o-----------ooO--(- Important Message -)--Ooo------------o | | | SAVE BANDWITH, SPACE, TIME & MONEY, REPLY WITH PRUDENCE.| | | o----=[ Penguin @ My - Linux ([EMAIL PROTECTED]) ]=----o -------- Original Message -------- Subject: [NEWS] "Can you break into my system? I dare you!" From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com "Can you break into my system? I dare you!" -------------------------------------------------------------------------------- SUMMARY We in Beyond Security believe that <http://www.beyondsecurity.com/info.html> the only way to test your security is by trying to break it. But we're not as drastic as one Linux system administrator who took this one step further - he is asking attackers to try and break into a server he is administrating. DETAILS Many administrators have to deal with potentially malicious users having legal accounts on their servers. Universities, ISPs and large companies have to consider the risk that local users, having access to the system as valid users, will sometime try to elevate their privileges. The system administrator of <zeus-olympus.yi.org> zeus-olympus.yi.org assumes that some of his users are 'evil'. Although he is confident that his Linux system is secured, he would like others to do their best to attack his system. He therefore provided two user accounts that have normal user access to the system, and he allows anyone who wishes to use those accounts and gain entry to the server. Once logged in, the users are free to try and compromise the system's security, with no strings attached. The only 'catch' is that once vulnerability is found, it should be reported immediately, so that the hole can be closed. This offer is extremely unique. There have been 'hacking' contests in the past (usually by commercial companies trying to show that their product is secure), but this is one of the first time that an administrator is offering full access to the machine (using a valid user account) - which of course makes this game much more interesting. Therefore, if you would like to try and break a Linux Redhat machine, join this war game and give it your best shot. ADDITIONAL INFORMATION To join the contest, visit <http://zeus-olympus.yi.org/> http://zeus-olympus.yi.org/ and enter the 'password required' section. The login is: war and the password is game. Upon entering this section, you will receive the account information needed to log into the server. Feel free to give Danny some feedback about his war game: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [EMAIL PROTECTED] In order to subscribe to the mailing list, simply forward this email to: [EMAIL PROTECTED] ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. - Disclaimer : http://users.my-linux.org/disclaimer.html