Frisch
03-09-2006, 10:15 AM
The University of Wisconsin has ended its OS X hacking contest with no successful hacking attempts.
The challenge was cut short after the University's Chief Information Officer found out about it and deemed that it was unauthorized. The competition's website has since been removed.
Dave Schroeder, the competition's organiser and a systems administrator at the university, launched the challenge in response to a similar competition last month in which a blogger created user accounts for contestants on a Mac Mini and challenged them to hack into the system by defacing a website.
The Mac Mini contest made headlines earlier this week, and the winner boasted that it had taken him under 30 minutes to penetrate OS X's security.
But Schroeder pointed out that his accomplishment "failed to mention a very critical point: anyone who wished it was given a local account on the machine".
He claimed that his hacking contest would create a more accurate image of OS X's security. The contest ran for 38 hours and resulted in no successful hacks, Schroeder said on the contest's website.
The site suffered from heavy traffic that peaked at 30Mbps, logging lots of traffic from scripts that sought to exploit known software vulnerabilities.
A number of dictionary attacks were also launched where special tools try out possible passwords such as birth dates, names and common words based on pre-defined dictionaries.
The site also was brought down twice by a denial of service attack that overloaded the server.
The test system was a Mac Mini running the latest version of OS X as well as all the latest security updates. It had been configured with two local user accounts and had SSH and HTTP open. The latter were not typical settings for an average user, according to Schroeder.
Contestants who claimed to have succeeded in hacking the system had to provide details about how they breached the security walls, which would have been provided to Apple. The winner was promised a claim to fame, but no material price.
Link (http://www.vnunet.com/vnunet/news/2151531/apple-security-withstands)
The challenge was cut short after the University's Chief Information Officer found out about it and deemed that it was unauthorized. The competition's website has since been removed.
Dave Schroeder, the competition's organiser and a systems administrator at the university, launched the challenge in response to a similar competition last month in which a blogger created user accounts for contestants on a Mac Mini and challenged them to hack into the system by defacing a website.
The Mac Mini contest made headlines earlier this week, and the winner boasted that it had taken him under 30 minutes to penetrate OS X's security.
But Schroeder pointed out that his accomplishment "failed to mention a very critical point: anyone who wished it was given a local account on the machine".
He claimed that his hacking contest would create a more accurate image of OS X's security. The contest ran for 38 hours and resulted in no successful hacks, Schroeder said on the contest's website.
The site suffered from heavy traffic that peaked at 30Mbps, logging lots of traffic from scripts that sought to exploit known software vulnerabilities.
A number of dictionary attacks were also launched where special tools try out possible passwords such as birth dates, names and common words based on pre-defined dictionaries.
The site also was brought down twice by a denial of service attack that overloaded the server.
The test system was a Mac Mini running the latest version of OS X as well as all the latest security updates. It had been configured with two local user accounts and had SSH and HTTP open. The latter were not typical settings for an average user, according to Schroeder.
Contestants who claimed to have succeeded in hacking the system had to provide details about how they breached the security walls, which would have been provided to Apple. The winner was promised a claim to fame, but no material price.
Link (http://www.vnunet.com/vnunet/news/2151531/apple-security-withstands)