funny comments from Hack IIS6 contest admin

[Anthony Zboralski <bcs2005 () bellua com>]

Did you guys notice this dumb Hack IIS6 Contest to win an Xbox?

    http://www.hackiis6.com

Below are the comments I posted on Slashdot and a reply from Roger  
Grimes, who claims
that if MS increases the price to $250K it will not affect the result  
of the contest:))


Is this a joke?!? The reward is worthless! (Score:3, Informative)
by acz (120227) <z&hert,org> on Friday May 06, @08:15AM (#12448998)
You have to be retarted to use an 0day IIS exploit to win an XBox  
when you can sell it for around 20K or impress customers during a pen  
test... (A pen test can be worth between 15K to 200K depending on the  
scope of the project).

One hour of security consulting earns you an XBox, why bother with  
this contest?

Link to post on vuln sharing club, here [immunitysec.com]

Re:Is this a joke?!? The reward is worthless! (Score:1)
by acz (120227) <z&hert,org> on Friday May 06, @10:31AM (#12449395)
make the reward 250K and this web site will be hacked right away.

Re:Is this a joke?!? The reward is worthless! (Score:0)
by Anonymous Coward on Friday May 06, @07:12PM (#12453220)
This sort of claim is so not true. Ebay, Microsoft, Msn, Hotmail, and  
so many other sites run on IIS 6. Certainly, there is financial gain  
beyond $250K to be made if you successfully hack those sites. They  
aren't (while you can never be sure any computer system isn't  
hacked...they aren't publicly known to be hacked).

Hacking success is driven by desire and consistent effort, only a bit  
of which is money-driven. The spyware and ad-ware related hackers are  
certainly driven by money, but many other hackers (i.e. gov't  
hackers) aren't.

It's probably safe to say that most people on this list, including  
anyone claiming so (like you) would not be able to hack the site if  
given a bigger prize. Some might...but the ones who can really do it  
aren't out making knowingly false claims and bragging of skills they  
don't have and probably couldn't acquire. Of course, on the other end  
of the spectrum, if given a bigger prize, I would probably secure the  
site beyond the basics as well...and things like that...so it would  
not be a one-sided build up.

Roger A. Grimes
admin () hackiis6 com

Re:Is this a joke?!? The reward is worthless! (Score:1)
by acz (120227) <z&hert,org> on Friday May 13, @10:24PM (#12523673)
Some of the companies you have mentioned have been hacked and will be  
hacked again... Didn't Microsoft get winnt4 and win2k src stolen last  
year? (it's probably still on edonkey.)

I was talking about legal ways to make money from a vulnerability or  
exploit without resorting to fraud or crime.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave