Slashdot Mirror
Yet Another Crack-This-Box Challenge
Sand_Man wrote to us with the latest public relations stunt
with crack-a-machine trials. This is a month long trial, pitting Linux vs. NT boxes against each other. Details are in the story, but does this whole thing strike everyone else as tired PR stunts now?
In case you didn't notice all the comments, it turned out to be user error by the /. admin posting the story (she posted it before she had finished editing it). /. is still in a "beta frame of mind", things happen. Bad things happening are often not the result of malice but rather of mistakes.
"You can never have too many elephants on your team."
What better way to get a hacker profile database then offer a huge carrot to them to attack a system?
Next it'll be "Win $1,000,000 if you can assassinate [insert public official's name here]", Sponsored by Wal-Mart.
I sent the following e-mail to the test manager at ZD:
I've read numerous comments on various Linux news sites suggesting this is an utterly meaningless test. As a consultant who has done some security work, I must say I do not agree that this test is completely valueless, but it most emphatically is not a test of the relative security of either operating system. This is much more a test of the quality of the firewall product and the completely different web applications running on each server.
Because the most common exploits revolve around poorly written web applications (vulnerable to buffer overruns and so forth), this quite simply is, while not valueless, a totally dishonest test.
You should be using the same web application on both machines, with full source code disclosed. Ideally, you would even be running the same web server with full source code (Apache? Although they really aren't the same code when compiled for the differing OSes).
As I said, I think the test might well be very interesting, but to cast it as a contest between NT and Linux is intellectually dishonest. No meaningful conclusions about OS selection can be made on the basis of this test.
same year! Coincidence? I think not!! :)
Read my sig if you like, but I'll never see yours, thanks to Discussions, Viewing, Disable sigs...
There is definately something fishy here. Both boxes are behind a firewall unidentified by nmap. Translation is that they have some kind of routing firewall to prevent certain ports from being attacked. What kind of contest is this if the ports that are "open" are sitting behind a firewall that won't allow anything more than a 3-way handshake? This is to show NT is secure. I have no doubt anymore. Someone is playing a foul game here.
/root]# nmap -sT -O securent.hackpcweek.com
/root]# nmap -sT -O securelinux.hackpcweek.com
[root@kevlar
Starting nmap V. 2.2-BETA4 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on securent.hackpcweek.com (208.184.64.171):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
70 open tcp gopher
80 open tcp http
119 open tcp nntp
139 open tcp netbios-ssn
420 filtered tcp smpte
443 open tcp https
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
No OS matches for host (see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=TR)
T1(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T7(Resp=N)
PU(Resp=N)
[root@kevlar
Starting nmap V. 2.2-BETA4 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on securelinux.hackpcweek.com (208.184.64.170):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
70 open tcp gopher
80 open tcp http
119 open tcp nntp
139 open tcp netbios-ssn
420 filtered tcp smpte
443 open tcp https
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
No OS matches for host (see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=TR)
T1(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T7(Resp=N)
PU(Resp=N)
Nmap run completed -- 1 IP address (1 host up) scanned in 24 seconds
This pretty much invalidates the whole thing for me. It is probably filtering everything but web traffic ( i would verify but the whole thing is so slow right now I can't deal.)
They say that if a machine isn't behind a firewall it doesn't have anything worth securing. While this may be true this has nothing to do with testing the security of the machine behind the firewall. The firewall is what you are testing at this point. I've pretty much discarded this whole thing. Anyone can close everything but port 80 and 443. What a joke.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
The very quote you cite,
sounds to me like this is going to be result in "with our ultra-scientific testing results, we've determined that MS Windows NT is without a doubt more stable, reliable, user-friendly, and lower in total cost of ownership than Linux." I've seen it too many times before.
Also, when they mention several sites that have been recently hacked, such as ABCnews and the Drudge Report, they say that some were running NT and some were running linux, but Netcraft results indicate that they were all running some flavor of NT and IIS. Already the facts aren't completely straight.
Finally, it all comes down to how the boxes are administered. I don't know anything about the additional software they are putting on it for serving classified ads, but it could be wide open to hackers, especially if it runs as root (don't put it past them). Furthermore, Redhat is not the most secure linux distro out of the box. When Redhat makes a corporate sale with service packages, I'm sure they tweak the post-installation for security.
I just went to check it out. http://www.hackpcweek.com/ is already down, adding to the lameness of this contest...
"I can be self-referential if I want to," said Tom, swiftly.
> Details are in the story, but does this whole thing
> strike everyone else as tired PR stunts now?
Yes.
No
Yep, and the converse is true too. If Linux is hacked, then MS will say, "See, trust your servers with us." But if NT is hacked, they will say "The admins weren't competent".
It has been said already. Crack challenges prove squat. If one OS or the other gets cracked, it won't prove that either is more secure. It'll just prove that a one point in time, one script kiddie cracked one server. And nothing more.
Also, security depends more on how the server was configured then just the OS used. Mindcraft anyone? When I first saw this I thought, "Sure MS could pay PC Week to 'misconfigure' Linux". But back to the presumption that PC Week is independent and hasn't been paid by MS, how competant were the admins that configured these servers? Probably the MS admin was MCSE certified. Perhaps the Linux admin has taken the Red Hat certification, at minimun?
-Brent--
Starting nmap V. 2.3BETA5 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on securelinux.hackpcweek.com (208.184.64.170):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
70 open tcp gopher
119 open tcp nntp
139 open tcp netbios-ssn
420 filtered tcp smpte
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
Remote operating system guess: AXCENT Raptor Firewall running on Windows NT 4.0/SP3
Nmap run completed -- 1 IP address (1 host up) scanned in 37 seconds
I wonder if similar IP's will get cracked as well this time.
But seriously, i think that these don't really help anybody very well. I'm mean what can they really tell us?
-- Moondog
I have a 386 sx/25 running DOS 6.22, clean install, if you crack it you get it... okay... now go for it!
Yeah! But this one lets you watch the logs.
Easy solution. Name one wrestler Linux, the other NT. Let them go at it on pay-per-view for $29.95. Hell, I'd pay.
Of course, that doesn't help if it's PC Week that /.'ed :-)
Good Luck!
-Brent--
Linux will win this round. You know most hackers who go there to break into the boxes are probably going to attack the NT box just to show Linux is more stable than NT.
From the article: "Taschek also noted that, in recent weeks, the Nasdaq/Amex, the Drudge Report and ABC sites were all hacked in someway. Each of these three web sites runs either Windows NT with IIS or Linux as their front-line web servers. " From Netcraft: www.nasdaq.com www.nasdaq.com is running Microsoft-IIS/4.0 on NT4 or Windows 98 www.abc.com www.abc.com is running Microsoft-IIS/4.0 on NT4 or Windows 98 and finally (the worse yet!) www.drudgereport.com www.drudgereport.com is running Microsoft-IIS/5.0 on Windows NT5 beta We all know that both OSes are only as good as the person who administers them. This is an absolute joke. How much says Microsoft is sponsering this?
I mean, what's the point. I just read the Seattle P-I business section this morning where they regurgitate the Mindcraft study as if it were valid, with no negative comments, in an article on Java and Red Hat.
So, seriously, what's the point? PC Week is not unbiased, as any longtime reader knows, and it's pretty obvious that they'll just feature whatever positive spin they can make as to "why IIS and NT is a better choice for your average user who uses ASP" or some such comment.
I've got work to do.
Will in Seattle
It seems like hackpcweek.com is already down :) Slashdotted or hacked? I dunno...
--------
Oscarfish.com: tropical fish with attitude. Way t
This is just MS' ploy to find the hole in NT. They know that someone out there has an exploit for a serious security hole in NT, and they want it. I have no doubt that they are sponsoring it, and the bounty of $1000 is to get the people who have the exploit to use it on the machine. This would explain the firewall. Not only is there a firewall, but they're piping all information to another machine which logs the packets. Try a traceroute, you'll make it to the firewall, but not past it. However you can ping it and get a response. Whoever has the exploit, don't use it unless you feel like giving it up, because the second you use it on the machine, you'll be giving MS the precise location of the security hole.
*pop* Thanks for bringing me back to reality. I was really trying hard to be positive. But I know deep down inside that you are (probably) right.
And I thought Linux was strong in all those areas. But you are right. The test results don't depend on how the OS's themselves hold up, but more on the biases of the testor's.
Well, PC Week has said there will be a series of tests, so I guess the best thing to do would be to watch the tests carefully, and be sure to point out all the problems, the best we can.
-Brent--
This is ridiculous. It's not our job to find the security holes in OS's.
This is probably where you'll see the difference between programmers who love what they do (Open-Source) and programmers who live by a punch-clock (Microsoft).
May the better OS win!
unfortunately, it's much easier for millions of script kiddies to simply flood the connection and ruin it for everyone else.
Maybe this sort of thing should best be done on isolated networks, monitored by judges, like a sport.
Or maybe I'm just depressed because it's Monday.
"The number of suckers born each minute doubles every 18 months."
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Before Hackpcweek went down (uh, I think it's down, my proxy comes back with a "could not be loaded" error in a split second...) I had a look at their log page. Apparently they log all attacks on the NT box, linux box, and the main web server for the trial. The attack split was something like 15% against NT, 10 % against linux, and 75% against the main web server. And now it's down. Go figure.
;)
/. Therefore, if the bad thing happened becuase of their setup (*cough*apachetest*cough*), so many people will complain that will hopefully be forced to fix the problem (see #1). Like this whole firewall arguement thats brewing.
I must say I like the test so far:
1) they're doing it over a month so they should be able to modify the test as it goes on.
2) they allow everyone to see the process of what's going on.
3) I have no knowledge of system security whatsoever. PR stunt aside, I think that this test will be very informative for myself, and others like me who are looking to learn about how this type of thing goes down. Not everything is contained in man and info pages.
As to #2: Therefore, if something bad happens to one of the servers, it'll get put up on
Sig:
Barbeque is a noun. Not a verb.
That's real, honest-to-God, cutthroat competition.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Are these boxes dead already? I can't get a connection and my pings all time out, we're talking 100% packet loss. The contest has started, so I don't know what the excuse is. Probably the same as Microsoft's for their windows2000test machine: the router or the ISP. But Linux is on one of them so there must have been a catostrophic fire or flood perhaps...
It's not a tired PR stunt...we've never really had closure on this one. None of the previous hack-in-the-box contests were "won" officially, so I hope this one plays fully out.
Dan
Somehow, though, I suspect people will put a lot more energy into cracking NT than cracking Linux. So Microsoft won't be using this "benchmark" as FUD. Good, cause that would have been annoying.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
it strikes me as a little ridiculous that people think that this is a real good metric by which one can judge the security of an operating system. I would guess (and I could be wrong) that the only people who are really going to attempt to break into these machines are the script kids; experienced, skilled hackers would probably steer clear of breaking into a site which was set up for the express purpose of attracting attacks.
if I had some exploit that was useful against these machines, and I knew that the only purpose of these machines even being there was to find out how they can be compromised, I would never, ever use my attack on them. besides, whats the prize? several hundred bucks worth of gift certificates? and instant notoriety? thanks, but no thanks.
Why play into M$'s hands by helping them debug W2K? Save our best cracks for the real release. Of course, only on servers that challenge us to do so ;)
Religion is the opium of the people. Evolution is the opium of scientists.
... then stop sending stories about them to Slashdot.
Yeah, they are tired PR vehicles. And there was a great essay from an earlier "crack this machine" Slashdot thread talking about why such stunts could actually harm a company's reputation (maybe someone can find it?)
Jay (=
it strikes me as a little ridiculous that people think that this is a real good metric by which one can judge the security of an operating system. I would guess (and I could be wrong) that the only people who are really going to attempt to break into these machines are the script kids; experienced, skilled hackers would probably steer clear of breaking into a site which was set up for the express purpose of attracting attacks.
if I had some exploit that was useful against these machines, and I knew that the only purpose of these machines even being there was to find out how they can be compromised, I would never, ever use my attack on them. besides, whats the prize? several hundred bucks worth of gift certificates? and instant notoriety? thanks, but no thanks.
Goods Points..but perhaps it is already working. Suppose you were charged with fielding a machine in a national ( international ? ) contest such as this?...the biggest problem so far seems to be keeping ANY machine up and running under an onslaught of attention..regardless of the stated purpose or OS. So what's a hot administrator to do to prove his worth? Maybe he bets another guy he can keep his box going longer than any body else can. The Web itself won't be robust until MOST servers can withstand this type of scrunity and traffic. BTW..If you are paranoid about masking your identity on a box you can't get busted for..get another trade.
The techs shorted out the IIS server by walking on the carpeting in a scuffing kind of way. This knocked out the server.
After all, noone needs a UPS, do they?
Will in Seattle
Geez. Don't people get tired of having these tests last only a few minutes before something goes wrong.
The main site www.hackpcweek.com isn't responding.
Now that the site is back up, I thought I would poke around the website and see some info on the hardware and what not..I came across this on each OS.
;)
about Redhat:
We used the latest distribution from Redhat, along with Apache. Much thanks
to the open source community for help in securing the server.
okay..sounds cool. I'm curious as to WHO helped out.
about Microsoft:
Microsoft pitched in by modifying their guestbook application to a classified ad
application. They also helped with the myriad configurations of Nt,
IIS,SQLServer, and MTS.
Look who decided to get thier hands into things. Not only did they "help" by rewriting the guestbook app, but they also did mods to NT,IIS,SQL server and Transaction Server.
-- Like many have said earlier, It's not going to look good for linux. I could be wrong, but I was only wrong once and that was becasue I *THOUGHT* i was wrong
I mentioned before the use of the firewall throws out all the real world usage issues for me. This is a test of raptor if anything.
On a funny note, notice that they were able to get MS to help with the detailed tweeking. I wonder If I could get them to do that for OUR IIS server? heheheh
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
hmm.....this maybe everybody trying to crack the NT box, but, my portscanner ran about 1/3 faster on the Linux box.
Also - the Netcraft results for securelinux.hackpcweek.com are:
securelinux.hackpcweek.com is running Apache/1.3.6 (Unix) (Red Hat/Linux) on NT3 or Windows 95
Anybody see anything wrong?
That's my 1/50 of $1.00 US
JM
--Justin Mitchell
"2nd Place is a fancy word for losing" --Bender (Futurama)
Has anyone else noticed that the nt posting form thinks you are comming from 10.0.0.1 or somthing like that and will only let you(everyone) post 5 messages in 24 hours?
Could this could be a loop hole for MS to say NT wasn't properly configured?
Could it be a problem with the firewall?
Could PC Week be trying to screw us?
Could I just be paranoid?
Dr_Funk
------- Assumption is the mother of all f$#@ ups.
John Taschek from PCWeek says that the reason they're doing this is for an article on web server security.
"We don't care which operating system (if any) is broken into first. We want to establish the basis for a story on the best practices for implementing security. Additionally, PC Week wants to open up our test labs to the community for these kinds of tests."
The problem with that statement is the "test" will end when the first box is broken into. If they wanted to do an article on the "best practices for implimenting security, wouldn't they fix the security leak and keep the test up?
It isn't stated whether the systems have been hardened or are just standard installs, but it'd be bunk if the NT system had all the latest service packs and the Linux box was a straight install of RedHat 6.0 with everything enabled and wide open.
Hmm... I dont know what they are running their website on but, it has already gone down for one reason or another. If you ask me it's just like everything else. I do something really great, make alot of money, and draw alot of attention to myself, and someone turns around a month later and does the same thing. It's outrageous. I feel as though I have returned to third grade on recess yelling, "Copy Cat, Copy Cat, Copy Cat!" Pete
What's a sig? Pete Brubaker
That's basically all it can be.
There's no way you can actually prove anything simply by saying "Yeah, well, I had my NT box online, asked people to crack it, and no one managed to. Yet, BillyJoeBob's Linux box got cracked! So ha!"
First off, you have to monitor how many break in attempts there are. There could easily be double on the NT box because more anti-NT people heard about it than anti-Linux people.
Second, you have no idea if the people trying to crack into the boxes are of equal skill level.
Third, Linux is *way* too customizable. Sure, you could claim to install it with default settings and such, but that's not really proving anything, since that would just make the distribution's default settings at fault if somone cracks in, not Linux.
I have a feeling that we'll be seeing more of these as time goes on.
Julian
--
Linus vs. Bill
I have no doubt that if problems are identified that they will be fixed and passed along. I guess I thought there was a lot less PR noise to this test than some of the others we have seen lately. To me, this seemed like another facet of peer review by an impartial (well....) tester. Even if it is a PR stunt, we can still use it to improve Linux. Hell, Mindcraft was the mother of PR stunts, and we ended up getting some info on parts of the kernel that needed attention. Ultimately the PR noise will made irrelevant by the facts.
I am sick of all this. I am just going to find out where these damn servers are and break into the server room (physically with a crowbar), and crack the computers (physically with a crowbar), then when I go to claim my prize I will crack the people who thought they should get on the bandwagon by doing thier own competition (physically with a crowbar).
Like many databases, this one highlights all instances of a search term. The person that found this article and submitted the URL had done a search on "Linux," and that's why "Linux" is highlighted everywhere it occurs (even the headline).
For more information, click here.
This is dumb! They have the boxen on the other side of a firewall. And did I read right? The $1000 isnt in CASH? Maybe they will give the winner $1K in MS software. They must be loggin all the packets. So be sure to use your best tricks so MS can learn them!
They say right on the website that MS fixed some parts of NT...so they arnt even running a NT install that you or I could buy. Next week they will put the Linux box outside the f/w and put a username and root password in the issue.net. Screw them.
I have to return some videotapes...
the site is Microsoft.com
If http://securelinux.hackpcweek.com is really linux, why is it coming up as nt3 or 95 box on http://www.netcraft.com/whats? Strange... Even if the "linux box" is really 95, the NT will get cracked more, just because more capable people hate Microsoft.
If you, yes you, hack www.fbi.gov and put up porn, instructions for building nuclear weapons, and your actual home address, you will win the following:
Free housing for 10-30 years!
Free "food" for 10-30 years!
Free sex for 10-30 years!
Free training in a useful trade!
Who can resist!
Do we trust them to know how to set up a machine? Linux or Windows, thier lab people seem kind of out of it.
This and the other "contests" are just attempts by the FBI to catch one of the ULG or other groups in the act.
Do really dense people warp space more than others?
Check out their Why We're Doing this page.
It's nice to see tests from high visiblity labs focusing more important things then whether a "car" can do 350 miles an hour, or 195 miles an hours, when the speed limit only lets the "car" go 85 mph.Sure, the PHB's might be awed by a server the can pump out static data 4 times faster then the bandwidth of a T1, but there are more important details to look at.
When I look at buying a new car, I do more then just check how high the speedometer goes. Handling, braking, comfort, a great stereo system. Top speed in a car, unless you a racing, is largely insignificant when deciding on a car. A company that relies on the top speed of a car to selling it, will find that they have a niche market.
Microsoft relies on "optimising" it's servers to be fast on high end hardware. This is impressive to PHB's, but lacks the real important details needed in servers in production. It won't be long until the PHB's learn that speed isn't the most important thing in a server and they'll have knowledgable admins put servers in production that have real "features".
Or maybe I'm just giving PHB's too much credit. Maybe they'll never learn. But it sounds like PC Week, at least has gotten the idea. Good for them
-Brent--
Honestly, security is a nice issue and all, but there are so many other areas that both operating systems need improvement in. Security is such a function of administration that these contests show very little of the capabilities of the operating system. Try combining them with other aspects, like setup, administration, use, and scalability, and then your contest will really say something about the operating system.
Nah, RMS and ESR are the guys we want for AI. They're ye olde Lisp hackers.
The webpage says cash but the rules say
"To win the 1000 gift certificate you must mark up the home page or steal a file called top secret."
hmmm....
I have to return some videotapes...
First telnetting into port 80 on both secure{nt,linux}.hackpcweek.com shows they're running identical server software. Then I try telnetting into the SMTP port and at both IPs I get "421 stopper.hackpcweek.com is not accepting new connections. Please try later". (Emphasis added).
What an effing waste of time. I think only thing this "challenge" will prove is that nobody bothered.
-- Alastair
Re: "Man didn't really land on the moon...NASA programmers simply produced a simulation on a Un*x system."
.sig, but of course you know the first couple of landings pre-date Unix.
Cute
-- Alastair
I don't mean to belittle your effort, but if you check the front page of www.hackpcweek.com, you will find they prominately list AboveNet as their host ISP for this test. :-)
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Maybe its just me here, or maybe not. But an nmap scan of all ports literally returned almost every port open. Now, not even redhat ships with that many daemons running by default, so its either the firewall (got my vote) or they went out of their way to make each box more insecure.
If it is, in fact, the firewall at fault here, what is the point of having such an event, is the whole contest not pointless here? Wouldn't one have to be able to bypass this firewall first, making it a crack this firewall, and THEN crack this box contest? How do these results verify one OS more secure than the other. More importantly, how do ANY of these tests check up on OS security, since buffer overflows occur across almost all os's, and in fact its usually daemons that are exploited.
-mike
--- Stampede linux for me! I play with fire to break the ice..
It hardly stops there.
The "Site Diary" link at the top of the page is broken.
The "We'll be updating..." (/schedule) link on the front page is also broken.
The "Home Office-Online" link in the sidebar under "Equipment Used" gives you the write-up for the H/P server.
The "IIS on NT vs. Apache on Linux..." (/backgrounder.html) link has bogus characters in it (a target for the "Demoroniser" Perl script).
This is supposed to make us believe the server admins know what they are doing? Please. Why not just have some high school students setup the site? I have a feeling that would be about as valid.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
No Text
---
END OF LINE
But just because a system hasn't been cracked, doesn't guarantee it is secure.
In fact, if I were a malicious cracker, and found a hole in the security of either of these systems, I wouldn't tell a soul how I did it. I'd keep the knowledge to myself, and wait for some juicy targets running (insert least favorite OS here). Say, the next potential amazon.com.
It's obvious that the administration of servers has a major impact on their security. I wonder if the NT admins at pc-week are equally skilled as the Linux admins, or vice versa. It was shown before that difference in skill can give hard to swallow results. (mindcraft anyone?)
it can tell us a lot and help us
.ed , we are strong and will over come any thing.
mainly it is pr , and free pr is good some times as long as us the ppl in the community have a say and can set the records strait now and then and not let linux promise something it cant deliver (at the moment) . but this kinda tries when done right can get the message out that yes linux is a great os and an oss . to dispell myths that certian oses are the only way to go . mainly there is going to have to be some ethical discustions set down
the fact that we can read the logs is pritty cool if it isnt always / and
free speach as long as you dont lie is the way to go. lets back up our arguments
Wonder if it's because /. effect, DoS attacks or both.
Actually, I'd call it more of a Non-Moderating Censorship. Comments disappear, stories disappear (specificly the one this morning about the CEO of Infoseek being arrested for Kiddie porn). Not sure if Taco just didn't like the comments, or if he thought it was the wrong kind of article for /.
Personally I didn't like the article at all... or the comments.
http://www.netcraft.com/whats/?host=www.hackpcweek .com
Shows.
www.hackpcweek.com is running Microsoft-IIS/4.0 on NT3 or Windows 95
NT3 or Windows 95????
Good grief! We've got real issues to work with other then spending the next three months playing with Microsoft's beta OS.
When Microsoft announced the challenge we did our duty and "checked out" the server. And guess what? It failed miserably. Having proved that we went back to playing with our toys.
Perhaps if MS wants any more testing they can go out and pay a real security company to test their OS. We're just tired of knocking their poor server down, enough is enough.
Its ran for a month without reboot? If so, good for them. Goes to show that MS can develop a server that runs great - when no one uses it.
-Brent--
Come on, i think the idea is getting old. I mean, basically, its been done already. The origional concept with micro$oft and LinuxPPC was a good concept, but now its just copycats.
Dan Noe http://resonator.physics.sunysb.edu/dan/
They could use F5 networks BIG/IP and 3DNS solution to load balance between 2 machines serving content. One could be NT one Linux. Same IP address and domain names. However, if you go to the site you'll find that there are links to each box
:)
securent.hackpcweek.com
and
securelinux.hackpcweek.com
I predict NT gets hit more because it has less to type for the lazy script kiddies out there.
Do really dense people warp space more than others?
In this article, John Taschek implies that one of the recently cracked sites was running Linux. For those who are interested, there is a running debate about this article on Linux Today in which Mr. Taschek has been participating. The article is at
http://linuxtoday.com/talkback/38904.html
In the discussion, I challenged him to defend his position about why he implied that Linux had been cracked. He responded by saying that Matt Drudge's main page (www.drudge.com) runs Linux. Of course, the page that was cracked was www.drudgereport.com which runs IIS on NT.
In short, John Taschek is a liar who has no credibility WRT Linux, and the purpose of this test, it is clear, is to either damage Linux's reputation or try to repair NT's.
Of course, I think we all knew that already!
Aaron
Since they have a firewall with ACLS on all ports except 80 I think we are testing a firewall instead.
Microsoft aggravates my tourettes syndrome.
By my estimates, this means you have to access by 5:00am to test this route for hacking in. The Linux server was correctly configured to allow more posting access and to time-out ads based on user-selected options.
D. Keith Higgs
CWRU. Kelvin Smith Library
My office has been taken over by iPod people.
I want to see Linus and Alan get together and write an AI for Linux, which will do battle with a Microsoft-written AI for Windows. Put them on their own private subnet, and see which AI cracks the other one first (and cracking the other's monitor with a robotic hammer doesn't count)
Juiced? Or Not?
The impression I got from Garfinkel and Spafford's fairly-accessible book "Practical Unix and Internet Security, 2e" (O'Reilly) was that, even if everything else in the book went completely over your head, you should at least understand that crack-this-box contests don't prove @!$%#$.
So why bother with them?
Breakfast served all day!