Re: Sidewinder's announcment

[stagda () sys1 ic ncs com (stagda () sys1 ic ncs com)]

William McVey wrote:
> No, as I understand it, they are two separate challenges.  The
> first one was to challenge anyone/everyone to break into a Sidewinder
> site.  This challenge has been deemed unsuccessful by the folx at 
> sidewinder.com.  That challenge is now over.  The current (or rather
> future) challenge is given initial access to a Sidewinder host, to
> penetrate another Sidewinder host on their local network.
>
>  -- William McVey
>     CS Department
>     Purdue University

"Given initial access" is a sucker bet.  All they have to do is write a 
crude restricted login shell that traps out interrupt signals, doesn't allow 
new shell generation, and is chroot'ed, and nobody can get out.  Big deal. 
You could do that on a totally insecure system and NOBODY could hack 
their way out.  

What this inquiring mind wants to know is, if someone hacks into their system 
using something OTHER than the freebie login they give, will they make good 
on their promises of fame and fortune?  i.e., if someone poked through a 
port 25 bug and got root access by such nefarious means or some other typical 
attack (free access to a severely restricted shell is hardly a typical attack),
would they own up in public, or just try to buy off the hacker?

It seems to me we're all in the wrong business... rather than trying to 
seriously secure our own sites, we should just pile a bunch of fearmongering 
b.s. into a glossy pamphlet and get rich selling "security" to the rubes. 

-- 
/**
        David Stagner  
        Applied Technology Team 
        National Computer Systems - Iowa City 
        319 354 9200 x6884
**/
#include <stdisclaimer.h>
#include "witty_phrase.h"