Attention! Competition!
Gazinformservice LLC announces a competition “Search for vulnerabilities in a technical solution for secure remote access” in order to attract the attention of the IT community and consumers to information security issues, to find new professional solutions.
The winner will receive a prize of 100,000 rubles .
You can search for vulnerabilities from October 31 to November 12, 2012 (inclusive), the winner will be announced at the ZeroNights conference.
Update : Friends, please pay attention to the fact that Digital Security is not related to the development of the competition.
')
At the time of the competition, an automated system for ordering passes based on the Blokhost-ASZP product ( product description ) was published at aszp.0n.gaz-is.ru . A user with the right to create ticket requests is registered in the system. Username and password of this user are not disclosed. You need to search for any vulnerabilities, the operation of which will allow you to perform actions on your behalf in the system (for example, create ticket requests), or violate the confidentiality, integrity and availability of data stored in the system (names of access objects, user data, directories, etc.). ).
Please send a description of the vulnerabilities to zeronights@gaz-is.ru. It is advisable to specify a step-by-step description of actions for reproducing vulnerabilities and attach screenshots. It is forbidden to exploit vulnerabilities leading to system malfunction. By sending a letter with a description of vulnerabilities, you automatically become a participant in the competition.
The commission of Gazinformservice LLC will analyze all submitted vulnerabilities. On November 20, 2012, a winner will be announced at the ZeroNights information security conference. The Commission will take into account both the degree of criticality of the found vulnerabilities and the time it took to find them.
Any participant in the competition has the right to disclose the details of the discovered vulnerability only after 4 months from the moment of summing up the results of the competition.
The details of participation in the competition are set out in the Regulations .
Update :
Friends, please pay attention to the fact that Digital Security is not related to the development of the competition, and even more so should not I personally be so fiercely negative. The competition is held by Gazinformservice, which officially supports the ZeroNights conference.
We sent your comments to the contest organizers and received the following response:
The conditions of the competition have been amended, namely:
1. To participate in the competition, you must send a request to the e-mail zeronights@gaz-is.ru. The response letter will send the user credentials for access to the system with the right to create applications for passes (the rights to vising / processing applications, viewing reports, etc. will be absent). Each member will have their own login / password.
2. We draw participants' attention to the fact that the application is optimized for use in MS Internet Explorer.
PS We learned that letters did not reach the address zeronights@gaz-is.ru. We apologize. Now everything works.
PPS From the start date of the contest, we recorded more than 2 million calls to the system. Thanks to all participants for their interest!
The winner will receive a prize of 100,000 rubles .
You can search for vulnerabilities from October 31 to November 12, 2012 (inclusive), the winner will be announced at the ZeroNights conference.
Update : Friends, please pay attention to the fact that Digital Security is not related to the development of the competition.
')
At the time of the competition, an automated system for ordering passes based on the Blokhost-ASZP product ( product description ) was published at aszp.0n.gaz-is.ru . A user with the right to create ticket requests is registered in the system. Username and password of this user are not disclosed. You need to search for any vulnerabilities, the operation of which will allow you to perform actions on your behalf in the system (for example, create ticket requests), or violate the confidentiality, integrity and availability of data stored in the system (names of access objects, user data, directories, etc.). ).
Please send a description of the vulnerabilities to zeronights@gaz-is.ru. It is advisable to specify a step-by-step description of actions for reproducing vulnerabilities and attach screenshots. It is forbidden to exploit vulnerabilities leading to system malfunction. By sending a letter with a description of vulnerabilities, you automatically become a participant in the competition.
The commission of Gazinformservice LLC will analyze all submitted vulnerabilities. On November 20, 2012, a winner will be announced at the ZeroNights information security conference. The Commission will take into account both the degree of criticality of the found vulnerabilities and the time it took to find them.
Any participant in the competition has the right to disclose the details of the discovered vulnerability only after 4 months from the moment of summing up the results of the competition.
The details of participation in the competition are set out in the Regulations .
Update :
Friends, please pay attention to the fact that Digital Security is not related to the development of the competition, and even more so should not I personally be so fiercely negative. The competition is held by Gazinformservice, which officially supports the ZeroNights conference.
We sent your comments to the contest organizers and received the following response:
The conditions of the competition have been amended, namely:
1. To participate in the competition, you must send a request to the e-mail zeronights@gaz-is.ru. The response letter will send the user credentials for access to the system with the right to create applications for passes (the rights to vising / processing applications, viewing reports, etc. will be absent). Each member will have their own login / password.
2. We draw participants' attention to the fact that the application is optimized for use in MS Internet Explorer.
PS We learned that letters did not reach the address zeronights@gaz-is.ru. We apologize. Now everything works.
PPS From the start date of the contest, we recorded more than 2 million calls to the system. Thanks to all participants for their interest!
Source: https://habr.com/ru/post/157037/
All Articles