Vulnerability Development mailing list archives
Re: Cons and Security Validation
From: Greg KH <greg () WIREX COM>
Date: Tue, 6 Feb 2001 23:19:52 -0800
On Tue, Feb 06, 2001 at 09:15:17PM -0800, Blue Boar wrote:
I get really annoyed by hacking contests that are only for a few days or a week. I want to play, but I rarely have time at the moment of the contest. The prize amount isn't a factor for me for whether I'll participate or not. If I really want a prize, I'll get my own copy of Pitbull or Immunix, run it on a lab machine, and develop a private exploit. Then I'll sit on the exploit until contest time.
I can't speak for Crispin here, but all of the technical staff at WireX are very against hack contests, Crispin being one of the leading opponents of them. That's not what he's talking about here.
Me sitting on an exploit doesn't serve anybody. So far I really like the work going into the Immunix project. I'd hate to see you guys pull what some would see as a marketing scam. Don't get me wrong.. nothing wrong with having your box as a target in CTF... what would be wrong would be Immunix later saying it's secure based on lack of a breakin during CTF.
We wouldn't do that (or if we do, we _deserve_ ridicule). It'd just be fun to put our box up as a target in CTF. Give us an opportunity to see creative things that we didn't think of. Give us new ideas for things to do to make Linux more secure. And have fun while doing it, interacting with people who take breaking boxes seriously. It's also nice to get out of the office and go to a nice conference. Although your hack.immunix.org suggestion is a good idea, Crispin used to have a "secret" on the immunix.org server for anyone to try to report. Have to check to see if it's still there... thanks, greg k-h -- greg@(kroah|wirex).com http://immunix.org/~greg
Current thread:
- Cons and Security Validation Crispin Cowan (Feb 06)
- Re: Cons and Security Validation Andrew R. Reiter (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Pavel Slavin (Feb 07)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 06)
- Re: Cons and Security Validation Greg KH (Feb 06)
- Re: Cons and Security Validation Blue Boar (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Dan Kaminsky (Feb 07)
- Re: Cons and Security Validation Matt Barringer (Feb 07)
- Re: Cons and Security Validation H D Moore (Feb 08)
- Re: Cons and Security Validation Crispin Cowan (Feb 10)
- Re: Cons and Security Validation Greg KH (Feb 06)
- Re: Cons and Security Validation Andrew R. Reiter (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Robert A. Seace (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Michel Kaempf (Feb 08)