
Hacking Challenge: Change this website's homepage picture and win $10K... - sahillavingia
http://www.blackbergsecurity.us/
======
Pahalial
Wow. I was prepared to denounce this as a fake, mouthpiece for LulzSec made to
look like a hacking challenge (for the lulz), etc. A facebook page like
this[1] is so laughably over the top.. But perhaps not:

<http://www.youtube.com/watch?v=5ywUK2Jat5k>

Now I just feel a bit sorry for him. A very fast lesson to not consider
yourself "trained by the best in the world" or go around putting up $10k
prizes like this without actually having a few crises under your belt.

[1] <https://www.facebook.com/blackandberg>

~~~
alnayyir
He has a bachelors in "Information Security" from ITT Tech.

For those who aren't familiar, ITT Tech is, at least in the midwest, where the
stoners go after getting their GED (remedial high school diploma for people
who couldn't hack it in...secondary...) because they realized minimum wage
jobs don't go very far once you're paying your own rent.

The raw hubris of this video and his reasons for it are...overwhelming.

I'm left feeling assured about my future job prospects, and unhappy at the
state of things.

~~~
dgabriel
I don't know that the ITT Tech thing is enough to condemn him. Sure, it's a
crappy school, but great people can rise from humble places. One of the
absolute very best programmers I know has something like two ITT Tech courses
under his belt, and is entirely self-educated beyond that.

This guy doesn't need any credentials to prove he's a fool.

~~~
alnayyir
>entirely self-educated beyond that

This is why he's brilliant.

I myself am a college dropout.

I don't believe in credentialism, but someone foolish enough to think ITT Tech
make them useful or proficient has another thing coming.

It demonstrates a lack of judgment more than anything.

The rest of his...material speaks for itself.

------
syko
I would just like to note that the have an error on that page. <b>Warning</b>:
INSERT command denied to user
&#039;dbo325141527&#039;@&#039;74.208.180.97&#039; for table
&#039;bs_watchdog&#039; query: INSERT INTO bs_watchdog (uid, type, message,
variables, severity, link, location, referer, hostname, timestamp) VALUES (0,
&#039;php&#039;, &#039;%message in %file on line %line.&#039;,
&#039;a:4:{s:6:\&quot;%error\&quot;;s:12:\&quot;user
warning\&quot;;s:8:\&quot;%message\&quot;;s:655:\&quot;INSERT command denied
to user &amp;#039;dbo325141527&amp;#039;@&amp;#039;74.208.180.97&amp;#039; for
table &amp;#039;bs_accesslog&amp;#039;\nquery: INSERT INTO bs_accesslog
(title, path, url, hostname, uid, sid, timer, timestamp)
values(&amp;#039;Cybersecurity For The 21st Century, Hacking Challenge: Change
this website&amp;amp;#039;s homepage picture and win $10K and a position
working with Senior Cybersecurity Advisor, Joe Black. DONE, THAT WAS EASY.
KEEP YOUR MONEY WE DO IT FOR THE LULZ&amp;#039;, &amp;#039;node/1&amp;#039;,
&amp;#039;<http://www.google.com/reader/view/?at=A_uCkSZxuRDNUf> in
<b>/homepages/6/d325020610/htdocs/includes/database.mysql.inc</b> on line
<b>128</b><br />

------
thegyppo
That's what happens when you run a security website on Drupal......

~~~
zzzzzzzzz
What's wrong with Drupal?

~~~
thegyppo
Nothing per se, but if he's not automatically upgrading then there's a
potential easy vulnerability from previous versions to exploit.

See: <http://www.drupalexploit.com/>

------
Eyalush
Posted 4 min ago but its already hacked. I guess that should have been
expected when you challenge hackers like that.

~~~
mattwdelong
Also possible that the traffic generated resulted in the server crashing. I
guess, time will tell.

~~~
MediaBehavior
One thing that time is telling: 24 hours later and this security firm has not
yet removed the defaced image. :/

------
vizzah
i guess it makes sense to run 'competitions' like this. if a 0-day exploit is
used, the method can be studied to a great benefit.. even be re-sold later to
recoup the costs:)

------
sane_delirium
Did they intentionally make it easy because they have a different agenda, or
are those hackers really that good?

~~~
po
There's a third option: they didn't intend to make it easy, but it was.

------
chrislomax
Anyone think this might be his way of calling the hackers out and try and get
some logged information about them?

I probably am way off mark here but do you think there is a chance he was
running some monitoring software on the server tracking their every move.

As someone stated, would you really stake $10k when you are running
proprietary software that the world has open source access to??

------
phatbyte
Already hacked ? :O really ? This is what happens when you put your money
where your mouth is :P

------
pharno
that could have ended up much worse... everyone learns to not play with the
fire. But obviously the managers of security agencys not...

