Slashdot Mirror

← Back to Stories (view on slashdot.org)

Moronic Hacking Contest Ends In Free-For-All

Posted by chrisd on Monday June 3, 2002 @09:40AM from the stupid-marketing-tricks-end-badly dept.

atomgiant writes "ZDNet is running an interesting article about the KDWorks hacking contest that has gone bad, or good, depending on your perspective. Entertaining read in any event." I think that Bruce Schneier has said it best on the value of contests such as this one. That the registration server was compromised I think is a telling comment on the value of whole site security.

1 of 297 comments (clear)

Min score:

Reason:

Sort:

Re:Yeah, but... by btellier · 2002-06-03 18:37 · Score: 4, Informative

Exactly. Obviously when they say "services" they really mean ISAPI extentions or modules. The point is that the more lines of code a hacker can access the more likely they are to break into the computer. More services generally means more code, more extentions means more code. If a server runs Apache with only .html access enabled the odds of breaking in are slim to none (baring some heretofore unknown haq-fu). However most sites enable one of the dynamic languages you listed above, which then creates the ability for people to hack the Triforce of web code:

- Server-Side interperatation of pathnames

- Server-Side interperatation of dynamic parameters

- Backend-Side database metacharacter injection

It's easy to secure a simple web server. It's very, very difficult to secure one offering many "services".