http://www.macworld.co.uk/news/index.cfm?NewsID=14029 By Macworld staff March 07, 2006 A new Mac OS X hacker competition has been launched at the University of Wisconsin. The competition ends on Friday March 10. Hackers are being asked to change the front page of a website that's stored on a Mac mini: "Running Mac OS X 10.4.5 with Security Update 2006-001, two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open." The competition is a response to a report on ZDNet news this week, which claimed a hacker had managed to break into Mac OS X in under half an hour. What that report didn't explain was that anyone who wanted to try to hack that test Mac was given a local account on the machine which could be accessed using SSH. This effectively put the hacker in front of the machine and made the exercise much easier to accomplish. The organisers of the new Mac hack competition said: "Yes, there are local privilege escalation vulnerabilities for OS X; likely some that are 'unpublished'. But this machine was not hacked from the outside just by being on the internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction." Most consumer Macs won't hold user accounts for unknown people, won't have any ports open and will most likely be behind a firewall, making the earlier Mac OS X hacking exercise unrepeatable. Macs cannot be hacked "just by being on the internet", the competition organisers stressed. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Mar 07 2006 - 23:25:37 PST