I was sent a few copies from ISN readers of a flyer below that has
been making the rounds in the San Francisco Bay area and later I
recieved another note from a Scott Wimer from Cylant which gave this
information...
-=-
Cylant Technology has developed a behavioral measurement approach to
intrusion prevention. The CylantSecure architecture uses real-time
behavioral measurement to prevent intrusions and malicious misuse of
computer systems.
As a demonstration of CylantSecure, we have deployed
victim.cylant.com. This machine is a stock RedHat 6.2 Linux box with
Everything running, including several services with known
vulnerabilities. We will be giving the hardware to the first person
who successfully can get root on victim.cylant.com.
[...]
The CylantSecure architecture is designed to protect software against
attacks without any signatures or rule-sets needed. To our knowledge,
this is the best way to protect a system from being compromised.
-=-
So curious that this wasn't an inside joke to hack someone else's
network I called Mr. Wimer to find out a little more information.
The first thing that caught me offguard is that Cylant has no in-house
security people, no computer hackers, no ex-military, or fun
three-lettered agency types working for them, that they looked at all
the security models out there now and wrote a security program from a
clean sheet of paper and this is their first real-world test of the
software.
I asked Scott Wimer why the prize is so small, for what looks to be a
hard task, and if they are so sure this technology is secure, why not
offer something like an SGI server that runs Linux and $50,000 in
cash. Mr. Wimer said that they are a small company and can't afford
that kind of prize package now.
So a little guerrilla marketing from Cylant got my attention, I guess
if anyone wants to try hacking this for a new MP3 server at home can
take a shot at it, & all the details are below, also don't worry about
putting down your name, addy and telephone number. Parties wishing to
use contact information for C4I.org for this contest are more than
welcome. Cylant is more interested on where to ship Victim to, and how
you were able to break the security.
Good Luck!
William Knowles
isn@c4i.org
-=-
Own This Box!
http://victim.cylant.com
Rules:
o Break through the CylantSecure barrier on victim.
o Email us (matt@cylant.com) as root from this machine.
o Create a file on victim: /etc/owned_YourName
o In this file put the following information:
* Your name
* Your mailing address
* Your telephone number
* How you were able to bypass the security
Cookie:
We will ship you victim:
o 850Mhz Athlon
o 256MB Ram
o 20GB Disk
o ATI Rage 128 Video Card
Services running on victim:
The machine is a Redhat 6.2 default install.
o compressnet, echo, discard, systat, daytime, netstat, chargen, ftp
ssh, telnet, smtp, time, domain, finger, http, linuxconf, pop2, pop3,
sunrpc, auth, netbios-ssn, imap2, ldap, exec, login, shell, printer,
uucp, samba-swat, garcon, cfingerd, and squid-http.
Cylant Technology
www.cylant.com
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Thu May 3 06:39 CDT 2001