Re: Sidewinder's announcment
stagda@sys1.ic.ncs.com
Thu, 13 Oct 1994 00:43:19 -0500 (CDT)
William McVey wrote:
>
> No, as I understand it, they are two separate challenges. The
> first one was to challenge anyone/everyone to break into a Sidewinder
> site. This challenge has been deemed unsuccessful by the folx at
> sidewinder.com. That challenge is now over. The current (or rather
> future) challenge is given initial access to a Sidewinder host, to
> penetrate another Sidewinder host on their local network.
>
> -- William McVey
> CS Department
> Purdue University
>
"Given initial access" is a sucker bet. All they have to do is write a
crude restricted login shell that traps out interrupt signals, doesn't allow
new shell generation, and is chroot'ed, and nobody can get out. Big deal.
You could do that on a totally insecure system and NOBODY could hack
their way out.
What this inquiring mind wants to know is, if someone hacks into their system
using something OTHER than the freebie login they give, will they make good
on their promises of fame and fortune? i.e., if someone poked through a
port 25 bug and got root access by such nefarious means or some other typical
attack (free access to a severely restricted shell is hardly a typical attack),
would they own up in public, or just try to buy off the hacker?
It seems to me we're all in the wrong business... rather than trying to
seriously secure our own sites, we should just pile a bunch of fearmongering
b.s. into a glossy pamphlet and get rich selling "security" to the rubes.
--
/**
David Stagner
Applied Technology Team
National Computer Systems - Iowa City
319 354 9200 x6884
**/
#include <stdisclaimer.h>
#include "witty_phrase.h"