Vulnerability Development mailing list archives
Re: Cons and Security Validation
From: Crispin Cowan <crispin () WIREX COM>
Date: Tue, 6 Feb 2001 23:57:57 -0800
Greg KH wrote:
Me sitting on an exploit doesn't serve anybody. So far I really like the work going into the Immunix project. I'd hate to see you guys pull what some would see as a marketing scam. Don't get me wrong.. nothing wrong with having your box as a target in CTF... what would be wrong would be Immunix later saying it's secure based on lack of a breakin during CTF.We wouldn't do that (or if we do, we _deserve_ ridicule). It'd just be fun to put our box up as a target in CTF.
Actually, we are looking for more than fun. We need some external validation. For that, satisfying my prejudices is not a sufficient condition (although in practice, it is a necessary condition :-)
Although your hack.immunix.org suggestion is a good idea, Crispin used to have a "secret" on the immunix.org server for anyone to try to report. Have to check to see if it's still there...
That was gauntlet.cse.ogi.edu. It wasn't exactly a secret, as I announced it during a StackGuard talk at LinuxExpo (Raleigh) in 1999, and mentioned it on line from time to time for a while after. After four months with zero contacts, we took it down and put the machine to other uses. No prize was offered (other than props :-) as it was an academic exercise, hence the .edu address. The lack of response to this challenge is part of why I'm skeptical of on-line hack-me contests. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Cons and Security Validation Crispin Cowan (Feb 06)
- Re: Cons and Security Validation Andrew R. Reiter (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Pavel Slavin (Feb 07)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 06)
- Re: Cons and Security Validation Greg KH (Feb 06)
- Re: Cons and Security Validation Blue Boar (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Dan Kaminsky (Feb 07)
- Re: Cons and Security Validation Matt Barringer (Feb 07)
- Re: Cons and Security Validation H D Moore (Feb 08)
- Re: Cons and Security Validation Crispin Cowan (Feb 10)
- Re: Cons and Security Validation Greg KH (Feb 06)
- Re: Cons and Security Validation Andrew R. Reiter (Feb 06)
- Re: Cons and Security Validation Crispin Cowan (Feb 07)
- Re: Cons and Security Validation Robert A. Seace (Feb 07)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Michel Kaempf (Feb 08)
- Re: Cons and Security Validation Blue Boar (Feb 08)
- Re: Cons and Security Validation Pavel Kankovsky (Feb 13)