[Cialug] HacKidCon

Paul Gray gray at cs.uni.edu
Tue Apr 27 18:28:08 CDT 2010


On 04/27/2010 06:04 PM, Josh More wrote:
> So there is a movement in the security community to do something like this: http://www.hackid.org/
>
> We've talked about trying to get a kid-friendly Linux day going sometime... well, these guys are building a model, albeit in the security space.
>
> Is there general interest in the group to do something like this?  Possibly for SFD?
>
> Personally, I think it's a neat idea, but some of you who actually have kids might want to weigh in here.  ;)

You missed a great "kid" security event that was held in Ames (ISU) last weekend 
-- IT Adventures Cyber Defense Competition (if you can call high school students 
"kids").

Students ("Blue" Teams) were charged with keeping systems and services up 
throughout the day for their users ("Green" team), while keeping out the hackers 
("Red" Team).

The scenario differs each year, but the teams were given a Ubuntu 6.06 server 
with existing web content that had about 50 backdoors, ranging from php 
passthu() and system() calls obscured in their content to planted c99.php shells 
and setuid vim binaries.

No root mysql password, webmin running externally on port 8080, no root password 
required for root ssh access, cron jobs running that wipe root's .bash_history, 
anonymous uploads to directories that would run php scripts, planted setuid 
binaries on the system that would run with NOPASSWD for www-data, etc. The web 
server that they were given to administrate was a mess - and rules prevent teams 
from wiping the OS or upgrading it to a newer distribution.

They also had to support mail, scp-based fileserver, and a pfSense firewall.

This year there were 19 teams registered in the Cyber Defense event.  I mentored 
NUHS' teams.  We spent two week's worth of lunchtime and after-school meetings 
preparing for the onslaught.  (Every team had just two weeks to lock these 
systems up tight and configure usable services.)

My point is this: If you're looking to get involved with kids and interests in 
security, there are opportunities close to home, too.

[There was a separate gaming component to the IT-Adventures gathering, 
too...similar to the gaming component of hackid.com]

-- 
Paul Gray                                         -o)
314 East Gym, Dept. of Computer Science           /\\
University of Northern Iowa                      _\_V
  Message void if penguin violated ...  Don't mess with the penguin
  No one says, "Hey, I can't read that ASCII attachment ya sent me."


More information about the Cialug mailing list