Actually, they did use a 0-day at our competition. They found a flaw in our sony network camera that enabled them to bypass the authentication. That doesn't sound useful, until you realize it has a built-in microphone.
Ours was fairly organized. The machines were mostly in working condition. They didn't take too much effort to get the services running. However, it did seem like people went out of their way to make them insecure. One thing I found amusing was on one webserver there were about 5 files like "debug.php", "index.php" (although it didn't load by default), and such with blatant vulnerabilities or phpinfo()'s in them.
My only real complaint is that we didn't see anything the scorebot was doing. For a while, they showed us rankings, but then stopped. If we were docked points, we didn't know what for, or even how much.
We got the same explanation for insecurity though - "that's how the other guy left it!"
One of the caveats of the firewall is that we couldn't block by source ip -- so, while it sounds like you can just stop any attack at will, that is not the case. Someone came up with the suggestion of blocking by destination ip... but I don't think the white team would have been very amused.
We are all computer science majors. So, basically we learn to code.
All of our knowledge from this competition is from experience outside of school. A little hands-on knowledge can go a long way. I worked primarily on the Linux servers (but also the e-commerce site on Windows). My knowledge of that is just through personal experience. I've been using Linux for a long time.
I know at least one person on the team has a lot of certifications (Microsoft). Another person was trained on routers by the national guard. Although I have experience from a Cisco class in highschool, I let other guys who knew it better handle it. As a funny note, we locked ourselves out of our firewall almost immediately (due to mistyping the new password). We didn't attempt to reset it while we were in first place.
So, our backgrounds are all pretty unique to answer your question. As a side note, we do have a security class offered at our school, but it is heavily based on theory.
Re:Actually, this was allowed.
on
Students vs. Hackers
·
· Score: 2, Interesting
Administrators cannot be there at all times. The red team actually broke into the building after hours to teach us that lesson!
Finally did something slashdot-worthy!
on
Students vs. Hackers
·
· Score: 4, Insightful
I was at the competition (on the winning team).
It was very fun. We really expected the hackers to be exploiting vulnerabilities much more than social engineering and such. Our downfalls were a) not changing the passwords of the users fast enough b) forgetting to configure the obscure mail server software. It was called "post.office"; never heard of it. By the time we remembered about it, the hackers had changed the password on it, although we (naively) assumed it had just been locked down somehow.
'I can still remember arguing with a sales person that the standard 20 Mg hardrive offered plenty of capacity and the 40 Mg option was only for people too lazy to clean up their systems now and then. The feeling of smug satisfaction lasted perhaps a week.'
I thought this was interesting, since the Intelligencer Journal's HQ is about 2 miles from my house. Anyway, it sounds more like the reporter's computers were stolen, rather than Intelligencer Journal's.
State agents raided Kirchner's home outside Lancaster last month and took computers, he said. He said he had had no other contact with authorities since.
I can see the issue of having confidential secrets being found by the government, but at the same time being in the press does not absolve you from having evidence collected on you. The best thing the government can do is find a 3rd party to do the evidence collection (that is trusted by both sides).
I knew Wine started out as a tool to migrate source code bases from Windows to Linux, but this is the first time I've heard of it being used for that (as opposed to doing conversions at runtime).
I am pretty sure Google has to pay for Internet costs like everyone else. If Verizon doesn't like people using their lines, they should depeer. I'm tired of them whining. They are a regulated monopoly!
What is the productivity of a system full of spyware/viruses? Usually, just about zero.
If you can restore a system in a matter of minutes (deep freeze), then maybe it's not such a big deal to have a secure system. But if it takes an hour or a day, then its a bigger deal.
Why does everything that comes out of the register about Google have a negative slant on it? Maybe they're mad Google won't let them visit their campus.
DRM is not an inherently bad thing. I would rather have DRM access to content then no access at all. I think if any company can use DRM responsibly, it is Google.
Please direct me to the 'file sharing' area of myspace. As the summary implies, it is the main part of myspace, yet I have never seen it! Here I was thinking myspace was a social networking site. Silly me!
I got to work today to discover that my boss got one of the emails and installed a whole lot of spyware on his system. The spyware software the article mentions is called Spyaxe. That was easy to get rid of. However, there is some spyware that loads using the profile notify method, which loads even in safe mode.
Very annoying to get off. Among other things, the infection loads porno ads, repeatedly shows fake Windows security messages, and disables the task manager. It also throws a ton of files in the windows directory (about 30).
Anyone know of any threat pages about this yet? I want to make sure I didn't miss anything.
I am growing tired of continued Wikipedia bashing. Wired has it right: Editing one's biography is discouraged. I would not say it is violating Wikipedia policy.
Slashdot Mirror
Actually, they did use a 0-day at our competition. They found a flaw in our sony network camera that enabled them to bypass the authentication. That doesn't sound useful, until you realize it has a built-in microphone.
Ours was fairly organized. The machines were mostly in working condition. They didn't take too much effort to get the services running. However, it did seem like people went out of their way to make them insecure. One thing I found amusing was on one webserver there were about 5 files like "debug.php", "index.php" (although it didn't load by default), and such with blatant vulnerabilities or phpinfo()'s in them.
;)
My only real complaint is that we didn't see anything the scorebot was doing. For a while, they showed us rankings, but then stopped. If we were docked points, we didn't know what for, or even how much.
We got the same explanation for insecurity though - "that's how the other guy left it!"
Likewise, I'll see you in Texas.
We had internet access (unrestricted), but it was only on one machine. So we had to copy everything via memory stick. It was extremely annoying.
Thank you.
One of the caveats of the firewall is that we couldn't block by source ip -- so, while it sounds like you can just stop any attack at will, that is not the case. Someone came up with the suggestion of blocking by destination ip... but I don't think the white team would have been very amused.
We are all computer science majors. So, basically we learn to code.
All of our knowledge from this competition is from experience outside of school. A little hands-on knowledge can go a long way. I worked primarily on the Linux servers (but also the e-commerce site on Windows). My knowledge of that is just through personal experience. I've been using Linux for a long time.
I know at least one person on the team has a lot of certifications (Microsoft). Another person was trained on routers by the national guard. Although I have experience from a Cisco class in highschool, I let other guys who knew it better handle it. As a funny note, we locked ourselves out of our firewall almost immediately (due to mistyping the new password). We didn't attempt to reset it while we were in first place.
So, our backgrounds are all pretty unique to answer your question. As a side note, we do have a security class offered at our school, but it is heavily based on theory.
Administrators cannot be there at all times. The red team actually broke into the building after hours to teach us that lesson!
Out of curiousity, who are you? :)
I was at the competition (on the winning team).
It was very fun. We really expected the hackers to be exploiting vulnerabilities much more than social engineering and such. Our downfalls were a) not changing the passwords of the users fast enough b) forgetting to configure the obscure mail server software. It was called "post.office"; never heard of it. By the time we remembered about it, the hackers had changed the password on it, although we (naively) assumed it had just been locked down somehow.
'I can still remember arguing with a sales person that the standard 20 Mg hardrive offered plenty of capacity and the 40 Mg option was only for people too lazy to clean up their systems now and then. The feeling of smug satisfaction lasted perhaps a week.'
If you build it, they will fill it.
John Smith
123-456-7890
john@smith.com
myspace.com/johnsmith
I thought this was interesting, since the Intelligencer Journal's HQ is about 2 miles from my house. Anyway, it sounds more like the reporter's computers were stolen, rather than Intelligencer Journal's.
State agents raided Kirchner's home outside Lancaster last month and took computers, he said. He said he had had no other contact with authorities since.
I can see the issue of having confidential secrets being found by the government, but at the same time being in the press does not absolve you from having evidence collected on you. The best thing the government can do is find a 3rd party to do the evidence collection (that is trusted by both sides).
This has probably been posted, but I didn't see it. It's a half hour video of Spore. It's old, but amazing.
Spore video
Looks cool. Calendar is really the only thing I still use over at Yahoo.
Because buying goods made in a country supports their censorship, bravo!
I knew Wine started out as a tool to migrate source code bases from Windows to Linux, but this is the first time I've heard of it being used for that (as opposed to doing conversions at runtime).
I am pretty sure Google has to pay for Internet costs like everyone else. If Verizon doesn't like people using their lines, they should depeer. I'm tired of them whining. They are a regulated monopoly!
What is the productivity of a system full of spyware/viruses? Usually, just about zero.
If you can restore a system in a matter of minutes (deep freeze), then maybe it's not such a big deal to have a secure system. But if it takes an hour or a day, then its a bigger deal.
Note: This isn't going to happen. Rather, Bellsouth is going to charge two parties for the same service.
DRM is not an inherently bad thing. I would rather have DRM access to content then no access at all. I think if any company can use DRM responsibly, it is Google.
Please direct me to the 'file sharing' area of myspace. As the summary implies, it is the main part of myspace, yet I have never seen it! Here I was thinking myspace was a social networking site. Silly me!
Here is some information on the WMF threats.
I got to work today to discover that my boss got one of the emails and installed a whole lot of spyware on his system. The spyware software the article mentions is called Spyaxe. That was easy to get rid of. However, there is some spyware that loads using the profile notify method, which loads even in safe mode.
Very annoying to get off. Among other things, the infection loads porno ads, repeatedly shows fake Windows security messages, and disables the task manager. It also throws a ton of files in the windows directory (about 30).
Anyone know of any threat pages about this yet? I want to make sure I didn't miss anything.
It's a crime that the submitter didn't mention this was with the fastest compression settings.
Hopefully this will mean that soon X will be able to probe more and use the config file less.
Anyway, it is great that X.org is finally bringing some more work on X. XFree was content to sit around and twiddle their thumbs for the most part.
I am growing tired of continued Wikipedia bashing. Wired has it right: Editing one's biography is discouraged. I would not say it is violating Wikipedia policy.