Information Security News mailing list archives
Hacker group finds faults in crack challenge
From: InfoSec News <isn () C4I ORG>
Date: Tue, 6 Mar 2001 22:30:30 -0600
http://www.it.fairfax.com.au/breaking/20010307/A27390-2001Mar7.html Wednesday, March 7, 2001, 10:46 By BARRY PARK, FAIRFAX IT Hacker advocacy group 2600 Australia has called on a Perth company to honor its promise to donate $US1 million to charity after its network security device remained uncracked after a 30-day public trial. Secure Systems, which has developed a hardware-based network security device called the Silicon Data Vault, said earlier this year it would donate $1 million to the United States-based Make-a-Wish Foundation if the device was cracked within a 30-day period ending at midnight on February 28, but only if the technology was onsold to a developer. It said if the device was cracked, Secure Systems would donate $US10,000 to the charity of the cracker's choice. However, 2600 Australia yesterday criticised the company's decision to move the cracking challenge into a second phase, which was to have launched on the company's website yesterday. Do you guys really think that proving something cannot be broken by a meagre 30 participants in two to three weeks is sufficient evidence on which to base what appear to be claims of unbreakable security? 2600 Australia spokesman Grant Bayley said in an e-mail to the company. 'I don't think this challenge is by any means a fair one because the parameters in which entrants are forced to operate are nothing like those which a serious commercial or military buyer would be subjected to when performing an evaluation prior to purchase or embedded use, Bayley said. Anyone at Secure Systems ever considered that the value of the information protected by SDV when put into widespread usage is greater than the US$10,000 reward being offered? If you broke it and were so inclined, wouldn't you wait until the product was in widespread use and privately dine on the morsels 'protected' by it? he said. Bayley said crackers would also gain physical access to a device to study how it was built, which also could give clues to how its security could be circumvented. The Australian reported yesterday that 30 attempts on cracking the Vault during the challenge's timeframe had failed. It said Secure Systems had now moved the information to a Linux-based system, and that crackers would have to identify themselves before logging into the Vault system. Secure Systems has been contacted for comment. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Hacker group finds faults in crack challenge InfoSec News (Mar 06)
- Re: Hacker group finds faults in crack challenge Grant Bayley (Mar 06)