Announcement

Collapse
No announcement yet.

CFSB: Vista and OSX86

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CFSB: Vista and OSX86

    (Call for Specific Boxen)

    Okay, so the responses so far have been absolutely awesome. Thanks everyone for expressing interest!

    I'll be posting a FAQ shortly with some updates and answers to the questions I've gotten so far.

    So far, everything committed has been a *nix flavor, so I'm asking for some diversity.

    I'm really hoping we'll see some boxes with Vista or OSX on Intel ( JaS / uphuck / etc is fine), so if someone is interested, stand up and be counted.
    "Raise a toast to ... I think he might have been our only decent ."

  • #2
    Re: CFSB: Vista and OSX86

    Originally posted by sk00t View Post
    So far, everything committed has been a *nix flavor, so I'm asking for some diversity. I'm really hoping we'll see some boxes with Vista or OSX on Intel ( JaS / uphuck / etc is fine), so if someone is interested, stand up and be counted.
    while i think vista has been out for too short a time to be properly considered worthy of "secure" deployment, i might be willing to toss a Windows server or workstation into the mix. i'd be eager to learn more details of the contest, such as what consititues 0wning the box... creation/compromise of an admin user account? simply moving files around or uploading some signed file to the system drive?

    what techniques will be used? strictly remote attacks? or will people be allowed to walk up to the machines, since that would pretty much be the endgame right there. (although, i think it would be a real eye-opener to have a speed contest in which folks are allowed to walk physically up to a machine and own it, then walk away leaving as few clues as possible. would be a cool speed challenge while at the same time very educational for the mindless small business types who don't grasp the concept of securing servers behind locked doors)
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: CFSB: Vista and OSX86

      Originally posted by Deviant Ollam View Post
      while i think vista has been out for too short a time to be properly considered worthy of "secure" deployment, i might be willing to toss a Windows server or workstation into the mix. i'd be eager to learn more details of the contest, such as what consititues 0wning the box... creation/compromise of an admin user account? simply moving files around or uploading some signed file to the system drive?

      what techniques will be used? strictly remote attacks? or will people be allowed to walk up to the machines, since that would pretty much be the endgame right there. (although, i think it would be a real eye-opener to have a speed contest in which folks are allowed to walk physically up to a machine and own it, then walk away leaving as few clues as possible. would be a cool speed challenge while at the same time very educational for the mindless small business types who don't grasp the concept of securing servers behind locked doors)
      I dunno, I'm interested to see Vista precisely because it's so new. There's some question whether the improvements in DEP and ASLR will bear fruit or not. We'll see.

      I need to get the FAQ up -- there's a rules page on the site, but basically there are two stages -- day one is remote, with a minimum of two services visible, and day two requires providing some level of authenticated access (restricted shell / nonpriv user / HTTP user, etc, is OK).

      As far as what constitues 0wnage, each defender entry will be provided with a unique GPG key to place in a directory on the filesystem. The key will decrypt a file we'll make available somehow, which contains instructions on how to claim the machine.

      There won't be physical access to the machines, unless I do get some more neat older machines committed. If there's no ethernet port on the box we'll try to be flexible. :)

      This is literally something I came up with less than a week ago, so it's still a bit of a moving target. So far I'm just glad to see the level of interest, and we'll consider this year to be something of an experiment. Hopefully it will be fun.
      "Raise a toast to ... I think he might have been our only decent ."

      Comment


      • #4
        Re: CFSB: Vista and OSX86

        I would bring a Vista box just for fun. (I don't really have a spare box to give up)

        Comment

        Working...
        X