Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Server Break-in Challenge

Posted by CmdrTaco on from the g3t-r3ady-to-p3wn3z0rzasdkja dept.

Sujit writes "Are you an Internet security expert at heart or by profession? Ever thought of trying your skill at a professionally set up server? If you are ready, enter. The Linux Server Break-in challenge. You will have a server available on the Internet 96 hours without interruption starting from 9 March 2005 2 AM IST. However, the server's life on the Net is in your hands."

4 of 327 comments (clear)

  1. Re:Isn't this illegal? by LordEd · · Score: 5, Informative

    Hacking isn't illegal. Hacking without permission is illegal. The distinction is unauthorized access. The owner of the box is giving free license to everyone to attack it.

    Its just like corporations hiring security experts to attack their systems in order to find flaws (and strengthen their defenses)

  2. Re:very handy. *cough* by Council · · Score: 5, Informative

    The Fallacy of Cracking Contests (Bruce Schneier)

    Contests are a terrible way to demonstrate security. A product/system/protocol/algorithm that has survived a contest unbroken is not obviously more trustworthy than one that has not been the subject of a contest. The best products/systems/protocols/algorithms available today have not been the subjects of any contests, and probably never will be. Contests generally don't produce useful data. There are three basic
    reasons why this is so.     [see link for explanations]

    --
    xkcd.com - a webcomic of mathematics, love, and language.
  3. Re:Isn't this illegal? by rfc1394 · · Score: 4, Informative
    Even if it's with the system owner's permission, wouldn't this be considered illegal and prosecutable?

    No. While I am not a lawyer, the statute on computer trespass are clear that access without permission and beyond one's authorization are illegal. If the access is within one's authorization or owner grants permission for access, it is not illegal.

    Permission can be implied. Anyone who puts up a website gives implied permission to access it (since the whole idea of posting a website is to get people to access it, presumably either to give them information - or get information from them - or to sell them something (or buy something from them).) If that were not the case, every person who accessed a website could be charged with the crime of computer trespass since they were not explicitly given permission to access that computer!

    If you go to a car dealer, ask to take a test drive, some will simply photocopy your license and hand you the keys, and it's reasonable you can borrow it for 5 minutes or so to drive around the block. (Some will send a salesperson along for the ride; depends on the dealer and the probability of theft.) But if you walked in, took the keys and did the same thing, they could prosecute you for grand theft auto.

    Where the owner has publicly given permission and in fact, has encouraged people to access the system as root, this would constitute explicit permission and thus no crime could occur for hacking their box.

    Paul Robinson

    --
    The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
  4. Re:Uh, ok. by bill_mcgonigle · · Score: 5, Informative

    See also Bruce Schneier's The Fallacy of Cracking Contests.

    Now there's probably a Marketing Department that put them up to it, and some PHB's may be impressed, but it sure announces to the security community, "Hey, we have no idea how to think about security - buy our stuff!"

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)