Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Dreaming of Summer

From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Sat, 6 Dec 2003 11:35:28 -0500
Screw defense.  You come in with whatever equipment you want.  The host
sets up a set of targets.  You attack them.  Maybe there's a duplicate
set of targets, one for each team.  Maybe there's just one set (more
chaotic, IMHO).  You get points for taking control of target services
and/or networks.

That gets rid of the sysadmin aspect.

Phil


-----Original Message-----
From: dailydave-bounces () lists immunitysec com 
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of 
David Maynor
Sent: Saturday, December 06, 2003 2:00 AM
To: surreal () delusory org
Cc: dtangent () defcon org; dailydave () lists immunitysec com
Subject: Re: [Dailydave] Dreaming of Summer


On Sat, 2003-12-06 at 01:57, surreal () delusory org wrote:

For your consideration: Thoughts on a Virtual Multi-Bird Projectile

Dave's list may not be the right forum for this idea, but I like to 
think that the right people might see this (and it's only 

one message, 

so here goes). I'd like to address two problems and promote 

Good Clean 

Fun at the same time.

Problem one: Redhat; RHN; EOL.

A large but unknown (to me) number of Redhat boxes running 

7.3 through 

9 are about to be left to their own devices for bugfixes 

and security 

updates. Redhat hasn't seemed very excited about helping these 
soon-to-be-stranded sysadmins. "Buy our pricey distro and reinstall 
all your boxes" or "run Fedora and dwell forever in Beta Hell" just 
don't make me feel, uh, loved and valued. I *liked* up2date.


Debian. Debian fixes all.



Problem two: CTF got boring.

To quote Dave, from 8/5/2003:

...
Also, I admit it WAS a sysadmin game, but CTF should not be. If 
we're  going to make it Defend The Flag, then just have 

another game. 

You need to  make it a game where offense matters. 

Otherwise you just 

have everyone  hunkered around doing defense, like this and every 
other year. Did the  winning team write any exploits? I 

don't think 

they did. What does that  say?


My proposal is this: CTF - Dead Hat Edition 2004

Is it just me, or is that catchy? That is, of course, assuming a DC 
XII. :-|

By July, 7.3 and 8 will have been orphaned for 6 months, 

Redhat 9 for 

at least 3. How fast does a Linux distro go stale? Is 

someone holding 

off on the next big remote r00t until next year? How many ways will 
there be to r00t that "unknown number of boxes"? Who is this man of 
toast, and what is his dark secret?

I propose that the nodes for CTF be Redhat boxes patched up 

to their 

EOL date like any happy RHN-using box. I'm a defender, not a sploit 
coder so I leave the difficult details of play and scoring to the 
Smart Folks.

I'd like to think that just maybe an event like CTF-DH could prod 
Redhat to do a little more for the people they're leaving behind. 
Maybe host a "community supported" alternative to RHN? Anything's 
better than what we've got right now.

Maybe they'd ignore the whole thing... If the results of the 
competition were documented, at least people would know 

where some of 

the holes are(?)

Yeah, it *could* backfire and turn into a primer for a Redhat 
holocaust. The way things are going though, 2004 could be the year 
Linux gets the reputation for being r00ted as readily as Windows. 
That'd suck, IMO.


This will still fall back to sysadmin games. I want to see a 
free for all, you are give a kernel the week before and you 
have to build your own distro out of it. You then take that 
distro and defend/attack other people. CTF is getting boring 
as long as it remains a sysadmin game.
-- 
David Maynor
http://www.0dayspray.com/~dave 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com 
http://www.immunitysec.com/mailman/listinfo/da> ilydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: