eLearnSecurity Blog

Hack.me: Crazy stuff happening on my server

How do you call a server that is up just to receive your code, and run it?

And by “code”, I mean your nasty code.

Windows? Nah.

We called it Hack.me and we are really excited to have it launched in closed Beta to a bunch of passionate developers, who are already pouring lines and lines of vulnerable applications in it.

Allowing anybody to run code on YOUR server is as crazy as allowing a perfect (hopefully not beautiful) stranger go out with your girlfriend.
We did it but we also took some countermeasures (oh yes you can think of it as a chastity belt).

So how do we plan to make things work?

  • Coliseum Sandbox
  • Developers moderation and trust model
  • Common sense and mercy for a free for all project

Coliseum will run your code in a sandbox. The stranger will surely be gone wild but within certain boundaries at filesystem, web server and database! (Let’s stop the allegory here ok?)

For example, code will not be allowed to interact with other servers in a malicious way so certain dangerous operations will be restricted. (Keep your hands off !)

This has been a huge design work: a trade off between usability and security has kept our engineering team thinking and tweaking for months.

Developers, if not yet trusted, will be moderated. That is we will review the code submitted by developers to make sure it will not harm our users computer and their religious views. Help from the community will be critical to keep the environment clean and safe for everybody so we plan to implement a trust model where developers are trusted by us AND the community over time so that they can upload their code without waiting for approval.

Common sense is our last resort. We have had a great response from the community so far and we are sure that vandals will be immediately identified and kept out of reach
through community based abuse reports implemented by “annoyance score”.

Hack.me wants to be a place where security people can share vulnerable code for educational purposes.
Community help will be critical not only for content creation but also to keep vandals away and good people connected!

Hack.me will be released on October 9th through a live webinar on Ethicalhacker.net – Register here

Stay connected with us via Twitter – Follow @hackmeproject

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page