Claims of unhackable products come and go in the computer industry, with the unhackable product always ending with a crack in its once-shiny armor. Last week, yet another company claimed to have an unhackable product, this time a Web server, but according to at least one user, the claim may be right.
Bodacion Technologies LLC, last week announced its Hydra Web server. The Hydra is a rack-mountable Web server, aimed at the government, financial services and hosting markets. It supports multiple processors, is built with its own operating system and is so secure that it doesn't need a firewall to protect it, according to Eric Hauk, co-founder of Bodacion. Because Hydra uses an operating system written by Bodacion, it does not support standard Web plug-ins or features such as Active Server Pages or PHP (PHP Hypertext Preprocessor), though it does run Java, Hauk said.
Hydra is built around a single 366Mhz Power PC G3 processor from Hauk's former employer Motorola Inc., sports 256M bytes of RAM, a 40G-byte hard disk and a 10/100 Ethernet port, Hauk said. The server can accept up to three more processor cards, but is limited to a total of 256M bytes of RAM for now, he said.
What makes Hydra unique, and unhackable, according to Hauk, is its security mechanism, a number sequence generator called the Bodacion.
When a PC attempts to initiate a connection to a server, that connection is assigned a number, which is used for communication, Hauk said. Attackers often attempt to guess that number in order to "hijack" a connection, thus allowing them access to a server that they shouldn't have, he said. The Bodacion eliminates this problem because it uses a random number generation technology that makes it next-to-impossible to guess the next number in the sequence of session numbers, he said. Without that session number, access to the server is denied, stopping hacking, he said.
Hauk and Bodacion are so sure of their claims that they've offered a US$100,000 challenge to anyone who can predict the one-thousandth number in a sequence after being provided the first 999. Information on the challenge is available on the Bodacion Web site.
The Bodacion number can also be used against attacks on Web site content, since when content is read into memory from the hard drive, it is assigned a Bodacion number, Hauk said. If that number isn't included in the attack attempt -- and since it's so hard to guess, it likely won't be, he added -- the attack will fail.
The Bodacion, and the all-new operating system about which little is publicly known, mean that the Hydra is extremely secure, he said.
Hydra is "designed from the ground up with the unhackability," Hauk said, adding that the product's security features "(eliminate) the need for a firewall for us, for the Hydra."
The hacking contest has attracted some attention, Hauk said, with more than 2,300 people already registered to participate in the contest. But none of them have gotten far yet, he added.
"All the answers we've gotten so far are wrong," Hauk said.
Bodacion won't show its server to analysts. "People are conditioned by what's currently available" and won't believe the company's claims, Hauk said, defending the decision.
But the company has conducted four to five beta tests. At least one beta tester stands by Bodacion's claims.
Hydra is "impervious to direct attack over the Internet," according to Dave Brambert, president of Gilbert Information Systems, a consultancy and reseller based in Bloomingdale, Illinois. Brambert has written columns for ITWorld.com, which is owned by International Data Group Inc., the same parent company as IDG News Service.
"None of my staff could (hack) it," during a one-month test, Brambert said.
Brambert and his staff tried to hack the server and infect it with a virus, without success on either count. Part of the difficulty in attacking the box can be attributed to Hydra using its own operating system, Brambert said. Because little is known about the OS, it's hard to find a foothold to attack it from, he said.
The Hydra server is a useful product, one he'd even like the opportunity to sell to his clients, Brambert said. He does see the server's Java-only requirement as a limitation. That will be an obstacle for Bodacion, though being able to offer HTML (Hypertext Markup Language), XML (Extensible Markup Language), Java and Java Server Pages is a good start, he said.
Bodacion's Hauk doesn't share Brambert's opinion, though, saying that Java is one of the futures of the Internet. Hauk expects that "we'll see those (plug-ins and languages other than Java) dwindling out," to be replaced primarily with Java, as backed by Sun Microsystems Inc., and XML-type Web services, as pushed in Microsoft Corp.'s .Net initiative. Bodacion has also written its own Web language, called Genesis, he added.
Hauk knows that in order for Bodacion to succeed, he needs to be as right about this as about the server being unhackable. And if he's wrong, if someone does succeed in cracking the Bodacion sequence and winning the $100,000?
"We'll have to find something else to do," he said. "We're betting the company on this."