From the Burlington Free Press, a story about a local hacking competition set up as a spectator event.

Their competition, tantalizingly called a "digital combat exercise," was supposed to give onlookers a rare opportunity to watch a computer hacking job in progress, complete with play-by-play.

It didn't work out that way, though, thanks to -- what else? -- some sort of technical glitch that obstructed efforts to monitor what the competitors were doing. So for the few non-techie spectators who showed up, the business of hacking was still as opaque and mysterious at the end of the 1 1/2-hour exercise as it was in the beginning.

A technical glitch? They always happen at the worst possible time, don't they? Read on.

The commentary was to come from Peter Stephenson, a member of the program's faculty, who sat at his own terminal and displayed on a big screen something he called a "sniffer trace," a multi-colored table with columns of numbers and letters -- the first in what was to be a series of tableaus that held the promise of monitoring all the traffic on the network next door.

The minutes passed, and not much happened. The sniffer trace stayed the same, and from time to time, when Stephenson tried to check on what individual teams were up to, the screen went blank. Could it be that the hackers weren't getting anywhere?

Someone decided to check on them in the old-fashioned way -- paying a visit in person. The report came back that they were, in fact, getting somewhere -- finding holes and vulnerabilities of various kinds.

You'd think that somebody on the faculty, or one of the grad students, or even somebody in the audience would have realized the problem. The story implies that they never did figure out what those pesky hackers were up to.

About Chris Eng

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Comments (2)

sdfsdf | June 18, 2008 2:22 am

It would be nice if you guys would publish a feed for your blog. I'm not the only one who has a hard time reading your blog b/c you don't publish a feed.

CEng | June 18, 2008 10:09 am

There is a feed. Assuming you are using Firefox, just click on the RSS icon at the far right of the address bar. I also just added an RSS icon to the blog template; you can't miss it, right up there in the masthead.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.