>... There was a message in February or March on the mailing
>list for sidewinder attackers that announced someone did meet the
>challenge and break into the second machine. They had added some code
>to telnet, but I don't remember offhand exactly what it did.
This is the weird part about having a challenge site. There are almost
as many rumors of successful attacks as there are unsuccessful attacks
(thousands, it would seem). I don't remember seeing any messages
about this attack. I follow "sneakers" pretty closely, and that's the
only mailing list I know of about challenge site attacks. If anyone
has a copy of such a message I'd love to see it.
The Challenge is to break through the firewall and extract a message
stored on the challenge site's LAN. I've never seen anyone broadcast
a copy of the message, so I doubt anyone has really managed to reach
it. We do hear third hand reports of "consultants" and sales droids
who claim to have broken Sidewinder so they can sell some snake oil.
We *did* give out a jacket once to someone who did something truly
inspired (used mknod to construct an alternative path to the disk
drive) even though the guy didn't reach the internal net. Of course,
we fixed that bug. It's written up in Dan's paper for the next CSAC.
com secure computing corporation