Dailydave mailing list archives
funny comments from Hack IIS6 contest admin
From: Anthony Zboralski <bcs2005 () bellua com>
Date: Sat, 14 May 2005 03:37:50 +0700
Did you guys notice this dumb Hack IIS6 Contest to win an Xbox? http://www.hackiis6.comBelow are the comments I posted on Slashdot and a reply from Roger Grimes, who claims that if MS increases the price to $250K it will not affect the result of the contest:))
Is this a joke?!? The reward is worthless! (Score:3, Informative) by acz (120227) <z&hert,org> on Friday May 06, @08:15AM (#12448998)You have to be retarted to use an 0day IIS exploit to win an XBox when you can sell it for around 20K or impress customers during a pen test... (A pen test can be worth between 15K to 200K depending on the scope of the project).
One hour of security consulting earns you an XBox, why bother with this contest?
Link to post on vuln sharing club, here [immunitysec.com] Re:Is this a joke?!? The reward is worthless! (Score:1) by acz (120227) <z&hert,org> on Friday May 06, @10:31AM (#12449395) make the reward 250K and this web site will be hacked right away. Re:Is this a joke?!? The reward is worthless! (Score:0) by Anonymous Coward on Friday May 06, @07:12PM (#12453220)This sort of claim is so not true. Ebay, Microsoft, Msn, Hotmail, and so many other sites run on IIS 6. Certainly, there is financial gain beyond $250K to be made if you successfully hack those sites. They aren't (while you can never be sure any computer system isn't hacked...they aren't publicly known to be hacked).
Hacking success is driven by desire and consistent effort, only a bit of which is money-driven. The spyware and ad-ware related hackers are certainly driven by money, but many other hackers (i.e. gov't hackers) aren't.
It's probably safe to say that most people on this list, including anyone claiming so (like you) would not be able to hack the site if given a bigger prize. Some might...but the ones who can really do it aren't out making knowingly false claims and bragging of skills they don't have and probably couldn't acquire. Of course, on the other end of the spectrum, if given a bigger prize, I would probably secure the site beyond the basics as well...and things like that...so it would not be a one-sided build up.
Roger A. Grimes admin () hackiis6 com Re:Is this a joke?!? The reward is worthless! (Score:1) by acz (120227) <z&hert,org> on Friday May 13, @10:24PM (#12523673)Some of the companies you have mentioned have been hacked and will be hacked again... Didn't Microsoft get winnt4 and win2k src stolen last year? (it's probably still on edonkey.)
I was talking about legal ways to make money from a vulnerability or exploit without resorting to fraud or crime.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- funny comments from Hack IIS6 contest admin Anthony Zboralski (May 13)
- Re: funny comments from Hack IIS6 contest admin Steve Lord (May 13)
- Re: funny comments from Hack IIS6 contest admin Allan Liska (May 14)
- <Possible follow-ups>
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: funny comments from Hack IIS6 contest admin Anthony Zboralski (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Dave Aitel (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Bas Alberts (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Steve Lord (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
(Thread continues...)