• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

OpenHack 4: Start Your Hacking Engines

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Wed Oct 09, 2002 5:05 pm    Post subject: OpenHack 4: Start Your Hacking Engines Reply with quote

Quote:

eWEEK Labs is preparing to kick off the fourth iteration of its OpenHack online security project, designed to test enterprise security by exposing systems to the real-world rigors of the Web. This year's test focuses on application-level security, an increasingly problem-prone area that, in fact, was the downfall of OpenHacks 1 and 2. Microsoft and Oracle have done their best to hack-proof an application built originally by eWEEK Labs and hosted at a Web site that will go live next week. Have they--and their products--succeeded?

Think you've got the "l33t skillz" to crack it yourself? Find out starting on Oct. 14.


Full article here

http://www.eweek.com/category2/1,3960,600431,00.asp
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Wed Oct 09, 2002 5:11 pm    Post subject: Reply with quote

I'm still having fun at http://www.hackerslab.org/eorg/

Pretty tough stuff, takes some time to get through it Smile

We got about 200 hits when I posted the URL in http://level1.hackerslab.org/ LOL
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Nov 19, 2002 2:03 am    Post subject: Reply with quote

Status update:

Hackers go public with prizes and glory, and jobs, on the line
By Patrick Gray

Openhack, an online hacking competition, ended last Saturday, with an US entrant winning a $US500 prize, but he and others missing even bigger jackpots for being able to break into a software application.

Openhack was established in 1999 by eWeek, an online technology magazine. The idea was simple: put an application online and let everyone in the world hack away at it. The entrant who can best hack into the test system gets the biggest prizemoney.

With the exception of last year's challenge, when $50,000 was up for grabs, every hacker challenge has resulted in prizemoney being awarded. Gibraltar-based security consultant Lluis Mora won the first two challenges.

Mora says he likes entering the competition for the fun of it. "It lets you play with stuff which is usually illegal . . . you can test your skills in the wild with no restrictions," he says. Mora is rumoured to have landed his present job as a result of winning the competition.

With hackers like Mora continually embarrassing vendors who submit their applications to the challenge, it isn't easy to get software companies to participate, but Timothy Dyck, one of the eWeek boffins organising the event, says that once they are in, they work hard to configure their systems as securely as possible; being hacked in public doesn't look good.

From a marketing perspective, Openhack can be a double-edged sword for vendors. For example, during Openhack 3, Argus Systems allowed its Pitbull software to be tested. Over 17 days, not a single entrant could crack the software. Argus promptly whipped up some press releases and marketing material announcing its triumph. over the world's toughest hackers: "Seventeen days, 40,000 challengers, 5.4 million punches and one e-security champion."

It was such a successful stunt that Argus decided to stage a re-match in Hannover, Germany, at the CeBit technology conference in March last year.

A hacker named Bladez by-passed their security in a marathon 30-hour effort. Unfortunately for him, he missed the competition deadline and was not awarded the prizemoney.

Argus did its best to keep it quiet and this time didn't put out any cocky press releases. It still touts its product as unbreakable.

American entrant Jeremy Poteet won the $US500 this year by spotting some basic vulnerabilities in the application under test.

He wasn't able to bypass all the security on the test machines but he did identify the vulnerabilities only two hours and 20 minutes into the competition, which lasts several weeks.

This year the vendors escaped humiliation, but Mora believes the length of the contest is a handicap. Openhack restricts the attack timeframe to less than a month. "In real life there are no timeframes to attacks," he says.

www.openhack.com
Back to top
View user's profile Send private message Send e-mail
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Tue Nov 19, 2002 6:17 am    Post subject: Reply with quote

Per openhack.com
Quote:
Saturday, 2002-11-09 0:07: eWEEK OpenHack 4 has ended


eWEEK's comprehensive report on test findings and test data analysis will be published in print and online on Dec. 2, 2002.
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Nov 19, 2002 2:36 pm    Post subject: Reply with quote

fastlanwan wrote:

eWEEK's comprehensive report on test findings and test data analysis will be published in print and online on Dec. 2, 2002.


I am looking forward to reading it. Does anyone know of any new vulnerabilities that were discovered as a result of openhack?

I suppose that will highlight all that in the report anyway.

J
Back to top
View user's profile Send private message Send e-mail
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Tue Nov 19, 2002 2:41 pm    Post subject: Reply with quote

Quote:
If you are the Austrian-based hacker who has been trying to get into the Oracle box, we are impressed with your efforts. Could you e-mail timothy_dyck@ziffdavis.com so I could interview you?


It seems Oracle had some issue's per openhack.com?
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Nov 19, 2002 2:49 pm    Post subject: Reply with quote

fastlanwan wrote:

It seems Oracle had some issue's per openhack.com?


Errr...duh, it was an Oracle application LOL

No one got anywhere really though, biggest prize awarded is $500 and the top dogs is $50,000..

So no one really exposed anything major.
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Tue Nov 19, 2002 2:52 pm    Post subject: Reply with quote

fastlanwan wrote:
It seems Oracle had some issue's per openhack.com?


It could be. It could be he was the most varied attacker, or tried stuff others did not think of.

Or, they thought he was good and oracle want to offer him a job!

J
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register