U of Wisconsin's Mac OS X Security Challenge

← Back to Stories (view on slashdot.org)

U of Wisconsin's Mac OS X Security Challenge

Posted by ryuzaki0 on Tuesday March 7, 2006 @02:10AM from the they-really-don't-have-anything-better-to-do-over-there dept.

digitalsurgeon writes "The University of Wisconsin [ed: Go Badgers] has launched a Mac OS X Security challenge, in response to a 'woefully misleading ZDnet article'. From the site: 'The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open.' Are you up to the task? Can you prove ZDNet wrong, or can you show that Mac OS X can really be hacked in less then 30 minutes? More information about the challenge is at http://test.doit.wisc.edu/ The challenge ends Fri 10 March 2006 10:00 AM CST." Update: 03/07 14:32 GMT by Z : Commentary on the contest and original claim is available at VNUNet

4 of 401 comments (clear)

Min score:

Reason:

Sort:

Logs by Bromskloss · 2006-03-07 02:13 · Score: 5, Insightful

Mabye logs could be published (in real-time) so that we all can see some of what possible challengers are up to. That would be interesting.

--
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Possible Danger by zaguar · 2006-03-07 02:19 · Score: 5, Insightful

Email das@doit.wisc.edu if you feel you have met the requirements, along with the mechanism used. The mechanism will then be reported to Apple and/or the entities responsible for the component(s).

With virus/spyware becoming a multimillion dollar business, do you really think that the real hackers (sorry for the use of the term) will stay away from this, due to the this very condition. Do you think that the dangerous exploits and cracks that are, for the moment, unknown by Apple, and are hence, very valuable. They will not be willingly sent to Apple for some minor publicity and no material, no, they will be auctioned off in some sleazy IRC channel in Russia.

--
"Sure there's porn and piracy on the Web but there's probably a downside too."
Re:A Different Test by mekkab · 2006-03-07 02:20 · Score: 5, Insightful

I think you can't "see the forest for the trees."

The original test was equivalent to saying "I'll let a thief into my house. Let's see if he can steal anything!" Most houses don't have everything bolted down to the floor.

But how often do you allow someone into your machine? For A desktop, not often, perhaps never.

The biggest risk to most computers is a network based attack; this is the real meat and potatoes and a better test of the security of a machine.

--
In the future, I would want to not be isolated from my friends in the Space Station.
Re:A Different Test by Paradise+Pete · 2006-03-07 02:31 · Score: 5, Insightful

The original test was equivalent to saying "I'll let a thief into my house. Let's see if he can steal anything!"
I don't think that analogy is quite apt. It's more like locking someone in your basement and they figure out how to gain access to your whole house.
When I run a third party program I am essentially letting them inside, but as a non-priviledged user I'm confining them to a specific area. But if this ability to elevate privileges turn out to be a fact, then any program I run can have full access.
Right now we have only this one supposed demonstration of it. What I'd really appreciate seeing is that *original* test repeated. If we can look at this as if it were an experiment, then when someone publishes a result others try to repeat it under the same conditions. They don't conduct a different test with different conditions in order to disprove the original.