IT Security through contests, sponsored by Pepsi

[InfoSec News <alerts () infosecnews org>]

http://www.theinquirer.net/default.aspx?article=33496

By Doug Mohney
05 August 2006

ORGANISING contests has become the latest thing for US government 
projects, judging from the last information pouring out from Las Vegas 
at BlackHat and DEFCON.

BlackHat is described as a "security conference", and seems to be 
qualified as such because people register under their own identities 
and typically use a credit card or purchase order to pay large sums of 
money for a couple of days of training. DEFCON is a "hacker's event" 
where people aren't required to do anything other than shell out $100 
and not light the aging conference venue (The Riviera Hotel) on fire 
with some stupid stunt.

At BlackHat, the Department of Defense Cyber Crime Institute had a
tabletop display pumping the DC3 Digital Forensics Challenge, here [1].  
The challenge invites the digital forensics community to "pioneer new
investigative tools, techniques and methodologies." Each participant
or team will receive several challenges dealing with the extraction or
recovery of data, including such fun sports as steganography, password
cracking, image analysis, media repair and recovery, data carving, and
data recreation/extraction.

Participants must be US citizens, living within the continental US to 
participate, a fact that will likely annoy anyone in Alaska or Hawaii. 
Teams may consist of no more than four members and individuals may 
only participate on one team. Scoring of the challenges will be based 
on the number of challenges completed and the time taken to complete 
the challenge(s). The winning team will be awarded an all-expense-paid 
trip to the 2007 Defense Cyber crime Conference in St. Louis Missouri 
and a plaque and a pat on the back at the conference. It's a bit of a 
cheap award considering they've got a reward of $25 million on info 
leading to Bin Laden.

Over at DEFCON, results for the National Collegiate Cyber Defense 
Competition (CCDC) were being reported. Five colleges participated, 
including Millersville University, Southern Illinois University, 
University of North Carolina - Charlotte, and University of Texas, San 
Antonio, plus a team from one of the U.S. military academies. 
UNC-Charlotte won the contest, which consisted of a team "inheriting" 
an operational small LAN with lots of business applications. Teams had 
to keep the network running while finding the "holes" in it and 
patching them before a private industry "Red Team" takes them down. To 
keep things interesting, various "business injects" - that is what the 
boss wants done yesterday - such as password/user ID updates and new 
applications are also thrown into the mix. Since the sponsoring 
organisation, the San Antonio-based Center for Information Assurance 
and Security (CIAS), is a grant-based organisation, it receives some 
support from the Department of Homeland Security. Like most 
grant-based organisations, that's barely enough to pay the bills, so 
further support for the CCDC had to come from private industry in the 
form of hardware, software, or cash. Among the non-geek sponsors were 
Pepsi, Kentucky Fried Chicken and Taco Bell. µ

[1] http://www.dc3.mil/challenge


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org