Results 1 to 4 of 4

Thread: Mac OS X Security Challenge

  1. #1
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185

    Mac OS X Security Challenge

    Oh man, this feels wierd posting in the Mac discussion board. Gives me the shivers!

    Anyway, I just read this on Slashdot and thought I would share:

    U of Wisconsin's Mac OS X Security Challenge
    "The University of Wisconsin [ed: Go Badgers] has launched a Mac OS X Security challenge, in response to a 'woefully misleading ZDnet article'. From the site: 'The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open.' Are you up to the task? Can you prove ZDNet wrong, or can you show that Mac OS X can really be hacked in less then 30 minutes? More information about the challenge is at http://test.doit.wisc.edu/ The challenge ends Fri 10 March 2006 10:00 AM CST."
    I'm sure a few of you on here might be up to it... not me.

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  2. #2
    Junior Member
    Join Date
    Oct 2005
    Posts
    15
    Heh, obviously not. It survived a digging and a slashdotting though. More than some servers.
    Compiling all the stuff for OS X...

  3. #3
    Howdy..
    http://news.yahoo.com/s/nf/20060306/tc_nf/41948

    The security breach took place on February 22 after a Swedish devotee of the Mac set up a Mac Mini as a server and invited all takers to try to compromise the system's security to gain root-level control. Once a hacker has gained root access to a computer system, the attacker can install applications, delete files and folders, and use the computer for any nefarious purpose.

    The competition was over in a matter of hours after a hacker, who asked to be identified only as "Gwerdna," gained access to the server in question and defaced the Web site with a message that read, "This sucks. Six hours later this poor little Mac was owned and this page got defaced."

    ---
    Although Gwerdna said that the Mac Mini could have been protected more effectively, he also said that, even had the machine been configured for better security, it would not have stopped him because the vulnerability he exploited has yet to be published and Apple has not released a patch for it.
    In the space of about 2 weeks OSX has gone from being this impenetrable operating system to a zombie.

    cheers
    front2back

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by .:front2back:.
    In the space of about 2 weeks OSX has gone from being this impenetrable operating system to a zombie.

    cheers
    front2back
    f2b - The link that you have posted refers to the cracking of the other test covered by ZDNet. The test was unfair because SSH accounts were given out to each of the attackers, so privilege escalation, an SSH vuln or something of the sort (this guy claims he used a zero-day exploit) would've gained him root.

    The article Deeboe posted about is this one - the new server was set up to prove that ZDNet is wrong. I do not know if that one has been cracked yet or not, but the server is certainly down atm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •