Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moronic Hacking Contest Ends In Free-For-All

Posted by chrisd on from the stupid-marketing-tricks-end-badly dept.

atomgiant writes "ZDNet is running an interesting article about the KDWorks hacking contest that has gone bad, or good, depending on your perspective. Entertaining read in any event." I think that Bruce Schneier has said it best on the value of contests such as this one. That the registration server was compromised I think is a telling comment on the value of whole site security.

8 of 297 comments (clear)

  1. Re:Hmm by unicron · · Score: 3, Informative

    They have this law, called entrapment, that says people can't be baited into committing crimes. You should look into it, might interest you.

    --
    Finally, math books without any of that base 6 crap in them.
  2. Re:RSA Challenge anyone? by Boatman · · Score: 3, Informative

    Contests are good at proving *insecurity*. Thus the RSA contests. But lack of proof of insecurity isn't proof of security.

    --
    --Just the place for a snark!
  3. Re:Not "real world"? by mabinogi · · Score: 2, Informative

    >Is there any reason why these would be any safer if they were each in a separate machine?

    Yes, a compromise of one service wouldn't automatically lead to a compromise of all...

    It doesn't really lessen the chance of having something compromised, just limits damage if it does happen.

    --
    Advanced users are users too!
  4. Re:Interesting thing about the site... by MobyTurbo · · Score: 2, Informative

    One often sees com.com type addresses for CNet sites. ZDNet and CNet made a merger a year or two ago, so it's no wonder that ZDNet is using it.

  5. Re:You can't always get what you want, but.... by Anonymous Coward · · Score: 1, Informative
    First hit on Google:

    http://ask.yahoo.com/ask/20000710.html

    Don't you feel like a retard now?

  6. Re:Korea and the Internet by Anonymous Coward · · Score: 1, Informative

    Ya know - he NEVER made that claim. You can't defend yourself against one of these memes, and so Gore didn't even try. He did claim to have supported its development/expansion, which is true.

    "I took the initative in creating the internet" -Al Gore

    Seems like he did to me. Of course, people like you do seem to rewrite history..

  7. Re:Korea and the Internet by shyster · · Score: 3, Informative
    "I took the initative in creating the internet" -Al Gore Seems like he did to me. Of course, people like you do seem to rewrite history..

    Not to be too political here, but let's at least look at things reasonably. The context of that quote was Gore talking about legislation that he spearheaded to fund the creation of the Internet. Neither that quote, or any other, can be interpreted by any but the most die hard conservative as Gore claiming to have invented the Internet. It is, however, a fact that Gore did take initiative in legislation to create the Internet.

    When you take things out of context, you can prove almost any point. As the old saying goes, the devil can quote scripture to suit his means (or something like that...)

  8. Re:Yeah, but... by btellier · · Score: 4, Informative

    Exactly. Obviously when they say "services" they really mean ISAPI extentions or modules. The point is that the more lines of code a hacker can access the more likely they are to break into the computer. More services generally means more code, more extentions means more code. If a server runs Apache with only .html access enabled the odds of breaking in are slim to none (baring some heretofore unknown haq-fu). However most sites enable one of the dynamic languages you listed above, which then creates the ability for people to hack the Triforce of web code:

    - Server-Side interperatation of pathnames

    - Server-Side interperatation of dynamic parameters

    - Backend-Side database metacharacter injection

    It's easy to secure a simple web server. It's very, very difficult to secure one offering many "services".