Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Server Break-in Challenge

Posted by CmdrTaco on from the g3t-r3ady-to-p3wn3z0rzasdkja dept.

Sujit writes "Are you an Internet security expert at heart or by profession? Ever thought of trying your skill at a professionally set up server? If you are ready, enter. The Linux Server Break-in challenge. You will have a server available on the Internet 96 hours without interruption starting from 9 March 2005 2 AM IST. However, the server's life on the Net is in your hands."

14 of 327 comments (clear)

  1. Re:Incentive? by SQLz · · Score: 3, Informative

    Actually, they would. For a couple reasons.

    1. Contests like this make Linux more secure.
    2. If your looking to find a job in the security industry, this a is a nice bullet on the resume.

    You don't see MS having break in challenges do you? If they did and 17 unknown holes were found and fixed that would have gone unpatched otherwise, would Windows be more secure or less secure?

  2. Re:Time zone? by Anonymous Coward · · Score: 1, Informative

    indian standard time

  3. Re:Time zone? by Anonymous Coward · · Score: 0, Informative

    This IST is in India. UTC+530

  4. Re:Isn't this illegal? by LordEd · · Score: 5, Informative

    Hacking isn't illegal. Hacking without permission is illegal. The distinction is unauthorized access. The owner of the box is giving free license to everyone to attack it.

    Its just like corporations hiring security experts to attack their systems in order to find flaws (and strengthen their defenses)

  5. Re:Uh, ok. by spectrokid · · Score: 3, Informative

    Break into a Linux server that has no services running[...]
    From TFA: This server won't be protected by firewall. There won't be any fake demons or honeypots as well. It will be running all the services normally found in a regular Linux distribution and more.

    --

    10 ?"Hello World" life was simple then

  6. Re:very handy. *cough* by Council · · Score: 5, Informative

    The Fallacy of Cracking Contests (Bruce Schneier)

    Contests are a terrible way to demonstrate security. A product/system/protocol/algorithm that has survived a contest unbroken is not obviously more trustworthy than one that has not been the subject of a contest. The best products/systems/protocols/algorithms available today have not been the subjects of any contests, and probably never will be. Contests generally don't produce useful data. There are three basic
    reasons why this is so.     [see link for explanations]

    --
    xkcd.com - a webcomic of mathematics, love, and language.
  7. Re:Selling some sort of hardened Linux, perhaps? by gowen · · Score: 3, Informative
    and you test for root exploits using a local account
    Which is exactly what will happen if no-one has found a remote hole in 48 hours.

    RTFA.
    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  8. Re:Isn't this illegal? by rfc1394 · · Score: 4, Informative
    Even if it's with the system owner's permission, wouldn't this be considered illegal and prosecutable?

    No. While I am not a lawyer, the statute on computer trespass are clear that access without permission and beyond one's authorization are illegal. If the access is within one's authorization or owner grants permission for access, it is not illegal.

    Permission can be implied. Anyone who puts up a website gives implied permission to access it (since the whole idea of posting a website is to get people to access it, presumably either to give them information - or get information from them - or to sell them something (or buy something from them).) If that were not the case, every person who accessed a website could be charged with the crime of computer trespass since they were not explicitly given permission to access that computer!

    If you go to a car dealer, ask to take a test drive, some will simply photocopy your license and hand you the keys, and it's reasonable you can borrow it for 5 minutes or so to drive around the block. (Some will send a salesperson along for the ride; depends on the dealer and the probability of theft.) But if you walked in, took the keys and did the same thing, they could prosecute you for grand theft auto.

    Where the owner has publicly given permission and in fact, has encouraged people to access the system as root, this would constitute explicit permission and thus no crime could occur for hacking their box.

    Paul Robinson

    --
    The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
  9. Sarovar.org by Anonymous Coward · · Score: 1, Informative

    These guys maintain Sarovar.org, the open source project hosting web site which hosted PlayFair when it was driven out of SourceForge.

  10. Re:Uh, ok. by bill_mcgonigle · · Score: 5, Informative

    See also Bruce Schneier's The Fallacy of Cracking Contests.

    Now there's probably a Marketing Department that put them up to it, and some PHB's may be impressed, but it sure announces to the security community, "Hey, we have no idea how to think about security - buy our stuff!"

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  11. Re:Incentive? by Riddlefox · · Score: 3, Informative
    Here's a CNet news article.

    It seems that the hackers never managed to gain control of the W2K machines, but were able to launch a DOS on it.

  12. Re:very handy. *cough* by wirelessbuzzers · · Score: 3, Informative

    Your quote, while partially right, is out of context. Schneier is talking about cryptographic cracking contests, especially of the form "here's a ciphertext file, tell me the plaintext." In this case, the attackers have much more access to the machine. Furthermore, there are more skilled hackers with free time than skilled cryptographers with free time.

    However, a much bigger problem is that they only give 96 hours. The Hardened Gentoo server is much more rigorous, as it has no prize associated but has been available to log into for a long time.

    --
    I hereby place the above post in the public domain.
  13. !pwned. Connection Refused? by gfolkert · · Score: 2, Informative

    Whoa, every time I try to get there, I get connection refused.

    I have even done a *LOUD* NMap scan. I only get port: 22 (filtered)

    And that is it. Hmmm.

    Boy they MUST have a really well setup system. Either that or you are an Idiot.

    --
    greg, REMEMBER ED CURRY!!!
  14. Re:Just a hacking challenge by Jonboy+X · · Score: 3, Informative

    So, this is just another hacking challenge. Like the hundreds of others out there (many/most of which are on Linux). What qualifies this to make it to slashdot?

    The main difference is that this one was announced on a slow news day.

    --

    "In a 32-bit world, you're a 2-bit user. You've got your own newsgroup, alt.total.loser." -Weird Al