182 Comments

• Digg
• Bury

So is this why you did it? You knew you were good at security,and were able to make it near impossible to hack (without putting more than $600 worth of effort), and you simply wanted to test how powerful a PS3 is as a server? Your company specializes in high-bandwidth, so I can see why you posted on digg.Smart move...

• Reply

• Digg
• Bury

well you obviously not only need to be a crytpanalyst to win, but you also need to have the knowledge of how to use ssh, su/sudo to root (or potentially even bust root locally) ; cd ~ ; ls ; find apache's root dir, link/copy the image in, and echo "home addr" > ~/afile.txtif you need any unix help on this project and want to split the ps3, i'll otherwise work for free. any cryptanalysts out there with no unix skills that want to take me up on that offer?

• Reply

• Digg
• Bury

I think someone will be able to crack it, but its going to take a professional hacker, and most wouldn't waste their time with this. A $600 system possibly $800 on e-bay isn't going to entice a professional hacker to waste their time with this. They have much bigger fish to fry, but who knows someone may do it for fun. What its gonna take is someone who knows one of the yet unknown-to-the-public exploits in Fedora Core 5 to get in. Brute forcing it would be difficult as well. If this guy is big on security hes using a lengthy password that would take years to brute force :-/. Good luck to anyone out there that tries this, Interesting learning about DDDH though. How did you decrypt that shuffle?

• Reply

• Digg
• Bury

Looks like rubber hose cryptanalysis is the only way to go... ;)

• Reply

• Digg
• Bury

Is there any way to retrieve the password hash for Root? If so, perhaps we could co-ordinate a hash-crack attempt over an internet cluster.

• Reply

• Digg
• Bury

The PPPC/DDDH/email protector thing is a complete red herring, guys.The pertinent info:RHFC5 PPC with an UNPATCHED OpenSSH and GSS auth turned on:(from ssh -v)debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3debug1: Authentications that can continue: publickey,gssapi-with-mic,passwordSee vuln here:<a class="user" href="http://secunia.com/advisories/22173/&quot;&gt;http://secunia.com/advisories/22173/&lt;/a&gt;So, whoever hacks an ssh client to do the right thing first, wins.I wish I had the time to sit down and do it.

• Reply

• Digg
• Bury

"I know that the picture of his daughter was taken with a panasonic camera :p"True, the Panasonic DMC-FX07, photo made at 12 Nov 2006 @ 21:59:48.But I don't know how this should help us.

• Reply

• Digg
• Bury

For anyone who does get in, here is a silly image to upload:<a class="user" href="http://img83.imageshack.us/img83/3955/kaedeps3ow1.jpg&quot;&gt;http://img83.imageshack.us/img83/3955/kaedeps3ow1.jpg&lt;/a&gt;

• Reply

• Digg
• Bury

another critical thing i noticed... the site <a class="user" href="http://www.shimpinomori.net/index.html&quot;&gt;http://www.shimpinomori.net/index.html&lt;/a&gt; is not a real web hosting company. it is just a 'fake' website created to serve some sort of purpose. a very big giveaway to this fact is that if you look in the translations for the site.being a linguist, i was searching for the other languages for clues and i noticed something: the webhosting service accepts all five currencies.what was more ASTONISHING was that the conversion rates for the currencies were totally off. for the Americans the dedicated setup fee was 1000 USD, while for the French it is 1000 Euros. dead giveway.what i am guessing is that the main page somehow has a weakness or clue inside it which is a key to solving this problem

• Reply

• Digg
• Bury

<a class="user" href="http://www.wulanshout.com/seo/busby-seo-test-seo-contest/&quot;&gt;http://www.wulanshout.com/seo/busby-seo-test-seo-c ...</a>Busby SEO Test has been released! The next Busby Web Solutions Search Engine Optimisation Challenge, start on October 1st, and Finish on January 31st

• Reply