Dailydave mailing list archives
RE: funny comments from Hack IIS6 contest admin
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Sat, 14 May 2005 08:51:05 -0400
Re-read the posting. I said MOST people on the list would not be able to hack the site if the reward was bigger. That is because MOST people on the list don't have the skillz and could not acquire them. Serious hacking is something either you have or you don't...I'm not talking about the hacking where you must rely on a misconfiguration to be successful (because our box is not misconfigured), but the zero-day stuff. I assure you that the hackers that are capable of hacking this box are motivated for far less money, if any. Take Dave at Immunity. He makes more money than the average hacker, but I assure you that he makes far less than $250K on each hack he discovers. (Tell me if I'm wrong, Dave). Professional hackers may make more than $250K, but what motivated them initially was far less money, if any. The best hackers in the world that released the most devastating exploits, did it for free...not money. It was either to improve the product or for the "glory" in the community. Consistent hackers...the best...want more money...but what motivated them initially was far less. Would more money motivate more people? Yes, of course. But Anthony, people like you wouldn't be able to hack it regardless of the award. In fact, Anthony, I'll personally give you, and you alone, $2000 reward of my own money, if you hack it (by yourself without any external help) by midnight tonight. Go! If fact, tell me the IP address you're hacking from (so I can track you) and send one original hack that might possibly be successful...I doubt you can even do that. It won't get you any award, but at least I won't see you as the poser you so obviously are. Or are you already calling your more knowledgable friends for help or deciding on what witty response to send why you don't hack my box? Roger A. Grimes admin () hackiis6 com -----Original Message----- From: Anthony Zboralski [mailto:bcs2005 () bellua com] Sent: Friday, May 13, 2005 4:38 PM To: dailydave Cc: Roger A. Grimes Subject: funny comments from Hack IIS6 contest admin Did you guys notice this dumb Hack IIS6 Contest to win an Xbox? http://www.hackiis6.com Below are the comments I posted on Slashdot and a reply from Roger Grimes, who claims that if MS increases the price to $250K it will not affect the result of the contest:)) Is this a joke?!? The reward is worthless! (Score:3, Informative) by acz (120227) <z&hert,org> on Friday May 06, @08:15AM (#12448998) You have to be retarted to use an 0day IIS exploit to win an XBox when you can sell it for around 20K or impress customers during a pen test... (A pen test can be worth between 15K to 200K depending on the scope of the project). One hour of security consulting earns you an XBox, why bother with this contest? Link to post on vuln sharing club, here [immunitysec.com] Re:Is this a joke?!? The reward is worthless! (Score:1) by acz (120227) <z&hert,org> on Friday May 06, @10:31AM (#12449395) make the reward 250K and this web site will be hacked right away. Re:Is this a joke?!? The reward is worthless! (Score:0) by Anonymous Coward on Friday May 06, @07:12PM (#12453220) This sort of claim is so not true. Ebay, Microsoft, Msn, Hotmail, and so many other sites run on IIS 6. Certainly, there is financial gain beyond $250K to be made if you successfully hack those sites. They aren't (while you can never be sure any computer system isn't hacked...they aren't publicly known to be hacked). Hacking success is driven by desire and consistent effort, only a bit of which is money-driven. The spyware and ad-ware related hackers are certainly driven by money, but many other hackers (i.e. gov't hackers) aren't. It's probably safe to say that most people on this list, including anyone claiming so (like you) would not be able to hack the site if given a bigger prize. Some might...but the ones who can really do it aren't out making knowingly false claims and bragging of skills they don't have and probably couldn't acquire. Of course, on the other end of the spectrum, if given a bigger prize, I would probably secure the site beyond the basics as well...and things like that...so it would not be a one-sided build up. Roger A. Grimes admin () hackiis6 com Re:Is this a joke?!? The reward is worthless! (Score:1) by acz (120227) <z&hert,org> on Friday May 13, @10:24PM (#12523673) Some of the companies you have mentioned have been hacked and will be hacked again... Didn't Microsoft get winnt4 and win2k src stolen last year? (it's probably still on edonkey.) I was talking about legal ways to make money from a vulnerability or exploit without resorting to fraud or crime. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- funny comments from Hack IIS6 contest admin Anthony Zboralski (May 13)
- Re: funny comments from Hack IIS6 contest admin Steve Lord (May 13)
- Re: funny comments from Hack IIS6 contest admin Allan Liska (May 14)
- <Possible follow-ups>
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: funny comments from Hack IIS6 contest admin Anthony Zboralski (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Dave Aitel (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Bas Alberts (May 14)
- Re: RE: funny comments from Hack IIS6 contest admin Steve Lord (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin I)ruid (May 17)
- RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 14)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 15)
- Re: RE: funny comments from Hack IIS6 contest admin Holden Williamson (May 15)
- RE: RE: funny comments from Hack IIS6 contest admin Roger A. Grimes (May 17)
(Thread continues...)