Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Computing Editor Wins RSA Hacking Contest

Posted by Zonk on from the hack-on-hack-off dept.

richkarpi writes "Network Computing's security editor won the recent RSA Interactive Testing Challenge. He has up a blow-by-blow description of the events at their site: 'The most important factor in the contest besides basic web exploitation skills (cross site scripting (XSS), SQL injection, cross site request forgeries (CSRF), etc.) was speed ... I squeaked out a win in the tie-breaking challenge the first day with only a few seconds to spare as my opponent was right behind in the hunt to combine three injectable fields into one long javascript function.'"

4 of 65 comments (clear)

  1. The CSRF and XSS FAQ by mrkitty · · Score: 2, Informative


    The XSS FAQ
    The Cross-site Request Forgery FAQ

    --
    Believe me, if I started murdering people, there would be none of you left.
  2. Re:Ugh by numatrix · · Score: 3, Informative

    I would have written the exact same sentence if my opponent was in a similar position at a Catholic, Baptist, Buddhist, etc, organization, or was technical staff for Seven-eleven, Sears, or pretty much any non-security company.

    Read it again and you'll notice I also included myself in the category of "people you wouldn't expect in the finals of a web hacking competition". So unless you think I was also calling myself stupid, I wasn't belittling anyone. Merely pointing out that neither of us were the first folks you'd expect to see in the semi-finals.

  3. Re:Meh by MikePikeFL · · Score: 4, Informative

    Well, HD Moore didn't win for doing that. While he did use the Framework to break into the machine in a way we didn't expect, he wasn't available to participate in the finals so he was disqualified.

    He did ask permission to use the Framework before doing so, which he "happened" to have on a USB stick. The point of the exercise was application testing, not rooting the Windows 2000 server that we forgot to install a firewall on. Whoops, our bad!

    Having never seen him before, we didn't know he really was HD Moore until we used images.google.com to find out. :-)

    Congrats again Jordan, hope to see you next year since you won a free pass!

    --
    "Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" -Andrew Tanenbaum
  4. Re:Meh by Anonymous Coward · · Score: 1, Informative

    Last year's winner was not HDMore, it was Ralf Hoelzer.

    http://2006.rsaconference.com/us/media/news.aspx