Feeds

DARPA balloon-hunt compo: Stand by for skulduggery

We may never be told the winners' methods

SANS - Survey on application security programs

Maybe the nice guys will actually win - but it'll be hard to tell

One can submit ten locations per valid email address. It's pretty certain that some people are right now experimenting to see how many email addresses it's possible to register given the amount of identities and email accounts they can lay hands on - but it presumably won't be enough to try out every possible combination of ten locations. One does note, however, that DARPA merely says that automated entries are "discouraged", not forbidden.

Given that the number of entries a team can practically submit is limited, it becomes worthwhile to feed false information to rival teams. Fake balloons are likely to make an appearance on the day, but DARPA has said that it will announce special authenticating details at the last minute. In any case a team would need to put up much larger numbers of fakes than anyone else to gain a substantial advantage. This would probably prove too expensive to be worthwhile.

Much more likely is infiltration of rival reporting networks to feed fake reports into their systems. A lot of this will probably take place, especially with those groups advertising publicly to gain members. The groups communicating reports by public means such as Twitter can also expect to have their locations hoovered up by rival teams. It also seems qute possible that there are unseen groups which actually control more than one of the publicly-known teams, perhaps in a bid to recruit both mercenary and unselfish reporters.

All in all, there has to be at least a chance that the prize will actually be won by some team which either piggybacks off its' rivals' efforts or actively sabotages or glovepuppets other groups, perhaps combining such methods with large numbers of registrations using many individual identities and/or automation.

A group like this would be unlikely to make its methods public, so there's a sporting chance that details of all the skulduggery will never be known; or not to us, anyway. DARPA would be quite likely to offer an extra, undisclosed sum to a winner for details of methods used, we'd submit, especially if these seemed likely to be of use to the US military.

Alternatively, the prize may actually be scooped by some naive and fluffy group like the charitables or the flying-cupcake mob - though a group of the first and darker sort might also credibly pretend to be of this type.

You have to ask just how much DARPA, or anyway the rest of us, are actually going to learn here. What is for certain is that some interesting - probably largely unseen - shenanigans seem likely to take place this weekend. ®

3 Big data security analytics techniques

More from The Register

next story
Most Americans doubt Big Bang, not too sure about evolution, climate change – survey
Science no match for religion, politics, business interests
So, just how do you say 'the mutt's nuts' in French?
Vital linguistic question interrupts LOHAN spaceplane mission
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
LOHAN and the amazing technicolor spaceplane
Our Vulture 2 livery is wrapped, and it's les noix du mutt
Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS
SpaceX snaps smartly into one-second launch window
STEALTHY NANOROBOTS dress up as viruses, prepare to sneak into YOUR BODY
Cloaking techniques nicked from viruses tackle roadblocks on way to medical frontier
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.