swisskid writes:
"Christopher Schafer writes up about his experience in the Western Region's Collegiate Cyber Defense Competition's Qualifiers round. CCDC is a competition in securing and defending a business environment against an active team of Penetration testers. Read more at http://securityblog.ch/?p=62"
The competitors are at a relatively early stage of what might become a long and illustrious career. The idea behind the competition is to garner the knowledge that will be useful in protecting networks in the future. If you have any genuine suggestions as to how they might do better next time, tell us below.
This discussion has been archived.
No new comments can be posted.
WRCCDC Qualifiers - A Blue Teamer's Review
|
Log In/Create an Account
| Top
| 4 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 2) by combatserver on Saturday March 08 2014, @10:14PM
Zero Comments?
I'm not sure what to make of that--perhaps the dismissive attitude is because everyone around here has figured out that Universities and Corporations are using these competitions as a means of free testing/development, and that this is a "fuck you" kind of crowd.
I hope I can change this later...
(Score: 2) by jt on Saturday March 08 2014, @10:38PM
I was enjoying the frenzied apathy, hoping that a story would progress right through the main page from top story to falling off the bottom without a single response. Not this story in particular; any would have done.
(Score: 3, Interesting) by swisskid on Sunday March 09 2014, @12:43AM
This secret keeping bothers me ten times more than anything the government has done. If someone finds a vulnerability, or a new way to make a system secure, why are they hiding it?! Wouldn't we all benefit if systems everywhere were more secure?
Say you work for a online vendor, like Amazon. You find a new method for alerting/securing your web front end. You keep this a secret.... and your bank gets attacked and penetrated in a manner your new method would have prevented. It's not just you and what you put your fingers on that needs to be secure, it's everything around you.
That's why I wrote the article, and that's why I will continue to write about how I secure systems. If someone else reads this, and beats me with my own method + a few tricks of theirs the only thing I'd ask is for them to teach me their tricks! I would rather everyone gets better (and maybe have a bit more competition) than have "job security" because I figured out some tricks others hadn't thought of.
(Score: 4, Insightful) by jt on Sunday March 09 2014, @02:29AM
You've got a very healthy attitude when it comes to security. The reasons why corporations keep these things clear are generally not in the public interest. They hate admitting breaches because they create bad publicity and create exposure to legal action. They hate publishing their techniques because, if the techniques are good, they give away their competitive advantage and, if their techniques are bad, they give away useful knowledge to attachers.
Sharing is good for the ecosystem, but bad (or at best neutral) for the individual. Any given corporation would love to receive information from everyone else without giving away their own. Maybe more regulation would help here, by forcing organisations to publish the information for the broader community.