[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Michael B. Trausch fd0man at gmail.com
Thu May 19 18:59:42 EDT 2005


ChangingLINKS.com wrote:
> On Thursday May 19 2005 15:13, you wrote:
> 
>>ChangingLINKS.com wrote:
>>
>>>I am not putting myself out to be that knowledgable. I hire people that
>>>are. Moreover, you are not willing to go to the extent (that I am) to
>>>prove YOUR box is secure. If your box is secure, you will be able to
>>>substitute YOUR BOX for mine in the challenge (using the same rules I
>>>have set forth).
>>>
>>>If you cannot . . . . your box (by my extreme definition) is insecure.
>>>I try to secure my box not just from remote attacks, but from local
>>>attacks where the system admin has the root password. That is because I
>>>realize that I (as system admin) have caused more computer problems for
>>>myself than remote attackers.
>>
>>You are an extreme coward, is what you are.  You still have 24 hours and
>>48 minutes to prove that my box is insecure.  Will you succeed?  The
>>answer is no.
>>
>>I'm merely turning your own mentality back at you, script-kiddie.
> 
> 
> Whoa, dude!
> It's one thing for your arguments to be full of fantasy, but please don't 
> apply that to me. I am not a script-kiddie.  I am not a coward with regard to 
> your system or mine.
> 
> I am not a "hacker" or professional system administrator. 
> I cannot FIND your system or crack it. I shouldn't have to:
> The challenge rules eliminate the oppositions needs to bypass certain security 
> features.
> 

Can you also not read?  allspice.chadeux.net.  That's all the finding
you need.

> I will not go as far as to call you a coward, but I note that YOU are clearly 
> afraid to put your box in the challenge. 
> 
> I don't buy the argument that there will be "too much bandwidth used" 
> How many people do you really think would participate in the challenge working 
> against you - especially when you take the majority position of NOT running 
> as root? Secondly, how much bandwith do you think will be consumed by people 
> connecting to your root prompt and POSSIBLY pushing a few (if that) small 
> programs onto your box? Given the time limitation, my guess is that traffic 
> will be limited. The bandwith argument is another sliding slope argument.
> Heck, if you were that concerned about it - you would have unsubscribed from 
> this list a week ago! :)
> 

No, this is justifiable.  It's mail transfer, an outgoing connection,
but I wouldn't assume you'd know anything about that.  In fact, for one
person to adequately crack the system in it's present configuration
would be nearly impossible to do without a very targeted attack on it
from as many angles as is possible, which is why I won't open it up to a
challenge.  You aren't smart enough IMHO to attack it successfully from
any, or even know what methods to use to attack it.  Many wouldn't be.

The thing with my system is that nobody on this list, save myself, can
*GET* UID 0 access to my machine.  Period.  If you'd like to try, go for
it.  Until then, I conclude that you're a fucking moron, for lack of
more polite terms that can *possibly* describe you.

> 
> You fear using your box in the challenge. I do not.
> You resort to name-calling and fantasy to prove your point. I do not.
> You are even afraid to participate in the challenge with my box. I am not.
> 

If I feared anything, I wouldn't have given you a production machine
with my data on it.

> "Much fear I sense in you" 
> 
> -Yoda
> 

Lamer.  Calling upon silly quotes, even.

> 
> Please respect others on this list, yourself, and me. 
> Tone down the name calling and such, OK? 
> It's one thing to be weak. It is another to be a poor sport.
>

Weak, I am not.  Poor sport, I am not, either.  You're very deserving.

-- 
Michael B. Trausch                               <fd0man at gmail.com>
Website: http://fd0man.chadeux.net/     Jabber: mtrausch at jabber.com
Phone: +1-(678)-522-7934              FAX (US Only): 1-866-806-4647
===================================================================
Do you have PGP or GPG?  Key at pgp.mit.edu, Please Encrypt E-Mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list