Alan Hannan <alan @
mid .
net> writes:
> ... I know of at least two
>"Sidewinder Challenges" and I know at least one of these challenges resulted
>in their firewall being cracked.
No it hasn't.
Of all the things that have happened with the Sidewinder Challenge,
this is the most unexpected. There are almost as many rumors of
Sidewinder being cracked as there are failed attempts at it. At least
one claim was posted to a newsgroup via an anonymous remailer. Pretty
authoritative, wouldn't you say?
I guess it's like bomber pilots returning from a mission -- their
adrenaline is up, they see lots of smoke and flames surround the
bridge, and they go into denial when the photos show up the next
day of the bridge still standing. "So what if I can't produce
the evidence? I'm still claiming success."
There was a fellow last fall who described how disoriented he got
after getting his userid on Sidewinder to say "root." The system
didn't give him everything he expected after that, and he didn't
get any further in his penetration, so he assumed the system had
already been compromised and looted. So he gave up. In fact, he
didn't even come close to touching the internal network being
protected. Nobody has.
This led to a peculiar argument in which some people insisted that
cracking a system simply consists of acquiring a userid of "root"
regardless of how useful or useless that userid might be. This
confuses information protection with games involving specific (and in
this case irrelevant) protection mechanisms. I have a safe at home,
and I admit I'd prefer that its camouflage paint job hold up against
attacks by a crowbar, but I care more about the safety of the safe's
contents than about the safe's appearance.
The purpose of Sidewinder is to protect internal networks. On
occasion a penetrator might achieve some minor milestone like a
userid of "root". But the bottom line is that penetrators must
get no further. And they don't.
> Perhaps I'm wrong, but I just don't trust their package. I would be
>interested in hearing other people's final opinions
Never pass "final" judgement on the protections provided by _any_
security package or service, even ours. Threats escalate and the
security services need to grow with them. My safe has a sticker
claiming it won the Grand Prize at the 1904 Pan American
Exposition. A "final opinion" no doubt. My kids can't open it.
Modern safecrackers are another story.
Someday, someone will claim a Sidewinder bomber jacket. Nobody
has yet. But when they do, we'll plug the hole and keep watch
for the next one. It's a race and it never ends.
Rick.
smith @
sctc .
com roseville, minnesota
|
|
