Feeds

DARPA balloon-hunt compo: Stand by for skulduggery

We may never be told the winners' methods

SANS - Survey on application security programs

Maybe the nice guys will actually win - but it'll be hard to tell

One can submit ten locations per valid email address. It's pretty certain that some people are right now experimenting to see how many email addresses it's possible to register given the amount of identities and email accounts they can lay hands on - but it presumably won't be enough to try out every possible combination of ten locations. One does note, however, that DARPA merely says that automated entries are "discouraged", not forbidden.

Given that the number of entries a team can practically submit is limited, it becomes worthwhile to feed false information to rival teams. Fake balloons are likely to make an appearance on the day, but DARPA has said that it will announce special authenticating details at the last minute. In any case a team would need to put up much larger numbers of fakes than anyone else to gain a substantial advantage. This would probably prove too expensive to be worthwhile.

Much more likely is infiltration of rival reporting networks to feed fake reports into their systems. A lot of this will probably take place, especially with those groups advertising publicly to gain members. The groups communicating reports by public means such as Twitter can also expect to have their locations hoovered up by rival teams. It also seems qute possible that there are unseen groups which actually control more than one of the publicly-known teams, perhaps in a bid to recruit both mercenary and unselfish reporters.

All in all, there has to be at least a chance that the prize will actually be won by some team which either piggybacks off its' rivals' efforts or actively sabotages or glovepuppets other groups, perhaps combining such methods with large numbers of registrations using many individual identities and/or automation.

A group like this would be unlikely to make its methods public, so there's a sporting chance that details of all the skulduggery will never be known; or not to us, anyway. DARPA would be quite likely to offer an extra, undisclosed sum to a winner for details of methods used, we'd submit, especially if these seemed likely to be of use to the US military.

Alternatively, the prize may actually be scooped by some naive and fluffy group like the charitables or the flying-cupcake mob - though a group of the first and darker sort might also credibly pretend to be of this type.

You have to ask just how much DARPA, or anyway the rest of us, are actually going to learn here. What is for certain is that some interesting - probably largely unseen - shenanigans seem likely to take place this weekend. ®

Top three mobile application threats

More from The Register

next story
Red-faced LOHAN team 'fesses up in blown SPEARS fuse fiasco
Standing in the corner, big pointy 'D' hats
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
LOHAN's Punch and Judy show relaunches Thursday
Weather looking good for second pop at test flights
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
Curiosity finds not-very-Australian-shaped rock on Mars
File under 'messianic pastries' and move on, people
Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
Helium seeps from Falcon 9 first stage, delays new legs for NASA robonaut
Top Secret US payload launched into space successfully
Clandestine NRO spacecraft sets off on its unknown mission
New FEMTO-MOON sighted BIRTHING from Saturn's RING
Icy 'Peggy' looks to be leaving the outer rings
Melting permafrost switches to nasty, high-gear methane release
Result? 'Way more carbon being released into the atmosphere as methane'
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.