Welcome to the SecAware blog

I spy with my beady eye ...

16 Jun 2007

The difference between black and white

The next DefCon hackers' conference will include a competition to Øwn the box. The idea of the game is for DefCon participants to hack network systems brought along by willing (or is that gullible?) sys admins. If (when) someone successfully compromises (Øwns) a box and finds the hidden random number, they get to keep (own) the box and celebrate their amazing mastery of the black arts.

The white hats who configure and donate the boxes are not allowed to interact with their own boxes (although how the the conference organizers will stop them doing so via the network is unclear). The announcement suggests they should 'take the weekend off' and play Vegas (or more likely hack their peers' systems). Meanwhile, the black hats will work around the clock to bust the systems, presumably living on energy drinks, pizzas and party pills.

To the conference organizers and most of the participants - the black hats - this is all just a lark, a bit of fun. To the sys admins and security pros desperately trying to defend their systems against this kind of attack on a daily basis - the white hats - it's rather more than a simple game. The black hats need only find and exploit one serious hole per system, whereas the whities have to plug all the holes simultaneously. It's inherently unfair. Whitie life sucks.

Still, it sounds like fun to me. Am I turning into a black hat? What can the panel advise?

No comments:

Post a Comment