OpenHack 4: No News Is Good News

 
 
By Jim Rapoza  |  Posted 2002-11-04
 
 
 

OpenHack 4 suffered its first crack only a few hours after it opened for business Oct. 22, but the applications at the heart of eWeek Labs interactive online security test stood strong throughout the following week, withstanding more than 300,000 visitors and 10,000 attempted cracks.

The most common alerts sounded by the intrusion detection system monitoring the OpenHack site (www.openhack.com) were attempts to gain access to system files and to leverage older problems in Microsoft Corp.s Internet Information Services.

These are the types of attacks one expects from script kiddies. Underneath all this noise, however, were many more-sophisticated attempts to penetrate the Microsoft- and Oracle Corp.-written applications hosted at the site. Some attempts were similar to the methods used by Jeremy Poteet, chief technology officer of Technology Partners Inc., who found a cross-site scripting hole in the Oracle-written application the day the test started.

For more information on this vulnerability and OpenHack updates, go to www.eweek.com/openhack.

Rocket Fuel