectual property rights, unless he expressly wishes to place his work in the public domain. The free software movement has always been very respectful of intellectual property, and has generated widespread public recognition of authors. Names like those of Richard Stallman, Linus Torvalds, Guido van Rossum, Larry Wall, Miguel de Icaza, Andrew Tridgell, Theo de Raadt, Andrea Arcangeli, Bruce Perens, Darren Reed, Alan Cox, Eric Raymond, and many others, are recognized world-wide for their contributions to the development of software that is used today by millions of people throughout the world. On the other hand, to say that the rewards for authors rights make up the main source of payment of Peruvian programmers is in any case a guess, in particular since there is no proof to this effect, nor a demonstration of how the use of free software by the State would influence these payments.

You go on to say that: "11. Open source software, since it can be distributed without charge, does not allow the generation of income for its developers through exports. In this way, the multiplier effect of the sale of software to other countries is weakened, and so in turn is the growth of the industry, while Government rules ought on the contrary to stimulate local industry."

This statement shows once again complete ignorance of the mechanisms of and market for free software. It tries to claim that the market of sale of non- exclusive rights for use (sale of licences) is the only possible one for the software industry, when you yourself pointed out several paragraphs above that it is not even the most important one. The incentives that the bill offers for the growth of a supply of better qualified professionals, together with the increase in experience that working on a large scale with free software within the State will bring for Peruvian technicians, will place them in a highly competitive position to offer their services abroad.

You then state that: "12. In the Forum, the use of open source software in education was discussed, without mentioning the complete collapse of this initiative in a country like Mexico, where precisely the State employees who founded the project now state that open source software did not make it possible to offer a learning experience to pupils in the schools, did not take into account the capability at a national level to give adequate support to the platform, and that the software did not and does not allow for the levels of platform integration that now exist in schools."

In fact Mexico has gone into reverse with the Red Escolar (Schools Network) project. This is due precisely to the fact that the driving forces behind the mexican project used license costs as their main argument, instead of the other reasons specified in our project, which are far more essential. Because of this conceptual mistake, and as a result of the lack of effective support from the SEP (Secretary of State for Public Education), the assumption was made that to implant free software in schools it would be enough to drop their software budget and send them a CD ROM with Gnu/Linux instead. Of course this failed, and it couldn't have been otherwise, just as school laboratories fail when they use proprietary software and have no budget for implementation and maintenance. That's exactly why our bill is not limited to making the use of free software mandatory, but recognizes the need to create a viable migration plan, in which the State undertakes the technical transition in an orderly way in order to then enjoy the advantages of free software.

You end with a rhetorical question: "13. If open source software satisfies all the requirements of State bodies, why do you need a law to adopt it? Shouldn't it be the market which decides freely which products give most benefits or value?"

We agree that in the private sector of the economy, it must be the market that decides which products to use, and no state interference is permissible there. However, in the case of the public sector, the reasoning is not the same: as we have already established, the state archives, handles, and transmits information which does not belong to it, but which is entrusted to it by citizens, who have no alternative under the rule of law. As a counterpart to this legal requirement, the State must take extreme measures to safeguard the integrity, confidentiality, and accessibility of this information. The use of proprietary software raises serious doubts as to whehter these requirements can be fulfilled, lacks conclusive evidence in this respect, and so is not suitable for use in the public sector.

The need for a law is based, firstly, on the realization of the fundamental principles listed above in the specific area of software; secondly, on the fact that the State is not an ideal homogoneous entity, but made up of multiple bodies with varying degrees of autonomy in decision making. Given that it is inappropriate to use proprietary software, the fact of establishing these rules in law will prevent the personal discretion of any state employee from putting at risk the information which belongs to citizens. And above all, because it constitutes an up-to-date reaffirmation in relation to the means of management and communication of information used today, it is based on the republican principle of openness to the public.

In conformance with this universally accepted principle, the citizen has the right to know all information held by the State and not covered by well- founded declarations of secrecy based on law. Now, software deals with information and is itself information. Information in a special form, capable of being interpreted by a machine in order to execute actions, but crucial information all the same because the citizen has a legitimate right to know, for example, how his vote is computed or his taxes calculated. And for that he must have free access to the source code and be able to prove to his satisfaction the programs used for electoral computations or calculation of his taxes.

I wish you the greatest respect, and would like to repeat that my office will always be open for you to expound your point of view to whatever level of detail you consider suitable.

Cordially,

DR. EDGAR DAVID VILLANUEVA NUÑEZ
Congressman of the Republica of Perú.

Re:That's easy...

No it's "Hello, world"... it's just 10MByte 'cause it was compiled with Visual .NET...

The announcement

[_typo]

In case the archive becomes slashdotted here's the announcement:

Last year the Honeynet Project sponsored the Forensic Challenge,
a competition amongst the security community to study, analyze,
and report on a computer hacked in the wild. The result was a
complete forensic analysis of the hacked system. Both the analysis
from different individuals and the the images of the hacked
computer are shared and used to this day.

This year we are continuing that tradition and are announcing the
Reverse Challenge. The goal of this challenge is to develop reverse
engineering skills amongst the security community. Your mission, if
you should choose to accept, is to analyze and report on a binary
captured in the wild. Your analysis will then be judged by a panel
of experts, rated, and shared with the security community.

This year we actually have prizes. Top prizes include licensed
copies of IDA Pro, $200 Amazon gift certificate from DataRescue, and
free pass to the Black Hat Briefings. As if that was not enough, the
top 20 entries get a signed copy of the Honeynet book, Know Your Enemy
(you know, the book the guy down the hall is using as a door stopper :).
Judges include:

- David Dittrich
- K2
- Halvar
- Job de Haas
- Niels Provos
- Gera

The challenge officially begins Monday, 06 May when we release the
binary. You have between now and the 6th to get your tools ready,
form teams if you wish, and stock up on the caffeinated beverage of
choice. You will then have four weeks to complete your analysis and
submit your report no later the 24:00 GMT, Friday, 31 May. Submissions
will be judged and then released 01 July. You can learn more about the
challenge now, and download the binary on 06 May, at

http://project.honeynet.org/reverse/

All question, concerns, and submissions should be sent to

We hope that the community has fun with this, with the ultimate goal
of learning and sharing. Let the games begin!

--- The Honeynet Project

PS, the person who hacked our Honeynet is not eligible to submit an entry,
you know who you are. The question is, do we? .... :)

Re:The announcement

[b1tsh1ft0r]

we are supposed to take this as verbatim from a poster named typo?

:)

is it me..

[Husaria]

or are they just asking what the purpose of binary is? Reading from their challenge, that pretty much summing it up..or I could just need a nap

get some sleep

[b1tsh1ft0r]

they are going to release a binary found in the wild

in other words, a trojan, altered system binary from a rootkit, or the like

we are supposed to determine what it is, what it does, what it doesn't do, that sort of thing. then write up our findings in a nice professional package for fun, fame and prizes

Re:get some sleep

[iabervon]

I'd guess that it's some sort of exploit-wrapper or tool for examining the system, rather than a program that is supposed to look like something recognizable. Otherwise, some of the things they're asking aren't interesting questions.

Re:get some sleep

[bleckywelcky]

Actually, it's a compromise that Honeynet encountered, could not decipher, and decided to have some other poor saps do their work for them. If you find out what it is and what it does, but only provide scant information to Honeynet, you don't win the prize. It's sort of like some of those companies that sponsor hacking "contests". They challenge people to compromise a test bed they have set up, and whoever does wins some grand prize. The only catch is that you have to tell them anything and everything, to the last detail, that you did. If you simply only leave proof that you were successful, then you don't get the prize. These are cheap scams to outsource some work/research/testing that needs to be done, to the public for only the cost of a few prizes (even though they may be somewhat decent) for much less than it would take to hire someone professionally for $50k, $60k, or $70k a year.

*Takes off tinfoil hat.*

Mice and Electrodes!

[Phosphor3k]

Mice are the key! Hooray! Hurrah!

Caustion is not correlation!

Word! Miz-ice in the hiz-ouse!

Here's the binary, see if you can analyse it

[Salsaman]

! seineew era sreenigne tfosorciM

Actual link

[spood]

Not everybody serves their dot-org like slashdot. Here's the real link : WWW.honeynet.org.

Or maybe they were just trying to keep it from being slashdotted! :)

easy

The article states that it is an actual binary that was downloaded and installed on the compromised honeypot machine in 2002. Wouldn't that mean that the person out there who did that already has a huge advantage in this contest?

Re:easy

[aozilla]

PS, the person who hacked our Honeynet is not eligible to submit an entry, you know who you are. The question is, do we? .... :)

Re:easy

[larien]

Damn, you've found out their sekrit plot to uncover the cracker!

Re:easy

And wouldn't it make sense that that person would be disqualified? READ THE ARTICLE!

A file of ...

[joe_bruin]

a file of what? what's in it, random data? how do i know when i found it?

i hope they dont use my method of hiding data:
tar files
bzip2 tar file
xor it with my social security number
hexdump to ascii file
generate gif of the hex in the ascii file
gpg encrypt gif
gzip the gpg text (twice!)
divide file into ints, swap endien-ness, reform
uuencode the file
hide contents in id3v2 tag of my "nofx" mp3s

Re:A file of ...

[spood]

I know you're just clowning, but the binary is a tool uploaded to a honeynet server right after it was compromised and then executed on that machine.

The goal of this contest is for the security community to examine tools that are "in the wild" and forensically analyse them to determine origin, function, skill of the creator, etc. and present the forensic methods used. The community can benefit from this open sharing of methodology so we can all be aware of our opponents in the ring.

Re:A file of ...

[tswinzig]

i hope they dont use my method of hiding data:
tar files
bzip2 tar file
xor it with my social security number
hexdump to ascii file
generate gif of the hex in the ascii file
gpg encrypt gif
gzip the gpg text (twice!)
divide file into ints, swap endien-ness, reform
uuencode the file
hide contents in id3v2 tag of my "nofx" mp3s

Holy shit!

You do that, too?

Re:A file of ...

[nmtratman]

Well, according to the honeynet page, it's a program of some sort. To quote, "the binary in question was downloaded, installed, and then ran on the compromised honeypot." Given this information, you'd probably want to be careful about running the binary. It was used on a infiltrated honeypot. Some suggestions about dealing with this project:

• Don't run it on a work machine! Should be obvious.
• If it's not your personal machine and you intend to run it, make sure that the owner is aware of possible consequences and has given full permission.
• Don't run it on a critical machine. If it's a rootkit of some sort, or something more insidious, you don't want it destroying data. Preferably, you'd like the option to wipe the partition(s) and reinstall if it's nasty.

I don't think the honeypot project would release a very dangerous file without some kind of warning. Still, a little precaution wouldn't hurt.

Re:A file of ...

[JonWan]

You forgot to ROT 13 it twice.

Re:A file of ...

[Skevin]

I just mv it to dev/null. I don't know anyone who can steal it from me at that point.

Skevin

Re:A file of ...

[Pinball+Wizard]

just an FYI, that doesn't really delete your data, it just removes the pointer the OS used to find your data on the disk...the actual data is still there, and can easily be found.

You could get a "shredder" type program if you really want to get rid of that data. Even that won't stop a determined FBI agent with an electron microscope. You could encrypt it, but then you might get prosecuted if you didn't hand over the key when asked.

So, if you really have something to hide, a unique way of hiding it like the parent poster's just might be the best way to do it.

Re:A file of ...

[togtog]

Suggestion, VMware (http://www.vmware.com/). Disable net access, don't use raw disks. Should work great.

Then again IANASE (I am not a security expert).

Re:A file of ...

Am I wrong or doesn't rm (have an option that) writes and rewrites over the data with 0's? I'm on a w2k boxen right now at work, the horror, so I can't answer myself. Doesn't writing over the data pretty much take care of it for your average hax0r?

Re:A file of ...

[wings]

Doesn't everyone?

Re:A file of ...

[cheese_wallet]

I think you are wrong there. When you gzip or tar or gpg a file, it isn't actually operating on the original file, it creates a new one. Then it deletes the old one.

So even if you encrypt all your files, there are probably still unencrypted versions that are findable on your drive.

An encrypted file system might be away around this, or use some program to repeatedly write and erase random data to the "blank" portions of your disk.

Re:A file of ...

[Medevo]

On Windows systems there are many 'shredder' tools such as Norton Wipespace that go along and 0 fill all the unused space on a machine

And when you delete a file what happens is the files entry in the rootsector is removed, the rootsector has a list of all files on the drive (that the OS knows about) and where they are. It can also hold other information such as in FAT32 filesystems the official filesize is 8.3 (a clone of fat16) but using a 'comment' sector of the root and other 245 or so odd bytes are stored.

A way to get around the normal FBI or investagtor problems searching in your disks without getting in trouble (for not giving pword) is to get a laptop that has security hard drives. These drives will only work when connected to that computers BIOS. And you can do your work on the laptop, take the hard drive out, and hide the laptop until problems blow over

Medevo

Re:A file of ...

[Wolfier]

Yup. I'm about to suggest VMWare / FreeMware...it should be the safest - however, stepping through the program with gdb is not such an unsafe idea as it seems.

Re:A file of ...

[wortelslaai3434]

How about User Mode Linux?

I've never used it but always wanted to try. Anybody's got experience with UML?

Re:A file of ...

[SLi]

How about User Mode Linux?

I gave it a try a couple of days ago as a way to test the root filesystem on a boot floppy. I was surprised by it's simple usage, you just compile the binary and run it like ./linux ubd0=root.fs, and your root.fs will be available on the UML kernel's /dev/ubd0 which can be mounted as the root. It just works.

On Debian, even easier. Just 'apt-get install user-mode-linux' && linux ubd0=root.fs and off you go.

Re:A file of ...

The techniques you list are insufficient against any dedicated scrutiny. The only way to fully prevent recovery of deleted material is to physically destroy the platters of the drive (e.g. by incineration or grinding).

Re:A file of ...

[Medevo]

That could also work

but it would get expensive in HD-costs,

if security is that inportant to you no measure could be considered to be 'good enought'

Medevo

Reverse engineering for beginners...

[slipgun]

Anyone know where I can find a newbie's guide to reverse engineering? Although I've done a bit of low level programming, I never got beyond the basics, and all I've done recently is modify the 'START' string in explorer.exe using ultraedit-32.

Re:Reverse engineering for beginners...

uh huh, sure you've ``done a bit of low level programming.'' Visual Basic isn't low level, despite what you may have read in a [humorous] slashdot troll.

Re:Reverse engineering for beginners...

[cp4]

Here's an interesting link. Not necessarily a guide though.

Re:Reverse engineering for beginners...

http://tsehp.cjb.net/- lots to learn there.

Re:Reverse engineering for beginners...

IDA would no doubt be an incredibly helpful tool. It's also cheaper than Photoshop, which I imagine would not be very useful at all...

Re:Reverse engineering for beginners...

[ewhac]

Fravia's Pages of Reverse Engineering aren't too shabby an introduction. However, their focus is on DOS-based systems, not UNIX.

Schwab

Re:Reverse engineering for beginners...

[Wolfier]

Hehe, I have an article there too ;) Wow, never thought it'd be mirrored so widely. It's sad that www.fravia.org went away, though.

Fellow reversers, wanna join force cracking up this honeypot thing?

Re:Reverse engineering for beginners...

[Wolfier]

Reverse engineering binaries sounds difficult, but in fact it is just a fancy name for "analyze program with debugger", i.e. tracing, stepping, examining memory etc.

There are many tools for Unix and Windows, on unix we have nm, file, strings, gdb, perl, etc. (basically everything in the GNU binutils!!) On Windows the choice is a bit limited but they are also the best - softice, boundschecker, windbg, debug, regmon, filemon, IDA pro, w32dasm.

I learned reverse engineering in the Apple ][ era, but it is equally fun to learn it now!

Re:Reverse engineering for beginners...

[wortelslaai3434]

You missed the (at least in my opinion) the first quick & dirty one:

strace

IANAD (ebugger), but strace has helped me solve LOTS of problems, where everything else is over my head.

Re:Reverse engineering for beginners...

[Wolfier]

oh, this too ;) but if you have a good enough debugger, strace is not necessary - and, you know, I'm not going to let a program just run if I don't know what it will do...stopping the proggie when you see something bad happening on strace's output is probably too late...

Re:Reverse engineering for beginners...

Does anyone know what platform the binary will be for? I am not very tempted to play around with WNDPROC's..
On the other hand, something like IDA Pro doesn't exist for Unix. And ndisasm doesn't get close..

The reverse engineered source....

printf("B"); printf("E"); printf(" "); printf("S"); printf("U"); printf("R"); printf("E"); printf(" "); printf("T"); printf("O"); printf(" "); printf("D"); printf("R"); printf("I"); printf("N"); printf("K"); printf(" "); printf("Y"); printf("O"); printf("U"); printf("R"); printf("O"); printf(" "); printf("O"); printf("V"); printf("A"); printf("L"); printf("T"); printf("I"); printf("N"); printf("E"); printf("/n");

Re:The reverse engineered source....

printf("/n");

That's \n, moron.

Re:The reverse engineered source....

[QuodEratDemonstratum]

printf("/n");

That's \n, moron.

Only if you want a '\n' displayed.
If you want "/n" displayed then "/n" is correct.

Re:The reverse engineered source....

[Carbonite]

Get a frickin life! Who the hell corrects syntax in a joke?

Re:How nice...

Yeah, it's great they allow such a colourful language as opposed to USian English.

How about

[nixterino]

executing it (assuming it's executable)?

Re:How about

What processor? What operating system?

Re:How about

[Bob+McCown]

How about executing it

fdisk

how...

[GreenPhreak]

This seems like a really cool contest to raise awareness on security matters. This feels kind of like an ACM problem, except less programming and probably a lot more real-world experience. Anyway, I've never tried to figure out what binary files do...I always refer to source files. Are there many tools available for looking at or figuring out what binaries do? Any reference pages? (the one linked on the article page isn't very helpful). Can someone provide more information about forensics with binaries? Thank you.

wouldn't it be great

[mo]

Wouldn't it be great if it turns out to be the newest format forIndivBox.key

Easy

If you look hard enough it occurs somewhere in the digits of Pi written in base 256.

Fastest way.

[JonWan]

Just open the file in Outlook. That will narrow down the possibilites.

Quite a challenge.

[Hiro+Antagonist]

This looks to be an interesting challenge; I believe the entire idea is analyizing the binary (which is a program) without actually running the thing; then, designing methods to check for network activity and such that this particular binary would generate. In addition, you get bonus points for correctly quantifying the skill level of the coder who produced said binary.

It's much the same way as anaylizing a captured worm/virii; you need to figure out what it does, how to detect it, how to block/eradicate it, and also try and establish a profile of the originator of the worm/virii.

Re:Quite a challenge.

Unless I missed it somewhere they never said you can't run it. In fact I would definitely run it to capture/analyze the network traffic it generates.

Re:Quite a challenge.

[shampster]

It's almost precisely what reversers for cracking/warez groups have been doing for 20+ years. A large group of system/network security professionals today started off reversing viruses in the MS-Dos days, and/or cracking programs for fun and profit in the warez scene.

Re:Quite a challenge.

[Glorat]

Actually, I'm sure the engineer would have to run it if only in a debugger to work out what is happening. This thing may well be a "pseudo-trojan" so it may be a case of running it under VMWare to see what happens.

Finals Week

[fuzz6y]

Releasing such a challenge on Monday of finals week is pure, unmitigated evil. So much for my grades. . .

Oh FUCK!!!

Now you tell me motherfucker! I installed it on my company owned Windows 2000 box, and of course what happens? Hard crash. had to reinstall, and outlook took all day to recover. FUCK FUCK FUCK FUCK why do I do dumbass shit like that?

Sacrificial Lamb..

[pennsol]

I've got a p233 running win98 i'd load this thing on just to see it Die...WUHHAHAHAHA

I have a premonition

[VaXXi]

Anyone wants to bet that 96% of all submitted solutions will be output of this:

[root@localhost /root] wget http://project.honeynet.org/reverse/some_binary_fi le

[root@localhost /root] file some_binary_file

? (heh)

Anyone else find this funny?

[dimator]

Rule #6: The person who hacked the box is NOT eligible

Bar too high...

[vovin]

# Only one entry per household, please. Must be sentient to enter. Sorry, no Ginsu Knives come with this offer!

Guess I need not waste my time ;->

The carrot on the other foot

What would be impressive is if somebody hacked their computers and posted the binary before May 06.

The Main Honeynet URL

[emkman]

while honeynet.org and www.honeynet.org are (still) down, the main project page can be reached here

I know what it is....

[rusty+spoon]

It can only be a picture of Big Billg himself, which of course scares the living daylights out of the tin hat linux weenies whose only purpose in life is to make their box the most secure (and then use their DOB as their PIN number), whilst at the same time downloading pr0n using a custom written shell script executed using cron.

When do I get my prize?

;-)

New challenge...

[Matrix12]

The next challenge should involve preventing their site from being "slashdotted"...

Re:A Responsible Sonata

[Matrix12]

Wider is better...

CAN YOU FUCKWIT ADMINS FIX THIS PAGEWIDENING SHIT

fix this page widening crap - its a load of shit that everyother blog can manage to stop but good old slashfuck manages to ignore

Why do i suspect malda and taco no longer give a flying fuck about this site ?

Wow. He should get bonus points ...

[MarkedMan]

...for obscure movie reference....What movie has an anti-climatic moment when the main character gets his long lusted-after secret decoder ring only to find the hidden message is just a crass advertisement for Ovaltine? And the answer is.... A Christmas Story

Hey!

[cats]

Watch it Bub! In desparation I have submitted my resume to Microsoft. They probably won't hire me, but at this point I'm willing to code for anybody!

By the way, anyone need a Software Developer in the NYC area?

mmmmm....valtine.

[cheebie]

You misspelled the message. It's supposed to be "BE SURE TO DRINK
EURO VALTINE." American valtine is watered down, mass produced swill,
completely inferior to quality German or Swiss valtine. However, the
recent craft valtining movement is beginning to change that. I had an
excellent wheat valtine from Pennsylvania the other night.

00:00 != 24:00

[Mana+Mana]

You will then have four weeks to complete your analysis and submit your report no later the 24:00 GMT [...]

There is no such hour. There is an infinitesimal amount of time between 23:59 and 00:00, but no 24:00 hour, ask any military guy/gal. They would've been better served by saying instead, ``no later the 23:59.''

Re:00:00 != 24:00

[aWalrus]

There are actually 60 seconds between those. Granted, it's not A LOT of time, but I wouldn't call it infinitesimal...

Re:00:00 != 24:00

Incorrect. ISO 8601 allows 24:00, although it is non-canonical. OTOH, "GMT" isn't a valid time scale any more ("UTC" has been the official designation for zulu time for ages now).

Re:00:00 != 24:00

[Mana+Mana]

Zulu time is still zulu time! Zulu time is the term used by the Western/NATO militaries to signify UTC {nee, GMT}; also it is the phonetic term used in military alphabetic phonetics. To wit, alpha, bravo, charlie ... zulu.

So, don't whip out an ISO spec or an RFC to bolster what everyone, and their parking court judge will interpret as non-sense.

Example. You're standing one 11:59:59PM moment on Friday night for your honey to arrive. You look up an instant later as s/he arrives, and yell out: You made it, it's 12:00:00PM!

No way, Babe! ^ That's lunch time. Not midnight. You'd be talking nonsense, and the parking meter maid will slap you with a ticket, and the traffic court judge, as I said, will find against you. Look it up, there are court cases on just this very subject. Why do you think traffic signs around the 12AM and 12PM hour are no more, and read like so: ... up to 11:59PM; or street cleaning begins at 11:59AM? To avoid the kind of confusion you fell into, or that is created in most people.

As I said originally, the Pooh guys should have simply said, = 23:59 UTC/GMT/Zulu/Universal Time Coordinated/Universal Coordinated Time. Pax.

Re:What processor? What operating system?

You'd think the contest would give this info. In a real-world situation, you'd know what kind of CPU and OS a computer was running.

I disagree

[BigDaddy]

I think you misinterpret the the goals of the Honeypot project. These people aren't doing it to market some super system, but rather to provide information about actual cracking techniques to the Whitehat community. They regularly have "competitions" where people analyze various types of attacks. I don't think these usually have prizes. The Honeypot project then provides all the information they have, in addition to the information uncovered by the participants.

Perhaps you take a look at their site and some of their previous work before you assume an ulterior motive. The Honeypot project provides some really interesting looks into the minds of the Blackhat community.

life imitating "art" imitating life

Heh... I just watched hackers yesterday (for the second time), and this reminds me of the part where they tried to find out what was on that 50% complete 'garbage' file that that dude downloaded. on a side note that movie didn't have a consistent showing of what "hacking" was. Half of the time they were doing stuff in a real os (mac os) and the other half they were doing random things in 3d, all stylized and over the top. that's hollywood, (at least it wasn't as bad as tron)

Why it's pr0n, of course...

[Spamhead]

10 bucks says that it's going to be the goatse.cx jpg

ZDNET

[electroniceric]

I'm sure someone has noted by now that ZDNet is carrying this story. On ZDNet it was posted at 4PM. It seems quite possible to me that they picked it up because it was running on Slashdot - it's much more a geek story than an enterprise-techie one. The media getting their news from Slashdot? - a disturbing prospect, and totally circular. What shall we read, dear Liza?

Re:ZDNET

not necessarily circular, more like.... a web!

DMCA not relevant...

Considering how much it's discussed here, it's incredible how many misunderstandings there still are.

The DMCA prohibitions relate only to technologies used to circumvent copy protection. Unless the data has copy protection, this is in no way related to the DMCA.

Reverse engineering is legal unless prohibited, software EULAs try to forbid you from reverse engineering; whether this is legally valid is questionable.

/dev/null

My own rootkit captures all information sent to /dev/null. I have collected huge and sometimes useful information.

;)

Dumb and Dumber

[totierne]

Any x86 machine code to C 'compilers' out there?

Re:Dumb and Dumber

I suppose this is close to what you want..
http://www.backerstreet.com/rec/rec.htm

But hey, wouldn't that be cheating.

honeypot.net an outsourcing project ?

i`ve been looking at this project ever since it was founded, and dave dittrich and the other people on there are mostly noteworthy security scene researchers, and none of them is likely to abuse the research project for banalities like making money of it. did you know that a _lot_ of these people are working in the academic sector (=university admins, students etc) ?

if you want to look up stuff on e.g. dave, check out his work on trinoo, tng, tribe flood network and stacheldraht.

during my work for sun microsystems at the time stacheldraht appeared at a customers site, i never had the idea dave would do anything he did for consultancy fees. he`s a very talented and interested person, and spent above average time of his own on these topics.

http://www.washington.edu/People/dad/ note that the link that refers to consultancy means the university of washington client services consultancy. he is no money-rabid freelancer or dotcom.

*tips the white hat with that $$$ sign*

Don't do that!!

[multipartmixed]

> I just mv it to dev/null.

The file will still be there, only it will be called /dev/null, and you won't have a /dev/null special file anymore, which can break a LOT of stuff. (mmap(/dev/null, bunch_o_bytes) is a common way to allocate memory, for example). If you DO blow away your /dev/null, you need to know the maj/min numbers for that device and recreated it with mknod.

Re:Don't do that!!

[sydneyfong]

1. MAKEDEV will fix it (although it might be more than just fixing the device file if it broke), no need to memorize the numbers
2. devfs would prevent this from happening
3. you're not running as (gasp!) root are you??

Re:Don't do that!!

[multipartmixed]

1. Usually, yeah. devfsadm on some SYSV (e.g Solaris 8) will too.

2. If it's available

3. Don't ask me about the time I forgot I was root and blew away /dev/lpr on my BSDI 2.0.1 box. (long time ago ;-)

Not the first time they've done this..

[snake_dad]

Read the challenge and results from last year. Great stuff!