Sysmask security challenge: 1 week and +300 arbitrary code assaults, still resisting

"azuredu" <xiao@unice.fr> writes:

> When a hacker breaks a daemon or when a virus breaks a browser, it
> encounters very similar situation as for the challenge.

One would expect that you know the difference between hacker and cracker
....


--
Dragan Cvetkovic,

To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer

!!! Sender/From address is bogus. Use reply-to one !!!

In article <1113985239.650578.222780@z14g2000cwz.googlegroups .com>,
azuredu <xiao@unice.fr> wrote:

:If you are a "true
:hacker" and you don't know how to break this challenge, you will have a
:hard life!

I don't know how to break public key cryptography (short of
factoring the primes.) Does that mean that my 25 years of computing
experience are useless, and that I will have a "hard life"?
Along with everyone else who hasn't broken RSA in the time since
it was patented in 1978 (i.e., everyone... unless it's been
broken in some secret laboratory somewhere) >

A *true* hacker may never break into a computer system in a long
and fruitful life. That's not what being a hacker is about.

--
"Never install telephone wiring during a lightning storm." -- Linksys

Please read the help pages before sending in your c codes! And modify
your codes copied from the net so that they may at least compile!

"int main(...)" won't work. Please replace by
"void main()".

> I run my Web browser as an unprivileged user in a chroot ghetto
> that has no setuid programs, no devices and no files shared with

Please read the following for discussion of what can be secured for a
browser and what cannot.

http://wims.unice.fr/sysmask/doc/example.txt

In any case, sysmask offers more protection than a simple chroot,
because the process can be made much less exposed to kernel
vulnerabilities.

Dragan Cvetkovic <me@privacy.net> writes:

>"azuredu" <xiao@unice.fr> writes:

>> When a hacker breaks a daemon or when a virus breaks a browser, it
>> encounters very similar situation as for the challenge.

>One would expect that you know the difference between hacker and cracker
>...


One would expect people to know that common usage dictates the
meaning of words, and not a fringe group of experts.


Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

"azuredu" <xiao@unice.fr> writes:

>Please read the help pages before sending in your c codes! And modify
>your codes copied from the net so that they may at least compile!

>"int main(...)" won't work. Please replace by
>"void main()".

"void main()" is not correct C (except perhaps in C99)

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Casper H.S. Dik <Casper.Dik@Sun.COM> writes:

> Dragan Cvetkovic <me@privacy.net> writes:
>
>>"azuredu" <xiao@unice.fr> writes:
>
>>> When a hacker breaks a daemon or when a virus breaks a browser, it
>>> encounters very similar situation as for the challenge.
>
>>One would expect that you know the difference between hacker and cracker
>>...
>
> One would expect people to know that common usage dictates the
> meaning of words, and not a fringe group of experts.
>

One would expect that established meaning of words doesn't change just
because some newspaper guys who are uninformed and don't know any better
spread the wrong semantics among the public who doesn't know any better.

Luckily, Sun's PR try with 200Mb network speed (for a full duplex 100Mb
network) didn't get the widespread acceptance ...

But new German grammar did change spelling of "Photo" to "Foto" ...

Dragan

--
Dragan Cvetkovic,

To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer

!!! Sender/From address is bogus. Use reply-to one !!!

> "void main()" is not correct C (except perhaps in C99)

Of course. The correct entry point is void test(void).

Dragan Cvetkovic <me@privacy.net> writes:

>One would expect that established meaning of words doesn't change just
>because some newspaper guys who are uninformed and don't know any better
>spread the wrong semantics among the public who doesn't know any better.

When the newspapers used the work it had already established it
second meaning. Get over it. (And the hollywood movie wasn't called
"hackers" for nothing)

>Luckily, Sun's PR try with 200Mb network speed (for a full duplex 100Mb
>network) didn't get the widespread acceptance ...

This is so irrelevant that it's almost at hominem.

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Casper H.S. Dik <Casper.Dik@Sun.COM> writes:

> Dragan Cvetkovic <me@privacy.net> writes:
>
>>One would expect that established meaning of words doesn't change just
>>because some newspaper guys who are uninformed and don't know any better
>>spread the wrong semantics among the public who doesn't know any better.
>
> When the newspapers used the work it had already established it
> second meaning. Get over it. (And the hollywood movie wasn't called
> "hackers" for nothing)

Haven't seen the movie. OK, we agreed to disagree. Let's drop it now.

>>Luckily, Sun's PR try with 200Mb network speed (for a full duplex 100Mb
>>network) didn't get the widespread acceptance ...
>
> This is so irrelevant that it's almost at hominem.

No, this was just another example of changing the well established term
into somethiuung that fits PR better. I could have equally well used KB and
MB as examples of changed use (where it is suddenly not 1024 or 1048576 but
1000 and 1000000).

Dragan

--
Dragan Cvetkovic,

To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer

!!! Sender/From address is bogus. Use reply-to one !!!