[ISN] E-mail firm baits hackers with security challenge

InfoSec News isn at c4i.org
Tue Sep 28 05:14:03 EDT 2004


By Dan Ilett 
ZDNet (UK) 
September 27, 2004

A small British e-mail company is lining itself up for a possible
challenge by inviting Internet users to break into its product.

Avecho has offered $18,056 (10,000 pounds) to anyone who can sneak a
virus past its GlassWall product, and it has even opened up the
challenge to its developers.

"Lots of people have already tried to do this," said Mark Elliott,
vice president of international marketing for Avecho. "I think this is
something we are able to do. The only condition is that people must be
willing for us to publicize their failure as well as their success."

In order to take part, contestants need to sign up for an Avecho
e-mail account and then send a virus to that address or try to receive
one from it. If the virus gets through, the contestant will win the
prize, Elliott said.

Currently, Avecho is the only party able to see the virus traffic
traveling through its network. Elliott said he would like a third
party to judge the contest, but no one has come forward to volunteer
for the job yet.

"We are struggling to find a third-party arbiter," Elliott said. "We
would like to get a media company (to judge the competition), but as
yet we don't have one."

Avecho's GlassWall product has been shrouded in mystery for some time.  
The company still refuses to detail how the product works, saying only
that it is "a software-based, siliconizable malware protection
solution." In the past, Avecho executives have said the company was
keeping the mechanics secret because it was unable to patent its

Elliott declined to comment on the company's plans or its financial
backers but said that there were "some changes in progress at the top

Many companies have crashed and burned with hacker challenges. In
2001, Argus Systems failed to pay a Polish ethical hacking group,
called the Last Stage of Delirium, prize money for cracking its Pit
Bull server.

Korean Digital Works also suffered embarrassment in 2002, when
suspicion arose over the running of its hacking competition. The
company had offered $100,000 to anyone who could break its Web server,
but instead, hackers decided to break the registration server to
control who entered the contest.

More information about the ISN mailing list