Competition to "reverse engineer" mystery program

[InfoSec News <isn () c4i org>]

http://www.newscientist.com/news/news.jsp?id=ns99992250

Will Knight
17:21 03 May 02 
NewScientist.com news service 
  
Programmers the world over will next week have the chance to "reverse
engineer" a mysterious and malicious computer program. They must
determine its intentions and test their programming skills.

The idea is to simulate the crises network administrators face
whenever a rogue program, also known as a Trojan or zombie, is
uploaded into a computer system by an intruder. These programs are
designed to capture passwords or probe the system for further
weaknesses on the intruder's behalf. An administrator must work out
what the program does, but without seeing the source code used to
build it.

"In specific cases, you may encounter something you don't recognise,"  
says Job de Haas, managing director of Dutch company ITSX Security,
and one of the competition's judges. "It is important that you can get
a feeling for the extent of the compromise and how serious it is."

Back to the source

The program will be released next week at the link below, but no
further information will be provided, not even the language it was
written in. Competitors must not only determine the purpose of the
program but also figure out ways it could be stopped in its tracks.  
They will even be asked to guess what kind of person wrote the
program. A panel of judges will mark all the entries.

The Reverse Challenge is the brainchild of a consortium of computer
researchers from different companies and universities known as the
Honeypot Project.

Reverse engineering involves effectively going backwards through the
process of building a computer program. Some programming tools will
help with this task but, says De Haas, the process also requires good
programming skills.

"It's been a very secluded skill that has become more and more
mainstream," he says. "An explosion of these [hacking] tools will make
this a very needed skill for people in this field."

Ian Brown, a computer security researcher at University College
London, says this skill is useful for combating all sorts of malicious
programs, including computer viruses and worms. "When a new virus,
Trojan or zombie is discovered in the wild, its mode of operation, and
hence how to defeat it, can be derived without the need for its source
code," he explains.

But programmers will be competing for more than just kudos. They can
win computer security books and entry to the Black Hat Briefings, a US
computer security conference. The Honeypot Project has in the past
organised competitions requiring competitors to analyse a computer
system after a simulated break-in.
 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.