Content

Will new Mac challenge take any longer?

A senior Apple systems engineer, not impressed by a recent overseas hacking challenge in which the winner reportedly gained root access to a Mac Mini in under 30 minutes, has launched his own security challenge.

Dave Schroeder, who works in the Division of Information Technology at the University of Wisconsin in Madison, said his challenge asks competitors to alter this web page.

 

The difference between his contest and last month's "rm-my-mac" competition – set up by a Sweden-based Mac fan, according to ZDNet Australia – is that Schroeder's asks participants to gain control of a Mac Mini from the outside, he said.

 

The two challenges come as the Mac OS X faces increasing scrutiny following Apple's security update release last week that patched some 20 flaws. Included among them is a critical vulnerability that allows an attacker to run arbitrary code when a user visits a malicious website through the Safari browser.

 

Following last month's challenge, the winner told ZDNet that "Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders."

 

But Schroeder was not impressed by the results because participants were given local client access. The contest author enabled SSH, a tool that provides encrypted connections for accessing network machines.

 

"This machine was not hacked from the outside just by being on the internet," he said. "It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction."

 

He said almost all Mac OS X machines would not grant local account access to external users.

 

"Mac OS X is not invulnerable," Schroeder said. "It, like any other operating system, has security deficiencies in various aspects of the software."

 

But Schroeder said he believes Macs are inherently safer than other platforms.

 

"The general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system."

 

The challenge, which concludes 11 a.m. EST Friday, does not offer a prize but will recognize the winner, if he or she wants to be named.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.