Hacking contest publicity stunt backfires
Spin paramedics called to scene of security disaster
A cunning plan by a security firm to publicise its product by challenging hackers to deface a Web site has backfired.
Argus Systems hoped to promote itself at the Infosecurity exhibition in London this week by running a $50,000 competition inviting hackers to break into a Web server protected by its intrusion protection security product, called PitBull.
The competition was supposed to run throughout the week but a team of computer hackers from a Polish group called Last Stage of Delirium (LSD) broke into the target server last weekend to claim the prize.
Argus said the LSD hack was not an exploit of its software but related to a previously unpublicised kernel level vulnerability, related to Solaris on Intel's x86 architecture.
Details of the vulnerability, which Argus said could affect other x86 operating systems, will be publicised when vendors are notified and a fix is available. Solaris on x86 isn't a commercial system for Argus, so the issue affects none of its PitBull customers.
PitBull is designed to provide operating system level security and is supposedly better at preventing the compromise of Internet-facing systems than other kinds of security technology, such as firewalls.
Spinparamedics from Argus yesterday denied that the hacking challenge was a publicity stunt that backfired causing embarrassment for them, as well as security integrator Integralis and hardware vendor Fujitsu Siemens. Argus is a private-held firm and something of a nobby nobody of networking security that seems to be looking for any publicity it can get (good or bad), but we expect better things from (normally technically excellent) Integralis and Fujitsu Siemens.
A spokeswoman for Argus ("all our technical people are back in the States") said that ultimately it had to rely on operating system vendors to make their technology secure. She then claimed that the success of LSD in hacking a system protected by PitBull vindicated Argus' approach that security must start at the operating system level.
This might be true but the hacking challenge has hardly bolstered PitBull's reputation in the market - and a demo of the product running on any kind of server was strangely absent from the Infosecurity show yesterday... ®