H a c k e r N e w s N e t w o r k

Defaced Pages Archive

HNN Affiliates

Affiliate Resources

I Want My HNN

Write For HNN

HNN Privacy Statement

Who Is HNN?











        




























HNN T-Shirts


T-Shirt Picture Gallery


HNN SETI@Home Team


HNN News Archive






















Freedom of the press is limited to those who own one.

   - A.J. Liebling



 











	

 
	
	







The Hacker Challenge





By: Qubik (qubik@bikkel.com)



You have probably read about them and some of you may have even
participated in one or two. Hacker challenges; where your asked to bypass 
the latest security measure implemented into technology which is already,
prior to testing, dubbed as the latest in computer protection.
But for what in return? Most challenges offer a reward of some sorts, a
reward which is more often than not, a five or six figure with a dollar
sign placed neatly at the beginning.


So just what is the deal with these challenges? What purpose do they
really serve and are they just marketing ploys?


I'd like you to imagine for a moment that you're an administrator of a
small corporate network. It's not the most exciting of jobs, and you don't
have time to keep up with the latest going ons in the security scene. Your
network has been attacked a few times before, and you start to think about
upgrading your security. So where do you start?


Where else would you start, but the internet? It's the worlds largest   
resource, and every good company dealing with network security, is bound  
to be on the internet somewhere. So you use a search engine or two and you
come across a web site for a new state of the art firewall, who's
manufacturers claim it resisted every hacker that attempted to hack it at
a recent hacker convention. Your amazed, surely their high price tag is
nothing for complete security!?


Only what if it is all a clever ploy, haven't you got to ask yourself just
how many people actually tried to hack into that particular piece of
software? Haven't you got to look into the reputation of the manufacturer?
Of course you do! To be sure, you've got to ask for the cold hard facts,
not the marketing babble!


There are serious flaws in many hacker challenges, not the least being
that most 'real' hackers only hear about them after they've finished. This
makes you wonder just who took part, and how they found out about it.


It's not uncommon for hackers and security analysts to earn wages in
excess of six figures, and to earn such wages, you've got to be either
very lucky, or very busy. So what's your guarantee that a hacker who
actually knows what he is doing, actually took the time out to earn a,
comparatively, small ten thousand? You have no guarantee at all, why on
earth should he or she bother?


Next ask yourself whether real hackers would want to find all those bugs
in that new technological innovation. Surely their only going to end up
making their job, of hacking, harder by pointing them out?


However, A low level source code analysis of a piece of software or a
close look at hardware by reputable third party security analysis company
will delay product ship times and cost a lot more than setting up a hacker
challenge. Not to mention that it has nowhere near the same marketing
punch. Display your product at an upcoming convention and let people bang
on it for a weekend and then claim "Product X survives Hacker Challenge."
Makes a great press release.


It all seems rather corrupt, with companies hiding the truth and rubbing
their hands at the millions they make. A ten thousand dollar reward seems
rather pathetic, when your earning ten times that kind of money. Surely
these companies know this, are they in fact attempting to social engineer
the hackers or maybe worse their customers?


But it's not all like that, there are plenty of genuine challenges out   
there. Some have been set up to test software and, now more and more,  
hardware, others testing entire networks. For example, recently the Quebec
government is enlisting the aid of hackers to test its networks and to
research new ways of protecting those networks.


So what can we say about hacker challenges? Do they really prove how
secure a product is? I don't think so, the fact that most aren't
officially announced to the hacker public and that they are often
deliberately misinterpret, doesn't give a good impression. But then,
who should a company go to? It's not the easiest of tasks in the world,
to announce  such a challenge.


Hack at your own discretion, don't be afraid to take part in a hacker
challenge, but don't take the word of the manufacturer, when they say it's
secure, just because a few passers by a convention typed a few keys on a
keyboard. There will always be flaws in hardware and software, it's up to
us to the true hacker to find and fix them, whether we do it for the  
companies maketing campaign, or for personal gratification.






        		



	
	
	







buffer overflow







HNN Store








c o n s

a b o u t

p r e s s

s u b m i t

s e a r c h

c o n t a c t









Recent News





Privacy Labeled Antisocial by
DOJ

Cable+Wireless Compromised

Virus Hits Marines

UK Gov. A Menance

Jam Echelon

MTV Called Inexcusable

Amazon Crypto Challenge












Translate




French

German

Italian

Portuguese

Spanish

















	
Today
Yesterday
11/01/99
10/31/99
10/30/99
10/29/99
10/28/99
10/27/99

	
			


 






 

	

 





          




        
	
 
	

         












These pages are Copyright © 1999
Hacker News Network All Rights Reserved.