They double-dog dare you
- 09 July, 1997 14:20
Until July 15, crackers the world over stand to win a $US10,000 prize from VirTech Communications of Vancouver if they can bypass its Macintosh World Wide Web server, steal an encrypted credit card number and change a text phrase on a password-protected Web page.
The challenge (at www.vanhacking.com) is designed to show that the Internet is not vulnerable to credit card number snatching, the company said, announcing the contest.
VirTech believes its server can withstand the kinds of attacks successfully directed against National Aeronautics and Space Administration and Central Intelligence Agency servers in the United States.
The credit card information on the challenge page is encrypted using Pretty Good Privacy, and only the credit card number is encrypted - not the phrase that must be changed.
To verify that a claimant has snatched the credit card number from the Web page, that number has four extra digits. The server will record the number of visitors, and the server log will help determine who makes it through - if anyone does. "To claim the prize, the successful hacker must e-mail, fax or phone VirTech and disclose, in detail, how he or she accomplished the challenge," the company states on the rules page of the challenge Web site. "Anonymity will be guaranteed, but VirTech reserves the right to publish the details of the cracker's success."
A third-party accountancy official, after verifying the page's existence, witnessed the application of the password and is checking the page periodically to verify it remains unchanged, VirTech explained.
"Any kind of tampering with the other servers will immediately disqualify the contest participant," the VirTech rules state. "In other words, tampering will only be tolerated on a 'network' level. Breaking into VirTech's office building will also disqualify the participant."