---------- Forwarded message ----------
From: Roger A. Grimes <roger(a)banneretcs.com>
Date: May 5, 2005 1:41 AM
Subject: Invitation to www.hackiis6.com
It's not the traditional honeypot...but it is. <grin>
Welcome to the HackIIS6.com Contest!
Starting May 2nd and going until June 8th, the server located at
http://www.hackiis6.com will welcome hackers to attack it. If you can
deface the web site or capture the "hidden" document, you win an X-box!
Read contest rules for what does and doesn't constitute a successful
hack. We've tried to be as realistic as possible in what constitutes a
successful hack, and in mimicking a basic HTML and ASP.NET web site.
For the most part, almost anything reasonable constitutes a successful
attack except for a massive network denial of service attack against the
IIS 6 or its host provider. Not that doing a successful DoS attack
wouldn't be a problem in the real world...it would be...but we aren't
testing that. We want to test the security of Windows Server 2003, IIS,
and other Microsoft applications. So, please, respect this one rule of
the contest so everyone can have a chance at claiming the prize.
Questions and Prizes
If you have questions, send an email to admin(a)hackiis6.com. If you want
to claim a prize, send your email, with the details listed in the
official rules to prizes(a)hackiis6.com.
We are going to start the contest for the first two weeks with the very
basic, static HTML web site that you are now reading. Two weeks later,
we'll add an ASP.NET web site and a back-end SQL server to add more
flavor and give more area to attack. We started with the basic site to
prove that Microsoft's Internet Information Service (IIS) and Windows
Server 2003 is secure by itself. This is to satisfy the purists who
thinking hacking ASP.NET is hacking an application and not the server.
So, if you've got skillz in one area versus the other, you'll have a
chance to try both attack types.
Once the contest stops on June 8th, we will announce the winner(s) at
the upcoming June Microsoft Tech.Ed conference.
This server is running Windows Server 2003, Service Pack1, with all
current publicly-released patches and hotfixes installed (we ran Windows
Update and MBSA just like a real admin would do). We installed IIS 6.0.
and then we followed the basic recommendations
by Microsoft. I added a few tweaks here and there, to put my personal
mark on the site, but nothing extraordinary.
There is no non-Microsoft software involved with the exception of the
host's router/firewall, which would be normal in most environments. We
want to make this a test of Microsoft software.
Why a hacking contest?
To have fun! Sure there will be critics who say sponsoring a hacking
contest proves nothing. If the IIS server remains unbroken, it still
doesn't mean that IIS is really "secure." True, and if I wasn't the
contest's team leader, I'd probably be the first one to yell that out.
Hacking contests rarely prove something is secure, although it only
takes a single successful hack to prove something is unsecure.
So why do it? There are very few places on the Internet where hackers,
good and bad, can hack legally. Windows IT Pro thought the contest would
be a fun way to interact with the hacker community (they realize most
hackers have good intentions) and bring some attention to Windows IT Pro
(of course, they'll disavow all responsibility and blame me solely if
the server gets hacked) <grin>.
So, welcome to the contest! Hack away. If the IIS server goes unhacked
during the extended time period, it might not mean that IIS is
"unhackable", but if it does survive the contest it might convince a few
people that it is a relatively secure web server platform. After all,
over 20% of the Internet relies on it, including some of the largest web
sites in the world.
Roger A. Grimes
Contributing editor, Windows IT Pro Magazine
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4),
*Author of Malicious Mobile Code: Virus Protection for Windows by
*Author of Honeypots for Windows (Apress)
Dear Hostcenter responsibles.
Sorry that I write to Swinog, but the Hostcenter phone support just didn't get
One of your customers has again set up an autoresponder sending 'new' emails
to every 'from' address it sees. We got about 10'000 new support tickets
opened last night by this customer.
Subject and everything is replaced, so that RT is not able to recognize the
Precedence: Bulk or Junk is missing so RT sends a reply too.
This Hostcenter setup can wonderfully be abused to mailbomb any destination
email address in an anonymous way.
The Hostcenter support told me that this a reseller's host and so this is the
reseller's problem and not theirs but that they are not allowed to give me
contact info of that reseller...
If somebody from Hostcenter reads this, and thinks about reconsidering this
statement, please contact me asap: bp(a)imp.ch or 061 826 93 06.
As I'm playing with the idea to start reporting those autoreplies to spamcop,
but it's just a reseller's host, so normal customers are not affected. Isn't
SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can
Tastes fine, saves time. / If you want something grand, / Ask for SPAM!
- Hormel's 1937 jingle for SPAM
summertime is coming ,-)
according to all the weather specialists it could be nice and sunny (and
little bit cloudy) next monday. but every time I organized the BE at the
lake it was just great weather. so I'm hoping that the luck will still be
so, what about some cool beer in a warm, sunny and cosy environment? ,-)
the famous "pumpi" is already open and I expect many people coming for next
week to enjoy it ,-) (if wireless LAN is working: don't ask me ;-))
so, the next event will be:
Date: 9th of May 2005
Time: starting around 18.30 o'clock
Location: @lake in restaurant "Pumpstation"
(see image; www.pumpstation.ch)
On bad weather (will be communicated before noon)
we go to the "Outback" / Bahnhof Stadelhofen
Registration deadline: 09.05.2005 09:00:00
Link for registration http://swinog.mrmouse.ch/
Important: If someone cannot find us: call me on my handy: 079 / 277 92 35