PC Week has issued an open challenge to hackers everywhere by offering $1,000 (US$) to anyone who can penetrate the security of a special Web site that is running both Windows NT and Linux.
In what it calls a major test of the security of the two platforms — NT and Linux — PC Week Labs has created a Web site with comparable classified-ads engine applications running on each system. Members of the general public are challenged to see if they can break in, alter the “HackPCWeek” home page and lift information hidden on a Web server.
The challenge follows the lead of Microsoft (Nasdaq: MSFT), who recently invited the hacker community to try to crack a beta version of Windows 2000.
Testing the Validity of the Boast
According to PC Week, the reason for extending such an offer is obvious. “Security is extremely important in the Internet environment and both Microsoft and the Linux community, via Red Hat, boast that their operating systems are secure,” commented John Taschek, director of PC Week Labs.
Taschek also indicated that the recent attacks on the official sites of ABC, the Drudge Report and Nasdaq/Amex — all sites running either Windows NT with Microsoft’s embattled Internet Information Server (IIS) or Linux as their front-line Web servers — provided incentive for the open tests. The target site contains virtually identical systems, one running IIS on Windows NT and the other running an Apache Web server on Red Hat Linux 6.0.
A New Spectator Sport?
In an unusual move, PC Week has also invited spectators to visit the Web site. Surfers can view real-time intrusion logs, provided courtesy of NetProwler by Axent. “So that people can view how hacks are being made,” said a PC Week statement, “visitor interaction is encouraged and an online discussion database will track users feelings about whether Windows or Linux has more open standards.”
Addressing a Critical Issue
Mentioning figures from a 1999 survey conducted by the Computer Security Institute and the FBI, Taschek noted that “corporations, financial institutions and government agencies are susceptible to attack via the Internet.” According to the survey cited, computer security breaches were reportedly responsible for losses of over $100 million this year.
The PC Week Labs will compile the total number of hack attempts on each operating system (OS) and the results will be published an upcoming issue of the magazine. The contest will be over, according to PC Week, once the first attacker accomplishes any of the designated challenges. At press time, no data from the testing was available.
The PR Machine
PC Week’s open challenge was not met with universal enthusiasm. A member of the outspoken Slashdot.org open-source and Linux-related community Web site, for instance, openly posed the question, “Does this whole thing strike everyone else as (a) tired PR stunt?” The PC Week site will be available for the next month.
In another hacker-related PR move, Loki Entertainment Software is challenging hackers to improve its “Civilization: Call to Power” game for Linux. The action will take place over a 48-hour period at the October Atlanta Linux Showcase, and the winner will receive a dual-processor Linux-based workstation.