OpenHack 4: Start Your Hacking Engines

Networking/Security Forums -> Exploits // System Weaknesses

Author: chrisLocation: ~/security-forums PostPosted: Wed Oct 09, 2002 5:05 pm    Post subject: OpenHack 4: Start Your Hacking Engines
    ----
Quote:

eWEEK Labs is preparing to kick off the fourth iteration of its OpenHack online security project, designed to test enterprise security by exposing systems to the real-world rigors of the Web. This year's test focuses on application-level security, an increasingly problem-prone area that, in fact, was the downfall of OpenHacks 1 and 2. Microsoft and Oracle have done their best to hack-proof an application built originally by eWEEK Labs and hosted at a Web site that will go live next week. Have they--and their products--succeeded?

Think you've got the "l33t skillz" to crack it yourself? Find out starting on Oct. 14.


Full article here

http://www.eweek.com/category2/1,3960,600431,00.asp

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Wed Oct 09, 2002 5:11 pm    Post subject:
    ----
I'm still having fun at http://www.hackerslab.org/eorg/

Pretty tough stuff, takes some time to get through it Smile

We got about 200 hits when I posted the URL in http://level1.hackerslab.org/ LOL

Author: Jason PostPosted: Tue Nov 19, 2002 2:03 am    Post subject:
    ----
Status update:

Hackers go public with prizes and glory, and jobs, on the line
By Patrick Gray

Openhack, an online hacking competition, ended last Saturday, with an US entrant winning a $US500 prize, but he and others missing even bigger jackpots for being able to break into a software application.

Openhack was established in 1999 by eWeek, an online technology magazine. The idea was simple: put an application online and let everyone in the world hack away at it. The entrant who can best hack into the test system gets the biggest prizemoney.

With the exception of last year's challenge, when $50,000 was up for grabs, every hacker challenge has resulted in prizemoney being awarded. Gibraltar-based security consultant Lluis Mora won the first two challenges.

Mora says he likes entering the competition for the fun of it. "It lets you play with stuff which is usually illegal . . . you can test your skills in the wild with no restrictions," he says. Mora is rumoured to have landed his present job as a result of winning the competition.

With hackers like Mora continually embarrassing vendors who submit their applications to the challenge, it isn't easy to get software companies to participate, but Timothy Dyck, one of the eWeek boffins organising the event, says that once they are in, they work hard to configure their systems as securely as possible; being hacked in public doesn't look good.

From a marketing perspective, Openhack can be a double-edged sword for vendors. For example, during Openhack 3, Argus Systems allowed its Pitbull software to be tested. Over 17 days, not a single entrant could crack the software. Argus promptly whipped up some press releases and marketing material announcing its triumph. over the world's toughest hackers: "Seventeen days, 40,000 challengers, 5.4 million punches and one e-security champion."

It was such a successful stunt that Argus decided to stage a re-match in Hannover, Germany, at the CeBit technology conference in March last year.

A hacker named Bladez by-passed their security in a marathon 30-hour effort. Unfortunately for him, he missed the competition deadline and was not awarded the prizemoney.

Argus did its best to keep it quiet and this time didn't put out any cocky press releases. It still touts its product as unbreakable.

American entrant Jeremy Poteet won the $US500 this year by spotting some basic vulnerabilities in the application under test.

He wasn't able to bypass all the security on the test machines but he did identify the vulnerabilities only two hours and 20 minutes into the competition, which lasts several weeks.

This year the vendors escaped humiliation, but Mora believes the length of the contest is a handicap. Openhack restricts the attack timeframe to less than a month. "In real life there are no timeframes to attacks," he says.

www.openhack.com

Author: flwLocation: U.S.A. PostPosted: Tue Nov 19, 2002 6:17 am    Post subject:
    ----
Per openhack.com
Quote:
Saturday, 2002-11-09 0:07: eWEEK OpenHack 4 has ended


eWEEK's comprehensive report on test findings and test data analysis will be published in print and online on Dec. 2, 2002.

Author: Jason PostPosted: Tue Nov 19, 2002 2:36 pm    Post subject:
    ----
fastlanwan wrote:

eWEEK's comprehensive report on test findings and test data analysis will be published in print and online on Dec. 2, 2002.


I am looking forward to reading it. Does anyone know of any new vulnerabilities that were discovered as a result of openhack?

I suppose that will highlight all that in the report anyway.

J

Author: flwLocation: U.S.A. PostPosted: Tue Nov 19, 2002 2:41 pm    Post subject:
    ----
Quote:
If you are the Austrian-based hacker who has been trying to get into the Oracle box, we are impressed with your efforts. Could you e-mail timothy_dyck@ziffdavis.com so I could interview you?


It seems Oracle had some issue's per openhack.com?

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Nov 19, 2002 2:49 pm    Post subject:
    ----
fastlanwan wrote:

It seems Oracle had some issue's per openhack.com?


Errr...duh, it was an Oracle application LOL

No one got anywhere really though, biggest prize awarded is $500 and the top dogs is $50,000..

So no one really exposed anything major.

Author: Jason PostPosted: Tue Nov 19, 2002 2:52 pm    Post subject:
    ----
fastlanwan wrote:
It seems Oracle had some issue's per openhack.com?


It could be. It could be he was the most varied attacker, or tried stuff others did not think of.

Or, they thought he was good and oracle want to offer him a job!

J



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group