Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Dailydave: Re: Dreaming of Summer

Re: Dreaming of Summer

From: David Maynor <dave_at_0dayspray.com>
Date: Sat, 06 Dec 2003 01:59:49 -0500

On Sat, 2003-12-06 at 01:57, surreal_at_delusory.org wrote:
> For your consideration: Thoughts on a Virtual Multi-Bird Projectile
>
> Dave's list may not be the right forum for this idea, but I like to think that the right people might see this (and it's only one message, so here goes). I'd like to address two problems and promote Good Clean Fun at the same time.
>
> Problem one: Redhat; RHN; EOL.
>
> A large but unknown (to me) number of Redhat boxes running 7.3 through 9 are about to be left to their own devices for bugfixes and security updates. Redhat hasn't seemed very excited about helping these soon-to-be-stranded sysadmins. "Buy our pricey distro and reinstall all your boxes" or "run Fedora and dwell forever in Beta Hell" just don't make me feel, uh, loved and valued. I *liked* up2date.

Debian. Debian fixes all.

>
> Problem two: CTF got boring.
>
> To quote Dave, from 8/5/2003:
> >...
> > Also, I admit it WAS a sysadmin game, but CTF should not be. If we're
> > going to make it Defend The Flag, then just have another game. You need to
> > make it a game where offense matters. Otherwise you just have everyone
> > hunkered around doing defense, like this and every other year. Did the
> > winning team write any exploits? I don't think they did. What does that
> > say?
>
> My proposal is this: CTF - Dead Hat Edition 2004
>
> Is it just me, or is that catchy? That is, of course, assuming a DC XII. :-|
>
> By July, 7.3 and 8 will have been orphaned for 6 months, Redhat 9 for at least 3. How fast does a Linux distro go stale? Is someone holding off on the next big remote r00t until next year? How many ways will there be to r00t that "unknown number of boxes"? Who is this man of toast, and what is his dark secret?
>
> I propose that the nodes for CTF be Redhat boxes patched up to their EOL date like any happy RHN-using box. I'm a defender, not a sploit coder so I leave the difficult details of play and scoring to the Smart Folks.
>
> I'd like to think that just maybe an event like CTF-DH could prod Redhat to do a little more for the people they're leaving behind. Maybe host a "community supported" alternative to RHN? Anything's better than what we've got right now.
>
> Maybe they'd ignore the whole thing... If the results of the competition were documented, at least people would know where some of the holes are(?)
>
> Yeah, it *could* backfire and turn into a primer for a Redhat holocaust. The way things are going though, 2004 could be the year Linux gets the reputation for being r00ted as readily as Windows. That'd suck, IMO.
>
This will still fall back to sysadmin games. I want to see a free for
all, you are give a kernel the week before and you have to build your
own distro out of it. You then take that distro and defend/attack other
people. CTF is getting boring as long as it remains a sysadmin game. 

-- 
David Maynor
http://www.0dayspray.com/~dave
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://www.immunitysec.com/mailman/listinfo/dailydave
Received on Dec 06 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos