PDA

View Full Version : Apple OS X withstands hacking contest



Frisch
03-09-2006, 09:15 AM
The University of Wisconsin has ended its OS X hacking contest with no successful hacking attempts.

The challenge was cut short after the University's Chief Information Officer found out about it and deemed that it was unauthorized. The competition's website has since been removed.

Dave Schroeder, the competition's organiser and a systems administrator at the university, launched the challenge in response to a similar competition last month in which a blogger created user accounts for contestants on a Mac Mini and challenged them to hack into the system by defacing a website.

The Mac Mini contest made headlines earlier this week, and the winner boasted that it had taken him under 30 minutes to penetrate OS X's security.

But Schroeder pointed out that his accomplishment "failed to mention a very critical point: anyone who wished it was given a local account on the machine".

He claimed that his hacking contest would create a more accurate image of OS X's security. The contest ran for 38 hours and resulted in no successful hacks, Schroeder said on the contest's website.

The site suffered from heavy traffic that peaked at 30Mbps, logging lots of traffic from scripts that sought to exploit known software vulnerabilities.

A number of dictionary attacks were also launched where special tools try out possible passwords such as birth dates, names and common words based on pre-defined dictionaries.

The site also was brought down twice by a denial of service attack that overloaded the server.

The test system was a Mac Mini running the latest version of OS X as well as all the latest security updates. It had been configured with two local user accounts and had SSH and HTTP open. The latter were not typical settings for an average user, according to Schroeder.

Contestants who claimed to have succeeded in hacking the system had to provide details about how they breached the security walls, which would have been provided to Apple. The winner was promised a claim to fame, but no material price.

Link (http://www.vnunet.com/vnunet/news/2151531/apple-security-withstands)

cambridgecomput
03-09-2006, 09:28 AM
I have to admit that I do like that post. Makes me feel, well I guess more comfortable about the kit I've just set up. Imagine that my G3/400 running OS 10.4 server will remain stable after it's 9 months of now continual operation for some time to come yet.

Rgds

Richard

*EDITed* by IFMU
Links to advertise your site is against forum rules & guidelines.
Rules & Guidelines (http://www.xtremesystems.org/forums/announcement.php?f=120&a=38)

RTB
03-09-2006, 09:45 AM
There was a comment on how bad contests are for proving how secure something is, because they prove nothing. To the best of my knowledge, OSX is no less or more secure than Windows, but is made to seem more secure by obscurity. It's just not worth the effort yet.

antipop
03-13-2006, 01:17 AM
I have to admit that I do like that post. Makes me feel, well I guess more comfortable about the kit I've just set up. Imagine that my G3/400 running OS 10.4 server will remain stable after it's 9 months of now continual operation for some time to come yet.

Rgds

Richard

for PC components, Apple Macintosh equipment, Refurbished Monitors and storage, visit the Cambridge computer Shop (http://www.cambridgecomputershop.co.uk)

This shoud make you happy http://www.hitup.org/

MaxxxRacer
03-13-2006, 02:56 AM
lmao @ antipop..

antipop
03-13-2006, 02:58 AM
lmao @ antipop..
Why?

MaxxxRacer
03-13-2006, 03:33 AM
hitup.. its really funny.

while having a machine running for 2 years is quite amazing, a 250mhz OSX machine is about as fun to use as say... a flamethrower that has a tendency to backfire and light you on fire.

btw why did you change the color of your avatar? easier to see?

antipop
03-13-2006, 03:37 AM
Yes it's funny in this way but again you cannot have a 2 year uptime on the latest mac intel ;) Anyway it's more for the record than anything else because any admin would need to rebbot to install the latest patches. Since apple has a new one every couple of months, the uptime is not that impressive but that's more than enough for me.

As for the av, Frisch made a nice golden frame around it. Don't you like it?

MaxxxRacer
03-13-2006, 03:43 AM
I do inded like the golden frame and orange recolorization of the picture.. makes it stand out better.

who says you cant have a 2 year uptime on the latest mac intel? Im not saying if u can or cannot, just that you dont know that you cant.

antipop
03-13-2006, 03:45 AM
I was saying that today it's impossible to have 2 year uptime on those machine (just because they're only a month old, i was trying to be funny but that failed :( ).

Anyway, i think the guys that need a 2 year uptime have other and more reliable source to use than mac

EvilCloudStrife
03-13-2006, 06:24 AM
sweet contest. If only i would have known about it, i would have won.. ohh well

:p

G H Z
03-13-2006, 12:18 PM
http://img.photobucket.com/albums/v31/canny/WG-OSXFlaws.jpg

http://docs.info.apple.com/article.html?artnum=303382

http://www.apple.com/support/downloads/securityupdate20060011039client.html

http://www.apple.com/support/downloads/securityupdate20060011039server.html

http://www.apple.com/support/downloads/securityupdate2006001macosx1045clientintel.html

http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html

Frisch
03-13-2006, 04:13 PM
Mac Skeptic: More on Mac Security (http://news.yahoo.com/s/pcworld/20060313/tc_pcworld/124982)

G H Z
03-13-2006, 05:49 PM
Not a skeptic just pointing out that any OS has it vulnerabilities ;)

It's all a matter of perspective I suppose.

Frisch
03-13-2006, 06:15 PM
Not a skeptic just pointing out that any OS has it vulnerabilities ;)

It's all a matter of perspective I suppose.
It's the headline from the article, not meant towards you. :)

antipop
03-13-2006, 11:08 PM
Not a skeptic just pointing out that any OS has it vulnerabilities ;)

It's all a matter of perspective I suppose.
But some are more vulnerable than others, and while OSX might not be the most secure, it's safe enough for most users.

Anyway all the OS's have one MAJOR flaw : the user

G H Z
03-14-2006, 10:14 AM
So is Windows, but I agree with you 100% on the user :)

Sorry just a funny little update ;)

http://img.photobucket.com/albums/v31/canny/OSXFlaws2.jpg