[208] in Best-of-Security
BoS: Have a little fun with Macs
daemon@ATHENA.MIT.EDU (Button, Dave)
Fri May 30 13:37:20 1997
Date: Fri, 30 May 1997 08:49:25 -0400
From: "Button, Dave" <Dave.Button@GSC.GTE.Com>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
Listsibs,
I am passing this on from the Macway list.
This announcement is from:
Frans Susilo, <fsusilo@virtech-ca.com>
VANCOUVER, BC - From June 01 to July 15, 1997, VirTech Communications
Inc. will challenge the global hacker community to bypass the security of
its Macintosh World Wide Web server. Similar contests have been conducted
previously in the US and Sweden, but VirTech's challenge is unique in
that it addresses popular Internet security issues that are plaguing the
media today. By launching the challenge, VirTech wants to overturn the
notion that the Internet is vulnerable to credit card number snatching.
Additionally, VirTech also wants to prove its server can withstand the
type of vandalism attacks that have been successfully directed against
the NASA and CIA Web servers.
The rules are simple and the prize is big. Whoever breaks into the
server, snatches the credit card number, and changes the phrase found on
the page will win a hefty CAD $10,000 or an equivalent of US$7,500 prize.
The credit card number will have an extra four digits appended to it in
order to verify that the credit card number has indeed been snatched from
the challenge page. Moreover, there will be a special phrase in the page
that a challenger must change to claim the prize. The phrase could be
something like "Cats chase dogs". The hacker should change it to
something else, for example "Dogs chase cats".
In anticipation of VanHacking contest, the World Wide Web server that
VirTech employs will in no way be modified. No security beefing up
(firewalling for example) will be done to protect the server. The server
will run a network suite known as Apple Internet Server Solution 2.0 that
consists of WebStar 1.3.2 server software from Starnine Technologies,
Inc., and several prepackaged CGIs (Common Gateway Interface), which are
special programs that enhance the functionality of the server.
On the opening day of the challenge, a third party accountancy official
will verify that the page exists. The page will then be immediately
assigned a password in the presence of the official in order to mark the
beginning of the challenge. During the course of the challenge, the
official will be called upon bi-weekly to re-verify that the page is
still exists.
Further information can be obtained from the VanHacking challenge Web
site at:
<http://www.vanhacking.com> when it is fully operational in mid-May.
Cheers,
Dave
