The testing period for the Mac OS X Security Test is now closed. “Originally, the online event was scheduled to end on Friday. But because of the enormous attention, the time for the challenge has been cut short and will now end Tuesday at 10 p.m. PST, Schroeder said,” Joris Evers reports for CNET News. “Schroeder plans to sift through the log files of the Mac and publish anything interesting, he said in the phone interview. ‘I know it is disappointing that it will be ending early to a lot of people.'” Full article here.
In response to the woefully misleading ZDnet article, Mac OS X hacked under 30 minutes, by Munir Kotadia () the academic Mac OS X Security Challenge was launched Monday morning by The University of Wisconsin’s Dave Schroeder. The ZDNet FUD piece failed to mention that local access was granted to the Mac OS X system and left some readers with the false impression that any Mac OS X machine connected to the Internet can be taken over in just 30 minutes. As Schroeder notes, the Mac OS X “machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.”
So, with a real Mac OS X challenge sitting online, 30 minutes came and went, folks. Long ago. The Mac OS X remained “unhacked” for the entire 38-hour testing period.
Schroeder’s notes from 11:59pm CST last night:
• The response has been very strong, and the test has illustrated its point.
• Traffic to the host spiked at over 30 Mbps.
• Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
• The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
• The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
• There were no successful access attempts during the 38 hour duration of the test period.
More info here.
[Thanks to MacDailyNews Reader “Judge Bork” for the heads up.]
[UPDATE: 9:12am EST: Added CNET info and link.]
Advertisements:
• Apple’s brand new iPod Hi-Fi speaker system. Home stereo. Reinvented. Available now for $349 with free shipping.
• Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Mac OS X ‘unhacked’ over 24 hours and counting in genuine security challenge – March 07, 2006
University of Wisconsin launches bona fide Mac OS X Security Challenge – March 06, 2006
Mac OS X ‘hacked in under 30 minutes?’ Why Mac OS X security is all the rage recently – March 06, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Apple Mac OS X clearly offers superior security over Microsoft Windows – March 02, 2006
Apple Mac OS X has a lot more vulnerabilities than Windows XP? – February 28, 2006
Enderle: Security vendors see Apple as next big opportunity – February 28, 2006
As Apple Mac grows in popularity, will security issues increase? – February 27, 2006
The Idiot’s Guide to Mac Viruses For Dummies 101 – February 24, 2006
Wired News: ‘Mac attack a load of crap’ – February 22, 2006
Report: Apple developing fix for automatic execution of shell scripts – February 21, 2006
Ars Technica: Fears over new Mac OS X ‘Leap-A’ trojan pointless – February 20, 2006
Atlanta Journal-Constitution asks: Is ‘Mac virus’ all just propaganda from Mac haters? – February 20, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – January 26, 2006 (Kotadia)
IDC: Apple Mac 2005 U.S. market share 4% on 32% growth year over year – January 20, 2006
Analysts: Apple Mac’s 5% market share glass ceiling set to shatter in 2006 – January 09, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – September 09, 2005 (Kotadia)
Joke of the month: Gartner warns of Mac OS X ‘spyware infestation’ potential – March 30, 2005 (Kotadia)
Symantec warns about Mac OS X security threat – March 21, 2005 (Kotadia)
Ahhhh.mmm…. just as I thought. Put a real test out there and suddenly that easy 30 minute hack job became impossible! I myself had no doubt that no one would get in even if he left the test go on until the end of the year!
So much for the myth ZDNET story that OSX is not secure. Maybe next time they’ll get all the facts before they write there fairy tales!
There were also getting hammered by a couple of DoS (denial of service) attacks.
The whole University network got slammed because of a “Slashdot effect.”
It happens a lot because of all the hit traffic that site recieves daily.
http://apple.slashdot.org/article.pl?sid=06/03/07/1324256&from=rss
What happens to Windows XP “out of the box” in 38 hours? Nice to see a comparison… Is there one around?
Can you please go Web 2.0 like Digg.com so we can KILL bullshit from the trolls like “MacDude”?
Your the troll, I was making a valid point that the test was flawed.
If you want to be moderated to death go to Apple Discussions or go to MacSlash and listen to the echos.
Echos don’t click ads.
Can you please go Web 2.0 like Digg.com so we can KILL bullshit from the trolls like “MacDude”?
MacMania
Let it be MM, it allows freedom of expression so that you too can say whatever you want regardless if we agree with you or not-
Does the term :democratic” ring a bell?
The ZDNet article did not “fail to mention” that local access was given. It’s mentioned in the second freakin’ paragraph!
For those who didn’t read the actual article (probably quite a lot of people judging from all the responses), the second paragraph reads:
“Participants were given local client access to the target computer and invited to try their luck.”
MDN, any idea what local client access means? It means they were given a local account. Any UNIX sys admin with half a brain should have caught that.
So everyone please, stop saying that they didn’t mention that local access was given. That disclaimer is in the first 100 words.
MDN Magic Word “final”
MacDude made a valid point “the test was flawed.” If I had the ability to hack a Mac there is now way I would do it during a test that is monitored, the IP’s are recorded and Apple being notified of successful hacks. But that’s just me.
“The ZDNet article did not “fail to mention” that local access was given. It’s mentioned in the second freakin’ paragraph!”
Guess you were late to the party.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
That second paragraph you refer to was ADDED AFTER the article was released and picked up by AP and others. The original story made absolutely NO MENTION of the fact that this machine was hacked from the INSIDE by someone with USER ACCESS.
It was inferred that the Mac was on the Internet when it was brought down by a hacker from the outside, in under 30 minutes.
BIG DIFFERENCE!
Maybe it is you that should bother digging a little deeper before sounding off eh?
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Literate – The original ZDNet article did NOT have that paragraph in it. It was only after they got raked over the coals on their forum did they go back and add that paragraph. But by then a great deal of damage was already done.
I understand the explanation given for shortening the challenge period, but the unfortunate side effect of that is that it allows naysayers to claim that the challenge didn’t run it’s course and was pulled ahead of time.
Perhaps somebody could arrange for a similar challenge to be made on a Mac where it would be acceptable to leave it running for longer while attracting so much attention.
Where is the ZDnet ‘News Alert’!??
Z
uh oh….
going to: http://test.doit.wisc.edu/
now says:
“Yesterday we discovered the Mac OSX “challenge” was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight. Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community. “
Umm, I’m no expert on hacking. But, wouldn’t a competent hacker have a relatively easy time masking his IP address? If I’m right, fear of discovery due to IP logging would not be a disincentive for would-be challengers.
Make your life more simple get the home loans and everything you need.
I think that you know how not easy can the custom term paper performing be. But, you should not be embarrassed, simply because the custom writing services offer the article writing and there’s not a problem to buy essay service and be totally happy.
I never attempt to complete by myself just because I am not a specialist. Thence, I buy coursework online and have no problems with my acacemic papers accomplishing tasks.
Don’t you get what high school guys suppose to be aimed at? These guys people are concentrated on top grades! Nevertheless, to receive premium quality term papers you need to have somebody like custom term paper writing service to support you.
A student, who gets know something just about custom write would value your the best topic. I think that the buy paper service can utilize this for the research paper blogs.