Information Security News mailing list archives
Re: Made-in-China Firewall Challenges Global Hackers
From: security curmudgeon <jericho () ATTRITION ORG>
Date: Thu, 24 Aug 2000 04:09:30 -0600
http://english.peopledaily.com.cn/200008/23/eng20000823_48861.html Wednesday, August 23, 2000, updated at 22:09(GMT+8) Noted Chinese consumer electronics production company, Hisense, has challenged hackers all over the world to hack a server equipped with its newly developed firewall products before September 1 to win 500,000 yuan. The company has set up a large screen in front of a major department store in Beijing, showing the homepage of the protected server and the number and sources of hackers. Hackers would be awarded with the money if they could hack the homepage of the server or gained access to a designated document on the server, company sources said.
We've all talked about these contests in the past, and how they are usually nothing more than glorified marketing moves. It is interesting that they only give two ways to win the contest. Deface their web page or steal a document from a specific account. So what if I break into the machine, but do not have write access to the web page or read access to that document. Does that mean I haven't breached their firewall and penetrated their machine? No. Putting these kinds of caveats on a contest is the real shame. Since the document wouldn't be made public and the page wouldn't be defaced, it is likely no one would know of the intrusion attempt. Next, their product is a firewall. Why is it running on the same machine that is to be targeted? If the firewall is passing port 80 traffic and I exploit something in the web server, is their firewall really to blame? Unless it is stateful inspection and/or incorporates IDS features, I'd say no. Doesn't seem that their test is a good one for the firewall.
[500,000 Yuan to U.S. Dollars = $60,387.21 on Wednesday's exchange.]
At least the reward is halfway worth it. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Made-in-China Firewall Challenges Global Hackers William Knowles (Aug 24)
- Re: Made-in-China Firewall Challenges Global Hackers security curmudgeon (Aug 25)