Yeah, but what if somewhere along the way someone who "improved" the security put in a way for them to access the site and no one caught it.
Not a bad idea, but I don't think nigh unbreakable will ever be nigh unbreakable. Technology improves, as does the way to break it.
@Rylas
Kill 'em all. Let XP sort 'em out.
I don't mean just straight transplant. I mean, use the code as a base point to work off of to see what worked and why... and then from there build their own system and code.
There are usually several ways to do the same thing with code and since you'd have different people building on that super secure code privately you'd have variants with a strong base rather than variants with indeterminate strengths and bases as we do now
As a project, it would seem to have merit.
One downside is that the site might also introduce new hacking methods which would then be applied to unprotected sites with disastrous consequences.
Another is that hackers are likely to be leery of putting their skills in an acknowledged place that the government and corporations will be easily monitoring.
You'd probably have to put in some kind of escalating reward for hacking/protecting the site to create incentive for it to be hacked/protected.
Story Arcs I created:
Every Rose: (#17702) Villainous vs Legacy Chain. Forget Arachnos, join the CoT!
Cosplay Madness!: (#3643) Neutral vs Custom Foes. Heroes at a pop culture convention!
Kiss Hello Goodbye: (#156389) Heroic vs Custom Foes. Film Noir/Hardboiled detective adventure!
Quote:
A server that's been shut off is "nigh impenetrable".|
Originally Posted by Durakken
I was watching: http://www.youtube.com/watch?v=6gSwRHScq6M
And I was thinking that it would be an incredibly interesting idea to set up a website with a private server... then say.. "Hack this server, if you can. If you can, Improve the security" So any and all security is broken through and then improved. It creates a challenge of both getting in and keeping out hackers using the skills and expertise of hackers. After a while that server would likely become nigh impenatrable and then you take that security and apply it to other servers and such. |
A server that's had the power disconnected, been disassembled, had the parts melted down and buried in several cubic yards of highly irradiated concrete is "nigh impenetrable".
Anything else is just a hack waiting to happen.
There's a reason why people call them "script kiddies". Most of the basic legwork has been done and assembled into "toolkits". From there, it's just button-presses to get into and pivot from various machines, working around a web of trust till they find an exploitable vector.
On top of that, you know what the number one vector for system infiltration is nowadays? Social engineering. Stuff like phishing. Attacking systems on the layer they're most vulnerable at. The user.
The HBGary hack (the government contractor who got hacked by Anonymous? Started with a simple SQL injection attack (administrative failure for not patching). That got them a password list. From there we sprang to common passwords (again, a user-level failure). And wound up rolling over to one of the interested party's personal security site through social engineering using the person's own e-mail account.
Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.
Quote:
I don't think you actually know what nigh means.
|
Originally Posted by Hyperstrike
A server that's been shut off is "nigh impenetrable".
A server that's had the power disconnected, been disassembled, had the parts melted down and buried in several cubic yards of highly irradiated concrete is "nigh impenetrable". |
"You don't lose levels. You don't have equipment to wear out, repair, or lose, or that anyone can steal from you. About the only thing lighter than debt they could do is have an NPC walk by, point and laugh before you can go to the hospital or base." -Memphis_Bill
We will honor the past, and fight to the last, it will be a good way to die...
No, the usage is accurate. There are still ways to get at the information on such a system (most of them require physical access, however, as well as specialized equipment and probably some lab time).
My characters at Virtueverse
Faces of the City
Quote:
Sorry but I just have to vent slightly before replying to your main points. That guy knows slightly more about cybersecurity than most of the idiot journalists who stand up and prattle on about the topic, but he would have been laughed off the stage at any real security conference. Governments and private firms DO hire hackers and spend a lot of time and money recruiting them, or rather we hire the people who would have become hackers. Just this weekend I was presenting in a major university trying to explain to students that they can make a LOT of money in the security industry providing they don't have a criminal record. |
Originally Posted by Durakken
I was watching: http://www.youtube.com/watch?v=6gSwRHScq6M
And I was thinking that it would be an incredibly interesting idea to set up a website with a private server... then say.. "Hack this server, if you can. If you can, Improve the security" So any and all security is broken through and then improved. It creates a challenge of both getting in and keeping out hackers using the skills and expertise of hackers. After a while that server would likely become nigh impenatrable and then you take that security and apply it to other servers and such. |
Anyway back on topic, The idea of setting up a server and asking people to hack it has been done quite a lot, there are several problems with this though. The largest problem is moron's, basically little johny sitting at home who is convinced that he is the "uber leetest hazor evah" fails to get into the site and so tries to DOS it off the net. Even if he doesn't stop access to the site he and his troll friends end up pushing up the bandwith costs to the point that the project loses too much money to continue.
The other problem is that hacking works by knowing what the security safeguards are and working around them. So with any open source project the bad guys get to see the security as well as the good guys which gives them a helping hand.
Many companies now use honeypots for similar work, basically these are machines that are configured to look like ordinary workstations or servers and placed out for hackers to attack. The people running the honeypots have detection technology set up to monitor exactly what the attackers are doing so that they can figure out defences against these attacks.
The company I work for has several hundred thousand honeypots active at any time, and we have agreements with ISP's and hosting companies all around the world to use "spare" IP's and domains for this task. The information we gather from it is used to help protect our customers, but is also shared with other security firms, even though they are our competitors.
There are a number of groups on the net who do similar things on a not for profit basis and searching for honeynet and honeypot will bring you a large list of sites with guides on how to set up your own honeypots and discussion groups to share your results in.
http://www.hackthissite.org/
Basically what you want.
Strange choice of forum areas, by the way.
'I don't like the look of it at all,' said the King: 'however, it may kiss my hand if it likes.'
'I'd rather not,' the Cat remarked.
'Don't be impertinent,' said the King, 'and don't look at me like that!' He got behind Alice as he spoke.
'A cat may look at a king,' said Alice.
Quote:
Excuse me?????|
Originally Posted by Megajoule
No, the usage is accurate. There are still ways to get at the information on such a system (most of them require physical access, however, as well as specialized equipment and probably some lab time).
|
Quote:
| A server that's had the power disconnected, been disassembled, had the parts melted down and buried in several cubic yards of highly irradiated concrete is "nigh impenetrable". |
"You don't lose levels. You don't have equipment to wear out, repair, or lose, or that anyone can steal from you. About the only thing lighter than debt they could do is have an NPC walk by, point and laugh before you can go to the hospital or base." -Memphis_Bill
We will honor the past, and fight to the last, it will be a good way to die...
I wouldn't put anything past certain intelligence agencies. Especially if the system was milspec to begin with (then again, part of that often involves having a self-destruct), or you were half-***ed about the melting-down part.
(On the other other hand, you're getting into diminishing returns at that point. Probably best to find another system, or someone else who knows the info, and sweat it out of them instead.)
The first example is trivial, with physical access. They might not have to power the system on, or open the case up. I wouldn't know, I'm not cleared for that. 
My characters at Virtueverse
Faces of the City
I was watching: http://www.youtube.com/watch?v=6gSwRHScq6M
And I was thinking that it would be an incredibly interesting idea to set up a website with a private server... then say..
"Hack this server, if you can. If you can, Improve the security"
So any and all security is broken through and then improved. It creates a challenge of both getting in and keeping out hackers using the skills and expertise of hackers.
After a while that server would likely become nigh impenatrable and then you take that security and apply it to other servers and such.