I think this is the first time ever that i've known something the 'almighty' Cotman didn't... (all i did was read though)
From that challenge site it says
"This is just an opportunity to pursue your passion. So there is no prize; just applause. And your name will be on our Challenge page forever!"

(cuz most hackers are motivated by fame... right)

I hope there's a good writeup on what was attacked, what was secured and all... In this situation of course. Plenty of info on how to secure a system can be found, but a incident analsys step by step, defense vs attack and etc would still be a good read.

Thanks for the praise :-) Of course, I am not almighty, or even great; I am still a newbie in too many ways, but I have praise for others on these forums who actually know stuff.

I read the information on the site, but don't trust everything I read.
(Maybe I should go wear an aluminum foil hat and live with *those* people living in bomb shelters from the 1950's.)

There are several items on that page which suggest this is an event which is being hosted with no hidden agenda, but I usually have doubts and question motivations behind people's free offers and lack of full disclosure before a contest and a time limit that is so short.

In crypto, there are people/businesses that claim they have a proprietary "secure cipher" that is faster than "cipher XYX" with the same (or a "better") level of security as/than a vernam cipher (key length = plain text length) without key reuse, but they don't provide a model/source. Lack of up-front provision of techniques used to better secure their system before the competition influences my doubts. Maybe it is a false positive. Maybe I am bitter, or should be wearing that tinfoil hat.

It would be a good read. It would be even better if they offered a full disclosure on eveything they will do to add security to the system before the competition, and then let people attack it for an extended period of time until it was broken, or much more time had passed. :-)

Three words: One time pad.

The only Unbreakable code. Now getting the key to both parties, that's a chore.

But then again I love my tinfoil hat.

LosT

Funny thing though is a lot of these so called "one-time pad" equivalents are basically stream cipher with more or less effective PSRNG to generate key stream using whatever key is inputted as seed. Notwithstanding periodicity in the "random" stream, if they're not carefully implemented, they always generate the same keystream for the same key. Take two cipher text, xor together, use letter frequency in english and a good dictionary to find both plain texts. Given enough word and a plain text / cipher text pair, it might not be so complicated to work out the key.

Of course, I do remember a 40bit encryption program that used the first 40-bits of the ascii characters of the key. How long is a dictionary attack on 5 char passwords? ;-)

Given Shannon's estimate of 2.3 bits of entropy per character? Let me laugh my way into that account.

http://www.linuxense.com/challenge/

96 hours of fun but no one was able to break in. Looks like some logging and analysis info should be posted by later this week.

EDS, Fuji Xerox, Cisco, Microsoft, Sun, Dell and EMC say don't use Linux for large enterprise tasks because it's insecure and scales poorly:

http://www.zdnet.com.au/news/softwar...9184795,00.htm

Yet Sun makes servers so linux can run fine on them?

Also these are the executives that think linux=redhat which is pointed out in the last few paragraphs.

This is hardly a damaging opinion or article.

Their low-end servers can, however you certainly won't see Linux running on any of their high end systems like a sf15k. A better example of a Linux system geared towards high end enterprise tasks would be a HP Integrity Superdome, an IBM zSeries mainframe, or an SGI Altix.

No, they point to overdiversification as one of Linux's main problems. When they say Red Hat it's simply because a benchmark of Solaris 10 against "Linux" is utterly meaningless thanks to overdiversification. There's too many factors at play and RHEL is a distribution supposedly optimized for enterprise tasks. Solaris 10, however, is a rather remarkable performer...

No, because Linux hasn't really penetrated this market yet. The companies you see using Linux for backend databases are mostly Internet-related companies like Amazon who hosts their backend databases on HP Superdomes. Otherwise you'll mainly see a mixture of DB2/AIX or Oracle/Solaris running on high end POWER and SPARC systems respectively. The people you'll find using Linux are mostly IA64 adopters...

Solaris 10 is great, and definitely enterprise when installed into Sun's own hardware. Linux doesn't have that luxury, to optimize performance for specific hardware and focus their efforts on it like the Sun camp does.

I just think its funny that Microsoft is in that list, also Sun as well. It's like Toyota, Nissan and Honda getting together saying that our Toyota Supra, Nissan Skyline, and Acura NSX is better than Ford's Aspire. Hey maybe if they made a bold statement and said it was better than Ford's new GT then I would be somewhat impressed.

Linux can be made for the enterprise, but definitely not out of the box, Sun and Silicone Graphics stuff, on the other hand, can be, if not already is. That is the main reason why companies stick with Sun, SGI, IRIX, etc because everything is provided by one vendor, including the hardware.

All of these UNIXes all have open source software provided in their OS, isn't that true?

Solaris 10 runs just dandy on opterons as well.

I'll probably move Oracle servers to Solaris 10 from RHEL in a couple of months. I'm really liking Solaris 10 compared to RHEL. Its very stable, fast, and Oracle seems to be very happy on it.