[supersaibal]
I've held off commenting on this stupid challenge hoping that others would realize it was non-existent. Unfortunately, the press and many security outlets continue to hype the story. Below is our (TruSecure Corporation) assessment of this issue, publicly posted at;
http://www.trusecure.com/knowledge/h...hallenge.shtml
As you can see, it went from an initial assessment of Fact to Hype after ISS and DHS both thought it worthy of an alert. It wasn't, and isn't. We didn't post our assessment until it went to Hype. Here's a few comments worth sharing;
"All sorts of folks are sending me URLs to articles, and I even saw mention of the defacers challenge on one of my OS X mailing lists. I expect my grandmother to call any minute wondering if she needs to worry (even though she doesn't have a computer)."
"who would deface 6000 websites for 500mb of webspace....when you could use the sh-t you defaced and have huge amounts of webspace?"
"i fail to see how that can alarm anyone with half a brain"
Its worth noting that our monitoring of the underground has shown us that not one IRC channel, in which hackers or script-kiddiez chat, has had anyone express anything but disgust over the challenge.
Zone-H, who is supposedly officiating the scoring, has never been able to do more than 4,000 defacements in a single day. They have to lay eyes on every defaced site for it to count, and its unlikely they'll be able to do that should this contest actually attract anyone. Mass-defacements count as a single defacement (e.g. many virtual sites on a single IP).
Defacers don't do their thing for contests, they've got their own motivations which go beyond mere trivial prizes like hosting space. More likely the people announcing the contest were simply trying to see how many sheep they could coral under this social engineering exercise.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
Rispondi quotando
