t2’18 challenge winner announced

This year we altered the challenge format once again, and ran it in the form of a free-format application over e-mail between the 4th of July and 4th of August. Neither attempts at bribery nor cheating were noticed, which was a slight but acceptable disappointment for the Advisory Board.

As it has been the case in the past, the same names often show up in the Hall of Fame. Whether it’s the technical talent, persistent effort or being in the right place at the right time, Fortune favors the bold.

Congratulations Carl “Zeta Two” Svensson! Well done!

To demonstrate what it took to receive the ticket, here are selected highlights from his long application:

We would also like to thank everybody who participated in the challenge this year. Your submissions were greatly appreciated. In other news, the ticket sales have been active during the summer and we are expecting a flood of registrations once the preliminary schedule is released. To make sure you don’t miss out, register now to guarantee your place at the 15th anniversary edition of t2.

t2’18 challenge

Regular visitors and friends of t2 know our struggles with the annual challenge. The main purpose behind the puzzle has always been to find and recognize passionate people who have the talent, but sometimes lack the necessary budget to attend the event. We strongly believe in paying it forward and this tradition is something we want to hold on to.

For t2’18 the annual challenge will take a new form. To showcase technical excellence and prove you deserve a free ticket, all you need to do is submit an open application (preferably in ASCII format) over e-mail. Whether it’s your tool repository on github, awesome local meetup presentation, craziest exercise in memory manipulation, a recent bug bounty submission or something completely different, let us know. Supporting evidence goes a long way.

Rules of the challenge

  • The Advisory Board will select 0-2 ticket recipients out of the submissions
  • Challenge deadline is August 4, 2018 @ 23:59:59 UTC
  • Submissions must be sent to info-2018@lists.t2.fi
  • Criteria for selection is unscientific, tough but fair and may change at any time
  • Participants unestablished in the security industry will receive a scoring multiplier
  • The free ticket entitles to the same perks as a single regular ticket
  • Travel costs (if required to participate) are not covered by the prize
  • Decisions are final, but we still love you. It’s not you, it’s us. We hope we can still be friends.

t2’17 Challenge winner announced

This year’s free ticket was awarded at LocalTapiola HackDay to the team who discovered the most severe vulnerability. After a full day of analyzing, verifying and rating the reported vulnerabilities, we had a clear winner rising above the competitors.

Congratulations Harri Kuosmanen of team ROT! Well done!

We would also like to thank all the other teams and those participating in the challenge during the summer. The countdown to t2’17 starts now – see you on Thursday! (..or Wednesday night at one of the many pre-event meetups/lobby bar gatherings)

If you have ideas on how to give out free tickets to our 15th anniversary event next year, please let us know!

What ever happened to the t2 challenge?

So, the t2 challenge of 2017.. It’s over for sure, but not in a way we anticipated. Before we get ahead of ourselves, let’s get back to the beginning.

The challenge was originally created in 2005 to give out free tickets to people with fantastic technical talents – there were two tracks, speed and elegance. You could either win by being the first one to solve the challenge, or by submitting the finest write-up. The idea was that also those without a personal training budget had a chance of participating the event – in practice, many new talents got a turbo boost for their contacts and career in security.

The format was successful for almost a decade, until the successful completions, attempts and downloads/page views started to drop steadily. The numbers were coming down and there was no denying it – the format of each year’s challenge appeared to have no effect on this.

We tried to compensate by putting more effort into creating the challenges, and promoted them also on Twitter in addition to the traditional channels. Alas, this did not work and we pivoted to a bug bounty this year.

The challenge was open for three full months over the summer, and during that time our own tweets alone reached over 130 000 people. Further promotion was done on our own blog, and mailing list, in addition to Full Disclosure and DailyDave. In the spirit of past challenges, the rules emphasized quality submissions and finesse to allow people to focus on what truly matters. Most importantly, the target had been selected exclusively for the t2 challenge, and had not been previously subjected to a bug bounty.

Despite a major scope increase two weeks before the challenge end date, we received exactly zero submissions. Not one, not two, but Z-to-the-E-to-the-R-to-the-0. Talk about failing..

Our question now to you, esteemed fellow hackers is:

How should we give out the free tickets in the future?

Please tweet or e-mail us, we want to hear your ideas! All feedback on the subject is appreciated.

There is sunshine after the rain – our good friend Leo Niemelä invited t2 to judge the annual LocalTapiola Hack Day. That’s the where the story continues in the following post.

t2’17 challenge update

We are updating the rules slightly, and increasing the challenge scope to cover the complete LocalTapiola Bug Bounty program.

The basic rules stay the same, with these changes:

  • The in-scope domains are expanded to cover all the domains that are in-scope in the normal LocalTapiola bug bounty program as well
  • All submissions are eligible for bounties – the rules are the same as in the normal LocalTapiola bug bounty program ($50-$50k)
  • Only NEW reports are eligible – don’t duplicate current open and/or unresolved reports from the normal LocalTapiola bug bounty program
  • In any case of confusion or ambiguity between the two bug bounty programs – LocalTapiola reserves all rights to make wise decisions

Happy hunting!