One Million Reasons to Hack a System

Are you ready for another hacking contest? Various organizations have held hacking contests in the past, some with prize incentives and some without. In 1999, Microsoft hosted a contest to break into Windows 2000, and this year, the company launched another contest to hack the new Windows XP OS. Neither contest offered prizes for winners. To counter Microsoft's Win2K contest, the PowerPC Linux Project (LinuxPPC) launched its own hacking contest in 1999; the winner got to keep the LinuxPPC server that hosted the contest.

In January 2001, the Honeynet Project hosted a forensic challenge to see who could determine how a hacker broke in to a system by examining the supplied forensics data. The prize for successful detectives was a copy of the great book, "Hacking Exposed." And just last week, Argus Systems launched a challenge to see who could break into its PitBull security product. The company offered $30,000 to the winner, and a group of Polish hackers took the prize quickly. See the related news item in the SECURITY ROUNDUP section below.

Thirty thousand dollars is a lot of money, especially when the winners earned it by hacking into one system over the course of a few days. On the other hand, Argus gained incredibly useful insight about how its product and the system it runs on might be vulnerable to attack. So the money is well spent in my opinion.

This week, I learned about a new contest that takes prize offerings to an entirely new level. All you have to do is break the security of Saafnet's upcoming AlphaShield 2000 product—and win a cool $1 million cash.

AlphaShield 2000 is Saafnet's soon-to-be-released $149 USB add-on that introduces security by virtually disconnecting the system from the Internet while the user isn't actively receiving data. The product targets home users and small-business networks. The technology's premise is that without an active virtual connection, an intruder can't reach the system. Sounds interesting.

Each time someone launches a hacking challenge, I never wonder whether someone will win the challenge; I wonder how much time it will take. Information security technologies have never been 100 percent unbreakable for various reasons, so it stands to reason that someone will eventually win any security hacking challenge. And even though Saafnet's technology sounds strong, it's unproven; I tend to think a chink exists in the armor somewhere. We'll have to wait and see. But even if no one wins the million-dollar prize money, we should still err on safety's side and assume that the technology has a chink somewhere.

I'm not sure when Saafnet "http://www.saafnet.com" will officially launch the challenge, but I'll let you know when I hear about a launch date. Until next time, have a great week.

Are you ready for another hacking contest? Various organizations have held hacking contests in the past, some with prize incentives and some without. In 1999, Microsoft hosted a contest to break into Windows 2000, and this year, the company launched another contest to hack the new Windows XP OS. Neither contest offered prizes for winners. To counter Microsoft's Win2K contest, the PowerPC Linux Project (LinuxPPC) launched its own hacking contest in 1999; the winner got to keep the LinuxPPC server that hosted the contest.

In January 2001, the Honeynet Project hosted a forensic challenge to see who could determine how a hacker broke in to a system by examining the supplied forensics data. The prize for successful detectives was a copy of the great book, "Hacking Exposed." And just last week, Argus Systems launched a challenge to see who could break into its PitBull security product. The company offered $30,000 to the winner, and a group of Polish hackers took the prize quickly. See the related news item in the SECURITY ROUNDUP section below.

Thirty thousand dollars is a lot of money, especially when the winners earned it by hacking into one system over the course of a few days. On the other hand, Argus gained incredibly useful insight about how its product and the system it runs on might be vulnerable to attack. So the money is well spent in my opinion.

This week, I learned about a new contest that takes prize offerings to an entirely new level. All you have to do is break the security of Saafnet's upcoming AlphaShield 2000 product—and win a cool $1 million cash.

AlphaShield 2000 is Saafnet's soon-to-be-released $149 USB add-on that introduces security by virtually disconnecting the system from the Internet while the user isn't actively receiving data. The product targets home users and small-business networks. The technology's premise is that without an active virtual connection, an intruder can't reach the system. Sounds interesting.

Each time someone launches a hacking challenge, I never wonder whether someone will win the challenge; I wonder how much time it will take. Information security technologies have never been 100 percent unbreakable for various reasons, so it stands to reason that someone will eventually win any security hacking challenge. And even though Saafnet's technology sounds strong, it's unproven; I tend to think a chink exists in the armor somewhere. We'll have to wait and see. But even if no one wins the million-dollar prize money, we should still err on safety's side and assume that the technology has a chink somewhere.

I'm not sure when Saafnet will officially launch the challenge, but I'll let you know when I hear about a launch date. Until next time, have a great week.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish