Big points for Mac OS X in Hackers’ ‘Defacers Challenge’

“An international hacking contest scheduled to begin this weekend could cause headaches for organizations worldwide and disrupt the Internet, according to a warning from Internet Security Systems Inc. (ISS),” reports Paul Roberts for IDG News Service. “The contest, known as the Defacers Challenge, awards points to malicious hackers who successfully compromise an organization’s Web server and deface its Web pages.”

“Rather than focusing on the volume of defacements, the Defacers Challenge is set up to reward the skill of malicious hackers who can compromise systems running obscure operating systems such as Apple Computer Inc.’s Macintosh and Unix variants such as IBM Corp.’s AIX and Hewlett-Packard Co.’s HP-UX. Contest organizers even set up a Web page that outlines the rules of the game, including a point system for compromised machines (Windows: 1 point, HP-UX and Macintosh: 5) and what guidelines for what counts as a valid defacement,” reports Roberts.

Roberts writes, “The target is to deface 6,000 Web sites. A prize of free Web site hosting is offered to the malicious hacker who can reach that goal first or accumulate the most Web sites in trying to do so, according to information posted on the site. The Challenge is scheduled to begin on July 6 and last for six hours, though information on the exact time of the Challenge has not yet been released, Allor said.” Full article here.


  1. My guess is that they will go for their familiar territory and tally up numerous 1-pointers, rather than spending the whole day trying to crack a Mac.

    If a Mac server gets cracked, it will be from the Admin’s stupidity. A Mac’s greatest vulnerability is an administrator’s password. I have seen people use “Apple” or their site name merely spelled backwards.

    Knowing that Microsoft-based systems have a rough time with other languages, especially right-to-left ones such as Arabic and Hebrew, they make for great Mac passwords.

    ?? ??? ???? ????? ???.

    In the past I have used “my street + city + pet name” with alternate characters being typed with the “shift” and “alt” held down. So the potentially vulnerable word “mainstreethometownfido” becomes a much less vulnerable “�a�n�t�e�t�o�e?o�n�i�o”, but can be easily remembered and quickly typed.

    � ALWAYS keep your built-in firewall ON.
    � Keep all ports closed, unless absolutely necessary.
    � Limit all non-registered users (guests) to reading only.
    � Use obscure, random, characters as a password.

    For security, all you have to do is think outside the box… the Microsoft beige box.

  2. Does the 5 points for Macintosh mean OS X or System 7 or Mac OS 8-9? They should get at least 100 points for cracking OS 7-9. If Mac System 7 or Mac OS 8-9 are set up properly they are virtually invulnerable. Mac OS X is great too, if set up properly, but I believe it is more vulnerable than the earlier Systems and OSs.

    With regard to passwords, I feel that any combination of words you can find in an unabridged dictionary are too vulnerable. My favorite ways to make up passwords? Take an obscure Hindu or Tibetan or some other obcure deity, spell it backwards and put a couple non alpha/numeric characters somewhare in the middle — or even more obscure take the last couple words in one of Cicero’s many orations, “translate” it to ancient Latin characters (using i instead of j, etc.) and use that. This way you can type the password very fast even if someone is watching. It does not require holding down specific keys, just regular typing, and it looks like you are typing English words.

  3. Who the hell hosts websites on MacOS 7.5.3?
    Actually, I reckon the most secure server or firewall you could run would have to be A/UX 3.1. It’s so old and incompliant my Linux buddy (he knows his stuff) couldn’t even install Apache with root access right at my IIfx itself! What chance does some geek have on the other side of the world!

    Old Macs. Security through Obscurity!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.