Mac OS X Security Challenge

The University of Wisconsin has launched a Mac OS X Security challenge, in response to a ‘woefully misleading ZDnet article’.

“Mac OS X is not invulnerable. It, like any other operating system, has security deficiencies in various aspects of the software. Some are technical in nature, and others lend themselves to social engineering trickery. However, the general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system.” claims Dave Schroeder, the competition’s organiser.

Contestants who claim to have succeeded in hacking the system must provide details about how they breached the security walls, which will be provided to Apple. The winner gets a claim to fame, but no prize. This challenge will end on Fri 10 March 2006 10:00 AM CST. let’s see if anyone can do it.

Update: The testing period is now closed.

  • The response has been very strong.
  • Traffic to the host spiked at over 30 Mbps.
  • Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
  • The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
  • The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
  • The site received almost a half a million requests via the web.
  • There were over 4000 login attempts via ssh.
  • The ipfw log grew at 40MB/hour and contains 6 million events logged.
  • There were no successful access attempts during the 38 hour duration of the test period.
    • Published by Bharath Kumar 2 years, 7 months ago. Both comments and trackbacks are currently closed.
    Filed under Journal. Tagged: , , , , , , .