Hack this: PC Week Labs site begs attacks
It's not too often that an organization asks to be hacked. In a major public test of the security of Linux and Windows NT, PC Week Labs has created an open Internet site—www.hackpcweek.com—and is challenging the world to try to break into the operating systems.
The goal of this project is to reveal security holes in NT and Linux, thereby giving corporate IT organizations the ammunition to gird themselves against attacks. The odds of avoiding such attacks are against corporations that have opened up much of their IT networks to the general public. This, coupled with new open component- driven application development models, is wreaking havoc with corporate networks.
The challenge PC Week Labs poses to the public is to break into the site, mark up the home page and/or steal user information. We will track the number of attempts on each operating system, the success rate and the methods used in successful attempts. We will also create a public discussion database for comment and collaboration on hacking the site and on security issues in general.
The www.hackpcweek.com site consists of a heterogeneous multisystem network hosted by AboveNet Communications Inc. One of the servers is running Red Hat Software Inc.'s Red Hat Linux 6.0 with the latest version of the Apache Web server, and another server is running Windows NT 4.0 with Service Pack 3 and Microsoft Corp.'s Internet Information Server.
PC Week Labs has implemented commonly used security products on the site to fend off certain high-level attacks.
On each of the servers we loaded similar applications. For NT, we developed a classified-ad engine based on a Microsoft Guestbook application. For Linux, the Labs chose Smart Photo Ads, a popular classified-ad engine for the platform. Both the NT and Linux apps have stored user names, which represent proprietary data and require sites to maintain a secure status.
PC Week will award $1,000 to the first person to hack the site, which will also serve as a living testbed on which we will evaluate enterprise-class software and open tests to the public.
Contact Labs Director John Taschek at john_taschek@ zd.com.