Korean firm offers $100,000 in hacking competition
Posted by aco on 16 April 2002 - 13:37 · 11 comments & 227 views
About the Author
Full name: Unknown
Forum name:
aco
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
acoContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
A Korean company is offering $100,000 (£70,000) in a 48-hour hacking competition, to be run this week.
Korea Digital Works (KDWorks) will launch the competition, which will involve gaining root access to a server, on Tuesday 16 April at 11am Korean Standard Time (2am GMT) at the Munhwa Daily Newspaper.
The competition is aimed at demonstrating the resilience of KDWorks' World OK Security (WOKS) solution, according to Justin Kim, an attorney with US-based Mike Choi International Consulting, who is helping to promote the event. "The company is a small enterprise but their product is outstanding," said Kim. "We found the company is not internationally recognised, so we decided to run the competition."
KDWorks plans to release the details of the target system two hours before the competition starts. The first person to penetrate the server -- which will be protected by WOKS -- and edit an HTML file to leave their ID and identification number on the front page, will win. A panel of three judges drawn from the press, the IT industry and academia, will arbitrate in the event of any apparent tie or confusion.
If there is no outright winner, the judges may award five prizes of $10,000 to "outstanding competitors" based on the methodology and level of hacking used.
Privacy advocates say they know of no major incidents so far of disciplinary action for IM abuse. But it may be just a matter of time.
As of last year, only about 20% of all instant messager accounts belonged to business users, according to the consulting firm Radicati Group. By 2004, the percentage is expected to increase to 50%.
Jupiter Media Metrix says instant messaging use in U.S. businesses more than doubled from 2.3 billion minutes in September 2000 to 4.9 billion minutes last September.
First marketed as toys for consumers, IM programs quickly pervaded the workplace as people installed them without asking permission, said Michael Gartenberg, research director at Jupiter Media Metrix.
"There was no planning and encryption built in," he said. "This started as an enthusiast tool for people chatting with each other one-on-one."
Even so, once in the workplace, employees found IM useful for fast communication with colleagues and clients.
The financial services industry first felt the need for advanced snooping software to monitor IM traffic because federal regulators require that all communications with clients be kept for auditing.
Though the Securities and Exchange Commission has yet to order that instant messages be kept, investment banking firm Thomas Weisel Partners decided it was better to be safe than sorry.
Last summer, the San Francisco firm blocked all IM traffic. But clients missed the convenience and, by the fall, the messager programs were back, said Pamela Housley, the firm's director of compliance.
Thomas Weisel Partners signed up for FaceTime's monitoring software, which runs on a computer on the firm's internal network, recording all IM traffic. Certain keywords can be defined to alert managers, or the traffic can simply be put into storage in case it's needed.
So far, there has been no need to inspect the data. And Housley said the company is not interested in reading every message.
"It's just easier to archive it all," she said. "I don't have the manpower to have somebody look at this all day long."
FaceTime also works with electronic archiving systems from companies like SRA International and Zantaz. It must be installed within a corporate network in order to capture all traffic that originates or is received by users of that network.
Earlier this month, White Plains, N.Y.-based Communicator signed up eight large financial institutions for its Hub IM, which tightly controls communications among customers and competitors with encryption and authentication by directing all traffic to Communicator's systems, the trusted third party.
But unlike FaceTime, all messaging occurs through a proprietary program — not a public system like AOL Instant Messenger.
The companies that make such products see lots of opportunity beyond finance.
"The technology can be applied to any market and any industry," said Gabriela Garner, marketing director for Zantaz. "In fact, we have received a lot of interest across the board in corporate America."
There's no reason not to think that instant message chats won't wind up as fodder in investigations. Stored e-mail has already played a role in probes involving the Clinton White House and Enron, to name a few examples.
Privacy advocates wonder, though, whether constant monitoring of simple chats might be taking paranoia too far.
"We know people do a certain amount of personal business at work," said Richard M. Smith, an Internet and privacy consultant. "A company has a legitimate interest in limiting that ... but if it's personal they don't have any right to listen in."
So far, the courts have yet to make any distinctions between instant messages and other forms of electronic communications, such as e-mail.
Though some argue that the technology deserves protection like telephone calls, instant messages are more likely to be treated like e-mail.
Employers typically issue guidelines and warnings against personal use of e-mail when company equipment and networks are involved.
"In the private sector, the law has been charitable to employers ... as there is a reasonable amount of notice," said Lee Tien, an Electronic Frontier Foundation attorney.
Customers of Zantaz reported a lot fewer e-mail jokes and goofing off when it began deploying its e-mail monitoring products, said Garner, the company's marketing manager.
"It changed the employee behavior. Their productivity went up," she said. "They were a little bit more careful with their communication. It will be the same with IM."