The Hacker Challenge (qubik)
01e62aa755b70416fc189669619e9dc6ea2667e1d85012dae2c5015461f2edf7<HTML>
<HEAD><TITLE>Hacker Scene</TITLE>
</HEAD>
<BODY BGCOLOR="#000000" TEXT="#FFFFFF" LINK="#FF0000" VLINK="#C0C0C0" ALINK="#FF0000">
<pre>
The Hacker Challenge
By: Qubik (qubik@bikkel.com)
You have probably read about them and some of you may have even participated in one or two. Hacker
challenges; where your asked to bypass the latest security measure implemented into technology which
is already, prior to testing, dubbed as the latest in computer protection. But for what in return?
Most challenges offer a reward of some sorts, a reward which is more often than not, a five or six
figure with a dollar sign placed neatly at the beginning.
So just what is the deal with these challenges? What purpose do they really serve and are they just
marketing ploys?
I'd like you to imagine for a moment that you're an administrator of a small corporate network. It's
not the most exciting of jobs, and you don't have time to keep up with the latest going ons in the
security scene. Your network has been attacked a few times before, and you start to think about
upgrading your security. So where do you start?
Where else would you start, but the internet? It's the worlds largest resource, and every good
company dealing with network security, is bound to be on the internet somewhere. So you use a search
engine or two and you come across a web site for a new state of the art firewall, who's
manufacturers claim it resisted every hacker that attempted to hack it at a recent hacker
convention. Your amazed, surely their high price tag is nothing for complete security!?
Only what if it is all a clever ploy, haven't you got to ask yourself just how many people actually
tried to hack into that particular piece of software? Haven't you got to look into the reputation of
the manufacturer? Of course you do! To be sure, you've got to ask for the cold hard facts, not the
marketing babble!
There are serious flaws in many hacker challenges, not the least being that most 'real' hackers only
hear about them after they've finished. This makes you wonder just who took part, and how they found
out about it.
It's not uncommon for hackers and security analysts to earn wages in excess of six figures, and to
earn such wages, you've got to be either very lucky, or very busy. So what's your guarantee that a
hacker who actually knows what he is doing, actually took the time out to earn a, comparatively,
small ten thousand? You have no guarantee at all, why on earth should he or she bother?
Next ask yourself whether real hackers would want to find all those bugs in that new technological
innovation. Surely their only going to end up making their job, of hacking, harder by pointing them
out?
However, A low level source code analysis of a piece of software or a close look at hardware by
reputable third party security analysis company will delay product ship times and cost a lot more
than setting up a hacker challenge. Not to mention that it has nowhere near the same marketing
punch. Display your product at an upcoming convention and let people bang on it for a weekend and
then claim "Product X survives Hacker Challenge." Makes a great press release.
It all seems rather corrupt, with companies hiding the truth and rubbing their hands at the millions
they make. A ten thousand dollar reward seems rather pathetic, when your earning ten times that kind
of money. Surely these companies know this, are they in fact attempting to social engineer the
hackers or maybe worse their customers?
But it's not all like that, there are plenty of genuine challenges out there. Some have been set up
to test software and, now more and more, hardware, others testing entire networks. For example,
recently the Quebec government is enlisting the aid of hackers to test its networks and to research
new ways of protecting those networks.
So what can we say about hacker challenges? Do they really prove how secure a product is? I don't
think so, the fact that most aren't officially announced to the hacker public and that they are
often deliberately misinterpret, doesn't give a good impression. But then, who should a company go
to? It's not the easiest of tasks in the world, to announce such a challenge.
Hack at your own discretion, don't be afraid to take part in a hacker challenge, but don't take the
word of the manufacturer, when they say it's secure, just because a few passers by a convention
typed a few keys on a keyboard. There will always be flaws in hardware and software, it's up to us
to the true hacker to find and fix them, whether we do it for the companies maketing campaign, or
for personal gratification.
</pre>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed