Posted 11 years ago
·
Author
If you could get 15,000 USD Legally by Hacking, would you?
10k GBP is over 15k USD.
A British company which has devised an encryption system for messaging is trying to get the UK government's GCHQ to give its first-ever approval to an off-the-shelf smartphone app.
And in a bid to demonstrate its security, it is offering a £10,000 reward to any hackers that can crack it.
Called Redact, the company is also offering its £3.99 Secure Messenger app for the iPhone for free to all MPs and has also submitted it to CESG, the UK government's National Technical Authority for Information Assurance, which tests the security and quality of computers and smartphones. So far CESG has only certified smartphones running BlackBerry's BB7 operating software as meeting the security requirements for restricted data inside government, based on the difficulty of decrypting or capturing content stored or sent from the phone.
No off-the-shelf app has ever won CESG approval before, but the company is confident that it is more secure than other systems which have already been given clearance for use by the organisation.
A key failing of systems such as Apple's iMessage is that despite being encrypted they pass through a company server which could be h4c|<7d, says Adam Gibson, a spokesman for the company. "Unlike comparable services like BBM or Snapchat, there's no traffic through a server. It's all done peer-to-peer - we like to think it's an app that could have kept Chris Huhne and Vicky Pryce out of jail." Huhne and Pryce were convicted of perverting the course of justice after emails and texts they had sent when they were discussing Pryce accepting driving points earned when Huhne was driving were leaked to newspapers.
The Redact Secure Messenger app connects to a server which connects two handsets together over a data connection, and then drops out - leaving the handsets able to converse using triple-encrypted messages.
One extra element to the app's messaging not found in standard systems is that messages can be deleted from the receiver's handset as well as the sender's, even after being sent.
The app doesn't ask for usernames; instead, users are automatically assigned a PIN, which is not stored by the company. "There is no recovery tool for hackers to exploit," Redact says. "Only you can change your alias, so you can be certain [that] contacts aren't using your real name anywhere in the application."
Going directly between phones eliminates "side channel attacks", where all sorts of related data is monitored to gain clues about the cryptographic systems and keys used to encode and decode data.
The hacking challenge, at http://adf.ly/O7Nmb, challenges all comers to try to crack a message being passed back and forth between two phones at a specified location. "We're pretty confident it can't be done, but obviously, we anticipate tons of people trying," said Gibson. "We figure the longer it stays uncracked, the more secure we are, and I'm sure most people's expectation is we'd get cracked in the first afternoon."
------------------------------------------------------------------------------------------------------------------------
Sure enough you have to travel to London UK, but if you had the time, and if you were certain you could do it, it'd be a well taken Risk to secure yourself a hefty piece of pocket change, and if you crack it, maybe you can get offer them your services on a substantial fee basis.
And if this isn't the right location, feel free to move it to another part of the Forums.
Just some parts of their terms and conditions for signing up seem like utter bull.
1. "We are not responsible if you break the law using techniques used in this challenge."
Is this saying if you h4c|< it for them you'll be arrested afterwards for hacking? lol
2. "Selected Participants are not permitted to exploit such security holes in a destructive manner (being defined as inhibiting others from using the app or website in it's entirety, the theft of personal information, launching attacks on other servers from the Redact website, etc)."
To me, that's kinda silly.
3. "Selected Participants are not permitted to flood the server or use brute force to disrupt regular service for other Redact app users."
4. "In the event of circumstances independent of Redact’s will, and resulting in the impossibility of organising the challenge day, the “Redact Challenge” 2013 shall be cancelled without any indemnification whatsoever."
Anyway, I figured I would show you all this that's going on from the UK, Cause I'm sure some of you out there know some tricks to do with hacking.
10k GBP is over 15k USD.
A British company which has devised an encryption system for messaging is trying to get the UK government's GCHQ to give its first-ever approval to an off-the-shelf smartphone app.
And in a bid to demonstrate its security, it is offering a £10,000 reward to any hackers that can crack it.
Called Redact, the company is also offering its £3.99 Secure Messenger app for the iPhone for free to all MPs and has also submitted it to CESG, the UK government's National Technical Authority for Information Assurance, which tests the security and quality of computers and smartphones. So far CESG has only certified smartphones running BlackBerry's BB7 operating software as meeting the security requirements for restricted data inside government, based on the difficulty of decrypting or capturing content stored or sent from the phone.
No off-the-shelf app has ever won CESG approval before, but the company is confident that it is more secure than other systems which have already been given clearance for use by the organisation.
A key failing of systems such as Apple's iMessage is that despite being encrypted they pass through a company server which could be h4c|<7d, says Adam Gibson, a spokesman for the company. "Unlike comparable services like BBM or Snapchat, there's no traffic through a server. It's all done peer-to-peer - we like to think it's an app that could have kept Chris Huhne and Vicky Pryce out of jail." Huhne and Pryce were convicted of perverting the course of justice after emails and texts they had sent when they were discussing Pryce accepting driving points earned when Huhne was driving were leaked to newspapers.
The Redact Secure Messenger app connects to a server which connects two handsets together over a data connection, and then drops out - leaving the handsets able to converse using triple-encrypted messages.
One extra element to the app's messaging not found in standard systems is that messages can be deleted from the receiver's handset as well as the sender's, even after being sent.
The app doesn't ask for usernames; instead, users are automatically assigned a PIN, which is not stored by the company. "There is no recovery tool for hackers to exploit," Redact says. "Only you can change your alias, so you can be certain [that] contacts aren't using your real name anywhere in the application."
Going directly between phones eliminates "side channel attacks", where all sorts of related data is monitored to gain clues about the cryptographic systems and keys used to encode and decode data.
The hacking challenge, at http://adf.ly/O7Nmb, challenges all comers to try to crack a message being passed back and forth between two phones at a specified location. "We're pretty confident it can't be done, but obviously, we anticipate tons of people trying," said Gibson. "We figure the longer it stays uncracked, the more secure we are, and I'm sure most people's expectation is we'd get cracked in the first afternoon."
------------------------------------------------------------------------------------------------------------------------
Sure enough you have to travel to London UK, but if you had the time, and if you were certain you could do it, it'd be a well taken Risk to secure yourself a hefty piece of pocket change, and if you crack it, maybe you can get offer them your services on a substantial fee basis.
And if this isn't the right location, feel free to move it to another part of the Forums.
Just some parts of their terms and conditions for signing up seem like utter bull.
1. "We are not responsible if you break the law using techniques used in this challenge."
Is this saying if you h4c|< it for them you'll be arrested afterwards for hacking? lol
2. "Selected Participants are not permitted to exploit such security holes in a destructive manner (being defined as inhibiting others from using the app or website in it's entirety, the theft of personal information, launching attacks on other servers from the Redact website, etc)."
To me, that's kinda silly.
3. "Selected Participants are not permitted to flood the server or use brute force to disrupt regular service for other Redact app users."
4. "In the event of circumstances independent of Redact’s will, and resulting in the impossibility of organising the challenge day, the “Redact Challenge” 2013 shall be cancelled without any indemnification whatsoever."
Anyway, I figured I would show you all this that's going on from the UK, Cause I'm sure some of you out there know some tricks to do with hacking.