Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Hackers go public with prizes and glory, and jobs, on the line

Hackers go public with prizes and glory, and jobs, on the line

by Nikola Strahija on November 19th, 2002 Openhack, an online hacking competition, ended last Saturday, with an US entrant winning a $US500 prize, but he and others missing even bigger jackpots for being able to break into a software application.


Openhack was established in 1999 by eWeek, an online technology magazine. The idea was simple: put an application online and let everyone in the world hack away at it. The entrant who can best hack into the test system gets the biggest prizemoney.

With the exception of last year's challenge, when $50,000 was up for grabs, every hacker challenge has resulted in prizemoney being awarded. Gibraltar-based security consultant Lluis Mora won the first two challenges.

Mora says he likes entering the competition for the fun of it. "It lets you play with stuff which is usually illegal . . . you can test your skills in the wild with no restrictions," he says. Mora is rumoured to have landed his present job as a result of winning the competition.

With hackers like Mora continually embarrassing vendors who submit their applications to the challenge, it isn't easy to get software companies to participate, but Timothy Dyck, one of the eWeek boffins organising the event, says that once they are in, they work hard to configure their systems as securely as possible; being hacked in public doesn't look good.

From a marketing perspective, Openhack can be a double-edged sword for vendors. For example, during Openhack 3, Argus Systems allowed its Pitbull software to be tested. Over 17 days, not a single entrant could crack the software. Argus promptly whipped up some press releases and marketing material announcing its triumph. over the world's toughest hackers: "Seventeen days, 40,000 challengers, 5.4 million punches and one e-security champion."

It was such a successful stunt that Argus decided to stage a re-match in Hannover, Germany, at the CeBit technology conference in March last year.

A hacker named Bladez by-passed their security in a marathon 30-hour effort. Unfortunately for him, he missed the competition deadline and was not awarded the prizemoney.

Argus did its best to keep it quiet and this time didn't put out any cocky press releases. It still touts its product as unbreakable.

American entrant Jeremy Poteet won the $US500 this year by spotting some basic vulnerabilities in the application under test.

He wasn't able to bypass all the security on the test machines but he did identify the vulnerabilities only two hours and 20 minutes into the competition, which lasts several weeks.

This year the vendors escaped humiliation, but Mora believes the length of the contest is a handicap. Openhack restricts the attack timeframe to less than a month. "In real life there are no timeframes to attacks," he says.

- article available at www.openhack.com -


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »