Security Basics mailing list archives
Re: hax.tor
From: "0x90" <secbasics () spam gagspace com>
Date: Tue, 27 Nov 2007 01:31:28 +0100
Dear Attila,
What do you want to SSH connect to FBI-s homepage?
I don't want them to "SSH connect". All you do is connect, and not SSH.
If this is a game, why don't you provide yourself the target for scanning it?
I do provide myself as the target for most challenges, should the level require portscanning, exploiting a PHP, etc. In this case, we are not talking about scanning, we are talking about aquiring a simple banner. The last thing I would want to do is send the player to do illegal activities. The challenges that involve sites other than mine (yes, government / google / yahoo / nasa sites) focus on getting information through legal ways. The FBI challenge is one of these, although it is only the second warmup level, so it is still 'too easy', and doesn't provide you with much information - maybe just a smile to make your day as you advance to the other 40 levels.
* Philippe wrote:
They just want to see if you can do a banner grabbing, theres really nothing to it. But I do agree that choosing the FBI is a very very VERY bad way to be serious, it is sendingout the Hacker VS the law image and I would go against this.
None of my hosts have SSH open (and for various reasons won't, neither for just a fake banner). I would have felt bad about putting the player to connect to any average server out there. Just think of it. It would have made no point. On the other hand, the FBI might have had some funny reason to open up that port (which I highly doubt is actually SSH, but who cares), so they probably don't mind anyway. And even if they did, they obviously get no less mass SSH scans a day than any other ip pool does. And those scanners go further than just connecting.
To summarize, this is not the "Hacker VS the law" thing (especially with all the warnings: "do not do anything illegal", "do not spam their forum boards", "do not scan their subnet" etc). I am disappointed and sorry if anybody got the opposite idea. To these people I recommend reading the list of challenges to see the big picture.
Regards, 0x90 http://hax.tor.hu/
Current thread:
- Re: hax.tor, (continued)
- Re: hax.tor Zimler Attila Tamás (Nov 26)
- RE: hax.tor Rivest, Philippe (Nov 26)
- Re: hax.tor Daniel Grant (Nov 26)
- RE: hax.tor Rivest, Philippe (Nov 26)
- Re: hax.tor jeffrey rivero (Nov 27)
- Message not available
- Re: hax.tor Daniel Grant (Nov 27)
- Re: hax.tor Peter Harmsen (Nov 27)
- Message not available
- Re: hax.tor Captain Bock (Nov 27)
- RE: hax.tor Melissa (Nov 28)
- RE: hax.tor Rivest, Philippe (Nov 26)
- Re: hax.tor Zimler Attila Tamás (Nov 26)
- Re: hax.tor Michael Argyriou (Nov 27)
- Re: hax.tor 0x90 (Nov 27)
- Re: hax.tor Robert Larsen (Nov 27)