Apple Mac remains ‘unhacked’ as University of Wisconsin’s Mac OS X Security Challenge ends

The testing period for the Mac OS X Security Test is now closed. “Originally, the online event was scheduled to end on Friday. But because of the enormous attention, the time for the challenge has been cut short and will now end Tuesday at 10 p.m. PST, Schroeder said,” Joris Evers reports for CNET News. “Schroeder plans to sift through the log files of the Mac and publish anything interesting, he said in the phone interview. ‘I know it is disappointing that it will be ending early to a lot of people.'” Full article here.

In response to the woefully misleading ZDnet article, Mac OS X hacked under 30 minutes, by Munir Kotadia () the academic Mac OS X Security Challenge was launched Monday morning by The University of Wisconsin’s Dave Schroeder. The ZDNet FUD piece failed to mention that local access was granted to the Mac OS X system and left some readers with the false impression that any Mac OS X machine connected to the Internet can be taken over in just 30 minutes. As Schroeder notes, the Mac OS X “machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.”

So, with a real Mac OS X challenge sitting online, 30 minutes came and went, folks. Long ago. The Mac OS X remained “unhacked” for the entire 38-hour testing period.

Schroeder’s notes from 11:59pm CST last night:
• The response has been very strong, and the test has illustrated its point.
• Traffic to the host spiked at over 30 Mbps.
• Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
• The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
• The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
• There were no successful access attempts during the 38 hour duration of the test period.

More info here.

[Thanks to MacDailyNews Reader “Judge Bork” for the heads up.]

[UPDATE: 9:12am EST: Added CNET info and link.]

Advertisements:
Apple’s brand new iPod Hi-Fi speaker system. Home stereo. Reinvented. Available now for $349 with free shipping.
Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related MacDailyNews articles:
Mac OS X ‘unhacked’ over 24 hours and counting in genuine security challenge – March 07, 2006
University of Wisconsin launches bona fide Mac OS X Security Challenge – March 06, 2006
Mac OS X ‘hacked in under 30 minutes?’ Why Mac OS X security is all the rage recently – March 06, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Apple Mac OS X clearly offers superior security over Microsoft Windows – March 02, 2006
Apple Mac OS X has a lot more vulnerabilities than Windows XP? – February 28, 2006
Enderle: Security vendors see Apple as next big opportunity – February 28, 2006
As Apple Mac grows in popularity, will security issues increase? – February 27, 2006
The Idiot’s Guide to Mac Viruses For Dummies 101 – February 24, 2006
Wired News: ‘Mac attack a load of crap’ – February 22, 2006
Report: Apple developing fix for automatic execution of shell scripts – February 21, 2006
Ars Technica: Fears over new Mac OS X ‘Leap-A’ trojan pointless – February 20, 2006
Atlanta Journal-Constitution asks: Is ‘Mac virus’ all just propaganda from Mac haters? – February 20, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – January 26, 2006 (Kotadia)
IDC: Apple Mac 2005 U.S. market share 4% on 32% growth year over year – January 20, 2006
Analysts: Apple Mac’s 5% market share glass ceiling set to shatter in 2006 – January 09, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – September 09, 2005 (Kotadia)
Joke of the month: Gartner warns of Mac OS X ‘spyware infestation’ potential – March 30, 2005 (Kotadia)
Symantec warns about Mac OS X security threat – March 21, 2005 (Kotadia)

43 Comments

  1. Other than what I presume would be the loss of use of the Mini for the test (or would it?), does anyone know why it ended after only 38 hours? I would have liked to have seen the results at 38 days or longer. And I agree, it’ll be intersting to see what press coverage this test gets.

  2. The test ended because it was drawing so many hits and sucking bandwidth like crazy, the University IT dept had to be going nuts with all the activity.

    From info I got at the site their bandwidth usage was roughly equal to streaming native DV out to the Internet, 3.75 Megabytes per second.

    There were also getting hammered by a couple of DoS (denial of service) attacks.

    The good news is, nobody was able to mod the mini and even with all the traffic slamming it the machine never went down.

    Pretty amazing for a $499 computer running a stock OS without any 3rd party protection software.

    Lets have a Reality Check on this, get a University to put up a Windows box and see if it can be exploited!

  3. The theory that the media is too easy on Apple can now be laid to rest because we all know this story won’t see the light of day. It is only when supposed security “flaws” are found that the media cares. I wish people would realize that mac users aren’t zealots they just have to defend their platform from obvious media bias.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.