Just don't 'demonstrate' on any US severs
... You'll be extradited before you can say 'I was only looking for UFOs'
The UK government has launched plans to find the best young hackers through a talent competition. Would-be cyberdefenders will be rated on their abilities to thwart attacks and hack into websites. Winners will be offered courses by the respected SANS Institute and assigned mentors. University course and work placements also …
Surely this is going to attract the wrong people. Most people who would apply to this will be script kiddies and people with low to average skill, anyone with actual talent would avoid this kind of game show crap like the plague. The biggest skill in hacking is not getting caught so whats the point of asking all the hackers to step forward?
"a "complex system of water divining, Pagan ritual and astronomy to find the best hackers". "
Atronomy? Though it was a contemporary of the other two (and still is, I might add), ASTROLOGY would be more appropriate to find a hacker out of today's script kiddies.
<sigh> Script Kiddies are the sad result of everyone wanting everything handed to them nowadays.
why do i suspect this will just be a contest of "who can take over the most test websites running crappy forum software using pre-made exploits"? that's the only way they'll get a decent number of people make it past the first stage...
if they want people to help keep the countries important assets secure, they should come up with a set of typical online applications then give each contestant a server - whoever has all of those services online and secure the longest wins (obviously disallowing brute force DDoS attacks floowing the connection, which is just a factor of how much money you have to throw at bandwidth) - tests your ability to keep your service online, and as for the attacks they will come from other contestants wanting to take you down first :)
i'd just delete all the crap code from indian outsourcing companies that they provide and re-write the services following standard security practices, win by default :) it's not hard to secure servers...
Hmm, so how many people are going to put their names forward and then find themselves being investigated and arrested for hacking?
Chairman Mao's "Hundred Flowers" campaign comes to mind where dissidents were encouraged to speak out against the Chinese Communist Regime and were then rounded up and sent to "re-education camps"...
David,
The reason the previous poster said you'd disallow brute force DDoS (Distributed Denial of Service) attacks is because it prevents external access by flooding the connection to the server with traffic so genuine access requests can't get to it. It doesn't actually do anything to the server like guess the passwords etc.
Peter
Nope, first step to security is knowing who should have access. Then you define what type of access the various authorised users should have. Then you figure out what possible routes unauthorised persons could use to access the system and secure those routes. This will include a password- so it's probably nearer step 5 when you start thinking about how to circumvent the precautions you've put in place and how to stop people doing just that.
@ David 39
Brute force DDoS has nothing to do with brute force password hacking - I think AC means brute force as in huge amounts of data vs. DDoS with more clever constructed packets.
If this was the real means of competition then no methods of takedown should be disallowed apart from those which are illegal e.g. using compromised machines which you don't own - this would effectively mean DDoS = <25 machines.
Most DoS attack types use exploits on the server/hardware in the same way as conventional hacks and a simple bandwidth flood from a limited number of IP addresses can be protected against.
These young hackers might be at the top of their game when they're discovered (though the truly good ones will probably stay off the radar), they won't remain top notch hackers much past the time they discover girls (or boys).
Though I can't help feeling that this programme will select people the same way The Apprentice selects barrow-boys (and girls) and called them executives.
Without stating the bloody obvious, this clever idea assumes that no person of Afghan, Pakistan, Lebanon, Rumania, China, etc, need apply.
Which leaves not a lot of wh*te *nglish m*les to choose from, as most of the computing students at uni, as far as I can remember, were not in this category.
Sorry folks, but this sounds like another recipe for disaster dreamt up by some connected wanker who should be disconnected before he hurts someone.
DDoS is a perfectly acceptable way of keeping out the competition.
Less obvious may be redirecting would-be competitors to a copy of the site and being the only contestant on the real site.
If the winners aren't arrested they'd be prime targets for offshore organisations interested in cyber infiltration.
Right at the death, as the assembled skiddies wait with bated breath for the host to announce the winner, the screen will go dark.
All digitally stored footage of the competition will mysteriously disappear to be replaced with porn, mostly involving animals. All the contestants, the presenter, the producer, the director and anyone else involved in the series will find that they have no money, are several months behind on their mortgage/loan payments and have enough outstanding warrants against them to keep them busy answering difficult questions for a while. All will also be on everyone's "no fly" list, with a special appearance by the producer on the "top ten most wanted" lists of the FBI, SOCA and Interpol as a suspected arse-bomber and peadophile to ensure that any post-arrest cavity searches are conducted remotely using a bomb-disposal robot run by a deliberately careless operator.
No matter how hard he tries, Bruce Willis will not be able to find out who did it.