Mac OS X Security Competition Ends in 30 Minutes

ninja_assault_kitten writes "ZDnet is running an article on how a Swedish Mac OS X enthusiast held a competition to prove how good security was on his new fully patched Mac Mini was. Unfortunately, 30 minutes after the competition began, a hacker known as 'gwerdna' had broken in and defaced the website, thus winning the contest. According to gwerdna, 'Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders.'." It's also worth noting a piece that says all the security news is much ado about nothing, in practical terms. The security contest also allowed people to have local access via SSH, so that had a lot to do with the crack.

Re:Why keep SSH on?

[Golias]

How is it a troll to voice a suspicion that some guy who gave away local log-ins whole holding a security "contest" on OS X was astroturfing.

His whole project seems tailor-made to generate bad press for Mac security. It would not surprise me at all if he got a nice fat check from Redmond to set this up.

Re:Perhaps with a desktop Mac

[SilentChris]

"The assumption is that servers will be managed by those with a clue, whereas desktops will not usually be."

*Cough* You don't know many Mac server admins, do you? :P Most of the ones I know are not in any kind of environment where servers are routinely hardened. They assume, from all the marketing, that the box will be secure from the get go. If you mentioned the word "headless" to them, they'd have no idea what you're talking about.

Not to say Windows server admins are any better (most of the boxes I administer are Windows). But people (stupidly) expect in this day and age that the product they are given is what it's advertised to be. Blame Apple for not making it clearer in their marketing.