Re: Can hackers crack million-dollar dare?

[InfoSec News <isn () C4I ORG>]

Fowarded by: Ben Rothke <ben.rothke () baltimore com>

Hi,

In a nutshell, hacking contests are a terrible way to demonstrate
information systems security.

On this topic, I wrote a piece in the November 1998 issue of Information
Security Magazine titled 'Challenging Hacker Contests'
<http://www.infosecuritymag.com/nov/newsviews.htm>.

Bruce Schneier followed-up on December 15, 1998 with a similar piece in his
Crypto-Gram newsletter on 'The Fallacy of Cracking Contests'
<http://www.counterpane.com/crypto-gram-9812.html#contests>.

Bruce sums it up when he writes 'The best
products/systems/protocols/algorithms available today have not been the
subjects of any contests, and probably never will be.'

Ben


Ben Rothke, CISSP
Senior Security Consultant
Baltimore Technologies
ben.rothke () baltimore com



-----Original Message-----
From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of
InfoSec News
Sent: Wednesday, December 06, 2000 4:01 PM
To: ISN () SECURITYFOCUS COM
Subject: [ISN] Can hackers crack million-dollar dare?


http://www.zdnet.co.uk/news/2000/48/ns-19507.html

[It pains me to see contests like this one, Company X offers a big
prize to anyone who can crack their software usually in thirty days or
less, and after thirty days, Company X will get their PR ladies to
crank out a glowing press release that the world's best hackers can't
defeat their their company's product, and soon afterward the sales
guys and gals will be fielding calls to buy this super-secure product.

I could see another can of worms opening up should Secure Systems'
software be compromised in the 30 days by say GForce Pakistan and
seeing Mr. Wynn backpedal over having to fork over $10,000 U.S.D. to
charities aligned with Kashmiri rebels or the PLO.  This might be an
interesting contest to watch. -WK]


Rachel Lebihan, ZDNet Australia News
Wed, 06 Dec 2000 09:50:58 GMT

If you're game for a challenge and desperate for money get hacking!

An Australian company, that claims to have developed the ultimate
security-proof system, will soon issue a multi-million dollar dare to
the hacking underworld.

With a 30-day deadline, the challenge to crack Secure Systems' Silicon
Data Vault technology will be issued by 15 December.

"We don't believe any hacker at all will get through the vault,"
Secure Systems chief executive, Mike Wynn, told ZDNet.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".