Wow. I was prepared to denounce this as a fake, mouthpiece for LulzSec made to look like a hacking challenge (for the lulz), etc. A facebook page like this[1] is so laughably over the top.. But perhaps not:

http://www.youtube.com/watch?v=5ywUK2Jat5k

Now I just feel a bit sorry for him. A very fast lesson to not consider yourself "trained by the best in the world" or go around putting up $10k prizes like this without actually having a few crises under your belt.

[1] https://www.facebook.com/blackandberg

He has a bachelors in "Information Security" from ITT Tech.

For those who aren't familiar, ITT Tech is, at least in the midwest, where the stoners go after getting their GED (remedial high school diploma for people who couldn't hack it in...secondary...) because they realized minimum wage jobs don't go very far once you're paying your own rent.

The raw hubris of this video and his reasons for it are...overwhelming.

I'm left feeling assured about my future job prospects, and unhappy at the state of things.

I don't know that the ITT Tech thing is enough to condemn him. Sure, it's a crappy school, but great people can rise from humble places. One of the absolute very best programmers I know has something like two ITT Tech courses under his belt, and is entirely self-educated beyond that.

This guy doesn't need any credentials to prove he's a fool.

>entirely self-educated beyond that

This is why he's brilliant.

I myself am a college dropout.

I don't believe in credentialism, but someone foolish enough to think ITT Tech make them useful or proficient has another thing coming.

It demonstrates a lack of judgment more than anything.

The rest of his...material speaks for itself.

I would just like to note that the have an error on that page. <b>Warning</b>: INSERT command denied to user &#039;dbo325141527&#039;@&#039;74.208.180.97&#039; for table &#039;bs_watchdog&#039; query: INSERT INTO bs_watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, &#039;php&#039;, &#039;%message in %file on line %line.&#039;, &#039;a:4:{s:6:\&quot;%error\&quot;;s:12:\&quot;user warning\&quot;;s:8:\&quot;%message\&quot;;s:655:\&quot;INSERT command denied to user &amp;#039;dbo325141527&amp;#039;@&amp;#039;74.208.180.97&amp;#039; for table &amp;#039;bs_accesslog&amp;#039;\nquery: INSERT INTO bs_accesslog (title, path, url, hostname, uid, sid, timer, timestamp) values(&amp;#039;Cybersecurity For The 21st Century, Hacking Challenge: Change this website&amp;amp;#039;s homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black. DONE, THAT WAS EASY. KEEP YOUR MONEY WE DO IT FOR THE LULZ&amp;#039;, &amp;#039;node/1&amp;#039;, &amp;#039;http://www.google.com/reader/view/?at=A_uCkSZxuRDNUf in <b>/homepages/6/d325020610/htdocs/includes/database.mysql.inc</b> on line <b>128</b><br />

That's what happens when you run a security website on Drupal......

What's wrong with Drupal?

Nothing per se, but if he's not automatically upgrading then there's a potential easy vulnerability from previous versions to exploit.

See: http://www.drupalexploit.com/

Posted 4 min ago but its already hacked. I guess that should have been expected when you challenge hackers like that.

Also possible that the traffic generated resulted in the server crashing. I guess, time will tell.

One thing that time is telling: 24 hours later and this security firm has not yet removed the defaced image. :/

i guess it makes sense to run 'competitions' like this. if a 0-day exploit is used, the method can be studied to a great benefit.. even be re-sold later to recoup the costs:)

Did they intentionally make it easy because they have a different agenda, or are those hackers really that good?

There's a third option: they didn't intend to make it easy, but it was.

Already hacked ? :O really ? This is what happens when you put your money where your mouth is :P

that could have ended up much worse... everyone learns to not play with the fire. But obviously the managers of security agencys not...