Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet Security Industry News

Hacking contest promotes security

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

August 6, 2003

The U.S. government continues to talk tough on computer crime, but here in the desert, hackers--including some from federal agencies--are learning about defending networks by breaking into computers. The exercise is part of a Capture the Flag-like game that's known as Root Fu.

The annual contest pits eight teams at the DefCon conference against each other in a test of network defense and hacking skills. Each team has to defend its own server and applications while trying to break into the servers of the seven other teams. This sort of adversarial testing shows what is possible--and not--with security," said Crispin Cowan, chief scientist at Linux security seller Immunix and the leader of the Immunix team. "We value this competition, because we think it is a better evaluation of security than common criteria."

Such comments conflict with tough talk from top-level U.S. officials who still look at hackers as a threat. Laws such as the Digital Millennium Copyright Act and the Cybersecurity Enhancement Act have focused on punishing hackers. But knowledgeable security experts see practicing such skills through Root Fu-like challenges as a necessary way to improve security. "The reality is that you may have hostility at a high level, but the people who know their stuff decided to come," said Adam Shostack, chief technology officer for security start-up Informed Security.

Each team had to run five Web services on a variant of Unix known as BSD. The services consisted of the music streaming application IceCast, a Web news portal based on Slashcode, two ads, and a multiuser text-based role-playing game known as FurryMuck. Each team accumulated points for having the applications available.

The longer a service was up, the more points its supervising team won. However, each team lost points if a service it was running became compromised. Ghettohackers, the group of hackers who created and officiated the game, focused on making the competition a good measure of offensive and defensive security skills. Late Saturday, the Immunix team retained a large lead, but another team named Anomaly caught up to win the competition on Sunday.

Alan Harper, a security engineer with the Defense Information Systems Agency (DISA), thought that competitions like Root Fu could help others understand that all hacking isn't bad. "There is an understanding, more and more, of ethical hacking," he said. "The technique is the same, but the intent is different. It's not something that we have to hide from our peers at work."

Root Fu--a hackerish name that derived from the superuser's name on Unix systems, root, and the final syllable of kung fu--may have also settled a long-debated point, Immunix's Cowan said: whether hackers make the best defenders. "The offensive attackers have been doing the best code auditing," he said. "They attack, find the holes and then tell the defenders on the team."

The experience underscores that knowing how to attack systems is a critical skill in learning how to defend them. Others have maintained that you can't trust hackers, but Cowan stressed that it's all about the ethics of the hacker. "Hacking tools should not be illegal, but if I use them to break into your computer, then I'm a criminal," he said.

Story by Robert Lemos
Source: C-Net News


Save Internet Security.ca's URL to the list of your favorite web sites
in your Web browser by clicking here.

Back to the top of the page.         
Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer