Bugtraq mailing list archives
Re: Sidewinder's announcment
From: stagda () sys1 ic ncs com (stagda () sys1 ic ncs com)
Date: Thu, 13 Oct 1994 00:43:19 -0500 (CDT)
William McVey wrote:
No, as I understand it, they are two separate challenges. The first one was to challenge anyone/everyone to break into a Sidewinder site. This challenge has been deemed unsuccessful by the folx at sidewinder.com. That challenge is now over. The current (or rather future) challenge is given initial access to a Sidewinder host, to penetrate another Sidewinder host on their local network. -- William McVey CS Department Purdue University
"Given initial access" is a sucker bet. All they have to do is write a crude restricted login shell that traps out interrupt signals, doesn't allow new shell generation, and is chroot'ed, and nobody can get out. Big deal. You could do that on a totally insecure system and NOBODY could hack their way out. What this inquiring mind wants to know is, if someone hacks into their system using something OTHER than the freebie login they give, will they make good on their promises of fame and fortune? i.e., if someone poked through a port 25 bug and got root access by such nefarious means or some other typical attack (free access to a severely restricted shell is hardly a typical attack), would they own up in public, or just try to buy off the hacker? It seems to me we're all in the wrong business... rather than trying to seriously secure our own sites, we should just pile a bunch of fearmongering b.s. into a glossy pamphlet and get rich selling "security" to the rubes. -- /** David Stagner Applied Technology Team National Computer Systems - Iowa City 319 354 9200 x6884 **/ #include <stdisclaimer.h> #include "witty_phrase.h"
Current thread:
- Sidewinder's announcment Breakdown (Oct 11)
- Re: Sidewinder's announcment Michael Neuman (Oct 12)
- <Possible follow-ups>
- Re: Sidewinder's announcment William McVey (Oct 12)
- Re: Sidewinder's announcment stagda () sys1 ic ncs com (Oct 12)