SoylentNews is people
SoylentNews
“Our mission is to change what’s possible so we can take huge strides forward in our national security capabilities,” said Arati Prabhakar at the post-contest press conference. “We did it today and it was a very satisfying experience.”
Each team was equipped with a server containing 128 Intel Xeon processors running at 2.5 GhZ and boasting over a thousand processing cores, 16TB of RAM and a liquid cooling system that required 250 gallons of water per minute to cool the big iron. They were let loose on a custom-designed operating system and instructed to find flaws, patch them automatically, and provide proof of concepts for flaws in each other's systems.
At the same time seven other similar system were used by the judges to monitor the progress of the event as the systems ran 96 rounds lasting 270 seconds, with 30 second breaks in between rounds. At stake was US$3.75m in government greenbacks.
The competition, which has taken three years and $55m to set up, is designed to automate the whole process of bug hunting.
Mike Walker, the DARPA program manager overseeing the Cyber Grand Challenge, said that this was the first stage in a possibly decade-long process to automate security monitoring and make networks more resilient.
“We have redefined what is possible and we did it in the course of hours with autonomous systems that we challenged the world to build,” he said. “I want people to understand how difficult it is to build prototype revolutionary technology and field it in front of the eyes of the world. I have enormous respect for those folks.”
A DARPA representative told The Reg that at this stage the winning team, with 270,042 points, was the ForAllSecure team, founded by the Carnegie Mellon University professor of electrical and computer engineering David Brumley. Results aren't final, but if confirmed his team will scoop the $2m top prize.
(Score: -1, Troll) by Anonymous Coward on Saturday August 06 2016, @04:59AM
Bon soir Elliot.
Security researchers are script kiddies all grown up and collecting a paycheck.
Bad news dude. No more paycheck. Move back in your mother.
I have enormous respect for those folks.
OH YES!
Don't stop
Sucking that cock
Hold on to that funding
(Score: -1, Troll) by Anonymous Coward on Saturday August 06 2016, @05:42AM
You'll receive the federal funding
You can add another wing
You'll receive the federal funding
You can add another wing
Take your colleagues out to dinner
Pay your brother to come and sing
Take your colleagues out to dinner
Pay your brother to come and sing
Sing, sing, sing
You'll receive the federal funding
You can have a hefty grant
You'll receive the federal funding
You can have a hefty grant
Strategize this presentation
Make them see that you're the man
Strategize this presentation
Make them see that you're the man
Man, man, man
Man, man, man, man, man
You'll receive the federal funding
You can pass the simple test
You'll receive the federal funding
You can pass the simple test
You can access information
Make them see that you're the best
You can access information
Make them see that you're the best
Best, best, best
Man, man, man, man
Man, man, man, man
Man, man, man, man
(Score: -1, Offtopic) by Anonymous Coward on Saturday August 06 2016, @09:07AM
For the musically uninclined, what tune goes with it?
(Score: 0) by Anonymous Coward on Saturday August 06 2016, @03:04PM
https://www.youtube.com/watch?v=phHe6aNcocQ [youtube.com]
(Score: 2) by Scruffy Beard 2 on Saturday August 06 2016, @07:30AM
If bug-finding is automated, there will be no excuse for bugs^wback doors in production code.
(Score: 2, Interesting) by Anonymous Coward on Saturday August 06 2016, @08:24AM
Backdoors will be ignored by automated bug-finding, rockstar coders will learn to code all their bugs to pass inspection, and nothing will fucking change.
(Score: 3, Insightful) by maxwell demon on Saturday August 06 2016, @10:49AM
Security problem detected: NSA backdoor missing.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Hyperturtle on Saturday August 06 2016, @05:10PM
I dunno, it sounds to me the perfect hardware to find, exploit, and prevent appropriate closure of holes by providing a trojan horse in the guise of patching, automatically, has been developed for use by the government.
We will still need security researchers in the private sector, because this tool doesn't seem as if it is intended to help them.
Security-in-depth may become a thing again (remember that buzzword? It just meant no one could do any of it properly and the results were insecure across a number of weak links because of that)... just to keep the spooks, crooks, and marketing robots busy...
(Score: 2) by Hairyfeet on Saturday August 06 2016, @07:54PM
More likely they'll only report a few hard to exploit bugs publicly (to insure funding) while giving all the easy to exploit bugs to the NSA and Homeland for use against US citizens.
Remember the days when it was the Russians and Chinese you had to worry about trying to get into your data? Those were the days...
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 0) by Anonymous Coward on Saturday August 06 2016, @06:21PM
One find oneself reminded of how in either Neuromancer or Count Zero there was a mention of how AIs were writing all the attack and defense code (usually on behalf of nations), because human programmers could not keep up.
(Score: 2) by Hyperturtle on Saturday August 06 2016, @09:29PM
I guess the singularity is when we all can become a Dixie Flatline and and get encoded onto some ROM that no one loads unless your special skill is required?
I imagine that would lead to a future where a lot of people simply get deleted (if perhaps not in the same way he approaches life after death).
(Score: 0) by Anonymous Coward on Saturday August 06 2016, @07:56PM
This will help the NSA find entry points into our computers which they most definitely will not share.
Sure as hell is not going to make us all safer.
(Score: 2) by gidds on Monday August 08 2016, @01:45PM
Presumably, this is some very limited form of 'bug' that excludes problems caused by conflicting requirements, underspecified or vague requirements, failures to recreate existing bugs, running on inappropriate hardware, third-party failures blamed on you...?
If so, then most of our jobs are safe for a good while yet.
[sig redacted]