WebApp Sec mailing list archives
Re: eWeek OpenHack challenge
From: "Kevin Spett" <kspett () spidynamics com>
Date: Wed, 23 Oct 2002 15:55:31 -0400
What are you talking about? Check out ftp://ftp.eweek.com/pub/eweek/pdf/printpub/19/41p38.pdf. There are *ten* Unix hosts on the OpenHack network, including Linux webservers, database servers and OpenBSD nameservers, mailserver and firewalls. Secondly, the focus of this is the web application layer. We're not talking about kernel hacking here. The underlying operating system is largely (yes, there are minor exceptions) irrelevent. Just look at the kind of things they expect people to try-- SQL injection, cross-site scripting, etc. A poorly designed web application is breakable regardless of what's running underneath it. Also, if the competition is "baseless" and "irrelevent", it's simply because of the unbelievably ridiculous amount of care that went into the security preparations. There are probably only a handful of web applications in the world that got the security treatment that this thing did. The only way in is probably through 0-day holes, and no one's wasting precious 0-day style on OpenHack, where they'd find out what the issue was and patch it? Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Bryce Porter" <bryce () thewebcircuit com> To: "David Wong" <david.wong () foundstone com> Cc: <webappsec () securityfocus com> Sent: Tuesday, October 22, 2002 6:02 PM Subject: Re: eWeek OpenHack challenge
this is a joke. they are so narrow in presenting this and they fail to realize that the majority of web used in commercial applications run on
some
kind of Unix variant like Linux, HP-UX, AIX or some BSD. making a contest that applies to the minority of commercial applications is pretty shallow and baseless in my opinion. ----- Original Message ----- From: "David Wong" <david.wong () foundstone com> To: <webappsec () securityfocus com> Sent: Monday, October 21, 2002 12:27 AM Subject: eWeek OpenHack challengeeWeek is starting the 4th iteration openhack (http://www.openhack.com) contest this week (http://www.eweek.com/category2/1,3960,600431,00.asp) This year, it's focused on application security. Comments?
Current thread:
- eWeek OpenHack challenge David Wong (Oct 20)
- Re: eWeek OpenHack challenge Mark Curphey (Oct 22)
- Re: eWeek OpenHack challenge Bryce Porter (Oct 23)
- Re: eWeek OpenHack challenge Kevin Spett (Oct 23)
- Re: eWeek OpenHack challenge Vasiliy Boulytchev (Oct 23)
- <Possible follow-ups>
- RE: eWeek OpenHack challenge David Wong (Oct 23)
- RE: eWeek OpenHack challenge Dave Aitel (Oct 23)
- Re: eWeek OpenHack challenge Marty Block (Oct 23)
- RE: eWeek OpenHack challenge Bill Martin (Oct 24)
- Re: eWeek OpenHack challenge Kevin Spett (Oct 24)