Feeds

Hacking contest publicity stunt backfires

Spin paramedics called to scene of security disaster

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

A cunning plan by a security firm to publicise its product by challenging hackers to deface a Web site has backfired.

Argus Systems hoped to promote itself at the Infosecurity exhibition in London this week by running a $50,000 competition inviting hackers to break into a Web server protected by its intrusion protection security product, called PitBull.

The competition was supposed to run throughout the week but a team of computer hackers from a Polish group called Last Stage of Delirium (LSD) broke into the target server last weekend to claim the prize.

Argus said the LSD hack was not an exploit of its software but related to a previously unpublicised kernel level vulnerability, related to Solaris on Intel's x86 architecture.

Details of the vulnerability, which Argus said could affect other x86 operating systems, will be publicised when vendors are notified and a fix is available. Solaris on x86 isn't a commercial system for Argus, so the issue affects none of its PitBull customers.

PitBull is designed to provide operating system level security and is supposedly better at preventing the compromise of Internet-facing systems than other kinds of security technology, such as firewalls.

Spinparamedics from Argus yesterday denied that the hacking challenge was a publicity stunt that backfired causing embarrassment for them, as well as security integrator Integralis and hardware vendor Fujitsu Siemens. Argus is a private-held firm and something of a nobby nobody of networking security that seems to be looking for any publicity it can get (good or bad), but we expect better things from (normally technically excellent) Integralis and Fujitsu Siemens.

A spokeswoman for Argus ("all our technical people are back in the States") said that ultimately it had to rely on operating system vendors to make their technology secure. She then claimed that the success of LSD in hacking a system protected by PitBull vindicated Argus' approach that security must start at the operating system level.

This might be true but the hacking challenge has hardly bolstered PitBull's reputation in the market - and a demo of the product running on any kind of server was strangely absent from the Infosecurity show yesterday... ®

External links

Argus' spin on hacking contest

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.