View previous topic :: View next topic |
Author |
Message |
chris Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777201 Location: ~/security-forums
|
Posted: Wed Oct 09, 2002 5:05 pm Post subject: OpenHack 4: Start Your Hacking Engines |
|
|
Quote: |
eWEEK Labs is preparing to kick off the fourth iteration of its OpenHack online security project, designed to test enterprise security by exposing systems to the real-world rigors of the Web. This year's test focuses on application-level security, an increasingly problem-prone area that, in fact, was the downfall of OpenHacks 1 and 2. Microsoft and Oracle have done their best to hack-proof an application built originally by eWEEK Labs and hosted at a Web site that will go live next week. Have they--and their products--succeeded?
Think you've got the "l33t skillz" to crack it yourself? Find out starting on Oct. 14.
|
Full article here
http://www.eweek.com/category2/1,3960,600431,00.asp
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Tue Nov 19, 2002 2:03 am Post subject: |
|
|
Status update:
Hackers go public with prizes and glory, and jobs, on the line
By Patrick Gray
Openhack, an online hacking competition, ended last Saturday, with an US entrant winning a $US500 prize, but he and others missing even bigger jackpots for being able to break into a software application.
Openhack was established in 1999 by eWeek, an online technology magazine. The idea was simple: put an application online and let everyone in the world hack away at it. The entrant who can best hack into the test system gets the biggest prizemoney.
With the exception of last year's challenge, when $50,000 was up for grabs, every hacker challenge has resulted in prizemoney being awarded. Gibraltar-based security consultant Lluis Mora won the first two challenges.
Mora says he likes entering the competition for the fun of it. "It lets you play with stuff which is usually illegal . . . you can test your skills in the wild with no restrictions," he says. Mora is rumoured to have landed his present job as a result of winning the competition.
With hackers like Mora continually embarrassing vendors who submit their applications to the challenge, it isn't easy to get software companies to participate, but Timothy Dyck, one of the eWeek boffins organising the event, says that once they are in, they work hard to configure their systems as securely as possible; being hacked in public doesn't look good.
From a marketing perspective, Openhack can be a double-edged sword for vendors. For example, during Openhack 3, Argus Systems allowed its Pitbull software to be tested. Over 17 days, not a single entrant could crack the software. Argus promptly whipped up some press releases and marketing material announcing its triumph. over the world's toughest hackers: "Seventeen days, 40,000 challengers, 5.4 million punches and one e-security champion."
It was such a successful stunt that Argus decided to stage a re-match in Hannover, Germany, at the CeBit technology conference in March last year.
A hacker named Bladez by-passed their security in a marathon 30-hour effort. Unfortunately for him, he missed the competition deadline and was not awarded the prizemoney.
Argus did its best to keep it quiet and this time didn't put out any cocky press releases. It still touts its product as unbreakable.
American entrant Jeremy Poteet won the $US500 this year by spotting some basic vulnerabilities in the application under test.
He wasn't able to bypass all the security on the test machines but he did identify the vulnerabilities only two hours and 20 minutes into the competition, which lasts several weeks.
This year the vendors escaped humiliation, but Mora believes the length of the contest is a handicap. Openhack restricts the attack timeframe to less than a month. "In real life there are no timeframes to attacks," he says.
www.openhack.com
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Tue Nov 19, 2002 6:17 am Post subject: |
|
|
Per openhack.com
Quote: |
Saturday, 2002-11-09 0:07: eWEEK OpenHack 4 has ended |
eWEEK's comprehensive report on test findings and test data analysis will be published in print and online on Dec. 2, 2002.
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Tue Nov 19, 2002 2:36 pm Post subject: |
|
|
fastlanwan wrote: |
eWEEK's comprehensive report on test findings and test data analysis will be published in print and online on Dec. 2, 2002. |
I am looking forward to reading it. Does anyone know of any new vulnerabilities that were discovered as a result of openhack?
I suppose that will highlight all that in the report anyway.
J
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Tue Nov 19, 2002 2:41 pm Post subject: |
|
|
Quote: |
If you are the Austrian-based hacker who has been trying to get into the Oracle box, we are impressed with your efforts. Could you e-mail timothy_dyck@ziffdavis.com so I could interview you? |
It seems Oracle had some issue's per openhack.com?
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Tue Nov 19, 2002 2:49 pm Post subject: |
|
|
fastlanwan wrote: |
It seems Oracle had some issue's per openhack.com? |
Errr...duh, it was an Oracle application LOL
No one got anywhere really though, biggest prize awarded is $500 and the top dogs is $50,000..
So no one really exposed anything major.
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Tue Nov 19, 2002 2:52 pm Post subject: |
|
|
fastlanwan wrote: |
It seems Oracle had some issue's per openhack.com? |
It could be. It could be he was the most varied attacker, or tried stuff others did not think of.
Or, they thought he was good and oracle want to offer him a job!
J
|
|
Back to top |
|
|
|