William McVey wrote: > > No, as I understand it, they are two separate challenges. The > first one was to challenge anyone/everyone to break into a Sidewinder > site. This challenge has been deemed unsuccessful by the folx at > sidewinder.com. That challenge is now over. The current (or rather > future) challenge is given initial access to a Sidewinder host, to > penetrate another Sidewinder host on their local network. > > -- William McVey > CS Department > Purdue University > "Given initial access" is a sucker bet. All they have to do is write a crude restricted login shell that traps out interrupt signals, doesn't allow new shell generation, and is chroot'ed, and nobody can get out. Big deal. You could do that on a totally insecure system and NOBODY could hack their way out. What this inquiring mind wants to know is, if someone hacks into their system using something OTHER than the freebie login they give, will they make good on their promises of fame and fortune? i.e., if someone poked through a port 25 bug and got root access by such nefarious means or some other typical attack (free access to a severely restricted shell is hardly a typical attack), would they own up in public, or just try to buy off the hacker? It seems to me we're all in the wrong business... rather than trying to seriously secure our own sites, we should just pile a bunch of fearmongering b.s. into a glossy pamphlet and get rich selling "security" to the rubes. -- /** David Stagner Applied Technology Team National Computer Systems - Iowa City 319 354 9200 x6884 **/ #include <stdisclaimer.h> #include "witty_phrase.h"