[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed May 18 11:40:46 2005 -->
- <!--x-from-r13: www863 ng tznvy.pbz (Xreel Kh) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE -->
- <li><em>date</em>: Wed May 18 11:40:46 2005</li>
- <li><em>from</em>: jjj863 at gmail.com (Jerry Yu)</li>
- <li><em>in-reply-to</em>: <<a href="msg00525.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00525.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</li>
Again, on a not-so-important systems, knock yourself out.
On 5/18/05, ChangingLINKS.com <<a rel="nofollow" href="http://ChangingLINKS.com";>http://ChangingLINKS.com</a>> <
groups at changinglinks.com> wrote:
>
> On Tuesday May 17 2005 18:02, Geoffrey wrote:
> > > CHALLENGE:
> > > 1. If no one can down/infect/harm my system for more than 20 minutes
> > > TOTAL - you fix (or have fixed) the 6 problems that I posted (and give
> me
> > > exact directions on how to apply the fixes myself.)
> >
> > You're on.
>
> . At 1800 (6PM) on Sunday 05-22-05 the challenge will begin.
> . I will setup my box like so: Internet -> broadband cable modem -> box
> . I will drop all firewall rules
> . Geoffrey can confirm by phone that he has no problems reaching /
> . I will leave the system open for 30 minutes
> . During this time anyone on the ALE list can hack at my DAILY USE box
> . At 1830 (6:30PM) I will restore the entire computer within 10 minutes.
> . Finally, I will post the procedure for restoring the system as proof.
>
> Overview of the system:
> This challenge is similar to Bob Toxen's "expert hacker" challenge. Like
> him,
> I will give away the IP address.
>
> Unlike him, though, I will go much further:
> I will give everyone the root password
> I will be running as root the entire time
> I will drop all firewalls and typical security that I run
> I will NOT have a "hot spare" - or more than 1 hard drive in the box
> I will run a server including Apache, PHP
> (Bob said it was very insecure awhile back),
> MySQL, Perl, sshd (if I remember to start it)
> I will NOT add or remove hardware during or immediately after the
> challenge.
> Moreover, I will do my best to verify that ALL of you can reach root.
>
> For this challenge, I will be removing personal data from the system. My
> worry
> is not to protect it from loss, but since I will be giving FULL access to
> the
> entire box - and want to keep the private data private. Outside of the
> missing data, the lack of firewalls, and the direct connection to the
> 'Net,
> you will have direct access to the setup that I run everyday as root. I
> can't
> think of anything else that will aid my defeat. My point is that I will
> not
> try to hinder the hacking - I will let the box sit "insecurely."
> (Note: I have been having weird net connection problems for a week or two.
> It's been ultra slow. If there is a connection problem on Sunday, we can
> move
> the challenge to whatever time I can connect. The downtime is
> short-lived.)
>
> Rooting for the visitors:
> Some strategy is in order. Some of you may want to run rm -rf / as root
> while
> others may want to install some type of virus or trojan. I suggest you use
> this thread to coordinate that - so that you won't bump heads.
>
> Challenge results:
> The challenge will have no "tie." I will either restore the system back to
> clean state quickly (and outline how I did so), or I lose the competition.
>
> IF I am unable to restore the system, I would like there to be a
> consequence.
> That's what makes challenges fun. Perhaps I can fund the pizza for the
> next
> Installfest ($100 worth) or something like that.
>
> IF I am able to restore the system and explain what steps I did to make
> sure
> that it's "clean" and fully restored, Geoffrey will be responsible for
> providing me with clear instructions on how to fix the SIX problems (with
> my
> OS - not Gentoo :) ) that started this thread - within a reasonable amount
> of
> time. The six problems include and are limited to: 1. Unstable browser. 2.
> Reset mpu port to 300 3. Fix Gnutella 4. Get scanner working 5. Install
> IVTV
> driver 6. Get noteedit to produce sound
> I would like the instructions so that I can apply the changes *myself*
> (for
> security reasons and to learn the solutions). I will forward the journals
> that I kept on the issues and take significant steps to assist him.
>
> My goals:
> 1. To get my system fixed within a reasonable amount of time.
> 2. To prove that I can safely run as root all of the time.
>
> As you all know, I am NOT an expert. I don't like reading manuals much.
> Most
> of the time, I don't even fully understand them. I am not a professional
> system administrator. I am just a guy who uses Linux to get things done.
> Thus, it should be easy for the group to defeat me in this challenge.
>
> I hope the most vocal anti-run-as-root crowd who sometimes come off as
> "know-it-alls" (i.e.: James Sumners, Jonathan Rickman, George Carless,
> Jason
> Day, Jerald Sheets, et al) will be available to participate. Moreover, in
> the
> event Geoffrey needs assistance, my hope is that the "RTFM, It's not a
> Debian
> problem" people will help him.
> --
> Wishing you Happiness, Joy, and Laughter,
> Drew Brown
> <a rel="nofollow" href="http://www.ChangingLINKS.com";>http://www.ChangingLINKS.com</a>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
-------------- next part --------------
An HTML attachment was scrubbed...
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00525" href="msg00525.html">[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00552.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00554.html">[ale] [OT] I want to become a ham</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00726.html">[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00641.html">[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00553"><strong>Date</strong></a></li>
<li><a href="threads.html#00553"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>