Network Computing Editor Wins RSA Hacking Contest 65
richkarpi writes "Network Computing's security editor won the recent RSA Interactive Testing Challenge. He has up a blow-by-blow description of the events at their site: 'The most important factor in the contest besides basic web exploitation skills (cross site scripting (XSS), SQL injection, cross site request forgeries (CSRF), etc.) was speed ... I squeaked out a win in the tie-breaking challenge the first day with only a few seconds to spare as my opponent was right behind in the hunt to combine three injectable fields into one long javascript function.'"
Meh (Score:5, Funny)
Knock on door from Homeland Security in 3..2..1 (Score:2, Funny)
Re:Meh (Score:1, Funny)
Re:Meh (Score:5, Funny)
You're right because real hackers are banned from the internet. You're not a real hacker til you get charged as one.
Time victory = valid? (Score:5, Funny)
Re:Wonder what the expense report looks like (Score:3, Funny)
1m a 1337 h4x0r!!!!!1 (Score:4, Funny)
That's Nothing (Score:2, Funny)
This one time, I was hacking this really locked-up-the-wazoo Gibson. I'd set up a couple of IDS/IPS evasion bots, perimeter scanning came up clean. Small SQL injection issue merged with XSS showed that the backend database may have been either 768-bit encrypted or a simple 3DES matter, but I was running low on time and didn't get to check. Once the tables were writable to sa, I was able to jump in and jump out with no problem. One of their systems caught an early sniff, but was shut down with a smurf. Everything was PERFECT until their night noc ran a reverse udp traceroute back to one of the hosts I had set up after that, straight DOWNHILL. I got called twice by my isp asking about unusual activity, some other shit about access attempts to a federally monitored system, and they had everything in logs including the Schneier-level, rot-26 I thought would hide me. Fortunately I managed to find a reverse-folding routepath on their IIS Apache and I got out just in time while erasing the incriminating forum posts.
Posted anonymously for obvious reasons.
Re:Wonder what the expense report looks like (Score:5, Funny)
And yes, I was drinking dew for the finals:
http://www.rsaconference.com/2007/US/press/photos
Yeah, sure.... (Score:5, Funny)
Mitnick warned me about hacker tricks like that... I for one am not going to RTFA!
Re:Meh (Score:5, Funny)
Contest Requirements? (Score:2, Funny)
Yeah, but how would he do against Chloe Sullivan? (Score:3, Funny)
Of course, their cover could be working for the Mormons...
myke
Re:Time victory = valid? (Score:5, Funny)
Re:1m a 1337 h4x0r!!!!!1 (Score:5, Funny)