Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Security Competition Ends in 30 Minutes

Posted by ryuzaki0 on from the how-secure-is-secure dept.

ninja_assault_kitten writes "ZDnet is running an article on how a Swedish Mac OS X enthusiast held a competition to prove how good security was on his new fully patched Mac Mini was. Unfortunately, 30 minutes after the competition began, a hacker known as 'gwerdna' had broken in and defaced the website, thus winning the contest. According to gwerdna, 'Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders.'." It's also worth noting a piece that says all the security news is much ado about nothing, in practical terms. The security contest also allowed people to have local access via SSH, so that had a lot to do with the crack.

22 of 388 comments (clear)

  1. I challenge you to hack me! by Demon-Xanth · · Score: 2, Funny

    My IP is 127.0.0.1. :)

    --
    If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
  2. Re:Mac OS X Security Challenge by byolinux · · Score: 2, Funny

    And when you're done there, connect to 127.0.0.1 and root me there. Be sure to delete any files you find.

    --
    Join the Free Software Foundation
  3. Re:Mac OS X Security Challenge by Bromskloss · · Score: 5, Funny

    So, test.doit.wisc.edu is some guy you're having a war against, and now you want him to have an.. umm... unfortunate accident with his computer, right? With our help, sneaky. ;-) Mabye by the slashdotting alone. Welcome to the wild web.

    --
    Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
  4. Re: first thought... by opwierde · · Score: 1, Funny

    Oke, I'm game. This OS X has every port open, no firewall so go ahead! 81.68.209.58 aka kilburn.nl

  5. Re:Mac OS X Security Challenge by gasmonso · · Score: 2, Funny

    Does Slashdotting the site count ;)

    gasmonso
  6. The only way.. by PeterSomnium · · Score: 1, Funny

    To fully protect a Windows/Linux/BSD/OS X box, is to plug out the network-cable
    But since that's not worth much, I suppose you can say a total secure box, isn't something from the near future.

    --
    I rm -rf /*, therefore I am?
  7. Re:Why keep SSH on? by shotfeel · · Score: 3, Funny

    In other news, after giving burglers the first three of four numbers for your safe's combination, the fastest can open it in less than 30 minutes.

  8. Re:Why keep SSH on? by BodhiCat · · Score: 3, Funny

    The article also failed to mention that the password to gain root access to the Mac was "password."

  9. RDF defeats all by Brunellus · · Score: 4, Funny

    I have a feeling that the Reality Distortion Field has already cancelled whatever negative effect this has had

  10. Re:Security in small numbers by Anonymous Coward · · Score: 1, Funny

    Yeah, it's not like most of the Internet is running on Linux and Unix... oh wait...

  11. Doors unlocked, windows open by Dekortage · · Score: 5, Funny

    So SSH was on and accessible? Dumb move. Like saying "I dare you to steal my jewelry from my bedroom -- oh, and my house is unlocked with the windows open."

    But maybe people WANT something to be stolen. Many years ago, the garbagemen (sanitation workers) in NYC went on strike, and garbage was piling up in the streets. A relative of mine in Brooklyn still managed to get rid of his: he put it in big boxes, wrapped the boxes in gift paper with bows, and left them in his car with the doors unlocked. They always got stolen.

    How this applies to the story, I dunno, but I still think it's funny.

    --
    $nice = $webHosting + $domainNames + $sslCerts
  12. This one time at band camp by The+evil+non-flying · · Score: 1, Funny

    A lot of hoopla and it's over in a very short period of time. Kinda reminds me of the first time I had sex. Note: to most slashdot users, this sex thing I refer to is like compiling a kernel on Gentoo using -O3 and having it be stable.

  13. Re:Why keep SSH on? by Scrameustache · · Score: 2, Funny

    Somewhere inside of Apple, engineers are shaking their heads at this guy and the damage he's done to the Mac's reputation.

    And somewhere in Redmond, someone is writing him a cheque.

    --

    You can't take the sky from me...

  14. This was of very little worth by shatfield · · Score: 2, Funny

    The first thing that I'm going to do as a "normal user" is turn on SSH and Personal Web Sharing. Then I'm going give anyone who wants access to my machine an SSH account.

    This "test" was silly and unrealistic, at best.

    Here's a "real" test:
    1) Turn on brand new Mac Mini
    2) Update to latest rev of OS
    3) Try to hack it from the Internet, without knowing its IP address.

    Good frackin' luck!

    --
    "To make a mistake is only human; to persist in a mistake is idiotic." Cicero
  15. Kodos is not yours to give... by bennomatic · · Score: 4, Funny
    > I do give them kodos for allowing the hack...

    Kang might have something to say about that.

    --
    The CB App. What's your 20?
  16. Re:Stock Mac OS has never once had remote exploit! by Anonymous Coward · · Score: 1, Funny

    Dude, 1999 called. They want their rant back.

    And their Mac OS.

    Sheesh.

  17. Re:Why keep SSH on? by EntropyEngine · · Score: 2, Funny

    I thought about saying something sensible, but .. what a dick!

    Yes! Let's give the hacker SSH access! That'll slow 'em down! Teh hee!

    Buffoon...

  18. Re:Mac OS X Security Challenge by Bromskloss · · Score: 2, Funny

    New here, huh?

    Dave works and is a rather high profile Mac admin at UWisc.

    That's what _you_ think!

    --
    Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
  19. Please hack MY mac! by 1336.5 · · Score: 1, Funny

    Try me

    ip: 127.0.0.1

    alter the web page and post here when done.

  20. Re:Why keep SSH on? by geoffspear · · Score: 2, Funny

    I think he probably took advantage of the fact that anyone who's dumb enough to give people accounts on his machine and dare them to get root is probably also dumb enough to use "password" as their admin account password. Let's see Apple fix that vulnerability.

    --
    Don't blame me; I'm never given mod points.
  21. Re:Mac OS X Security Challenge by Anonymous Coward · · Score: 1, Funny

    Warning! The IP address above is to a pr0n site

  22. Re:Why keep SSH on? by Ohreally_factor · · Score: 3, Funny

    The guy gives out SSH accounts. There was no need to penetrate this layer of security, because he left the door wide open.

    So, to use the most disgusting analogy possible, it was like raping the goatse guy.

    Heh heh, I said analogy.

    --
    It's not offtopic, dumbass. It's orthogonal.