Filed under: Analysis / Opinion, OS, Education, Apple
Univ. of Wisc. Madison pulls the plug on OS X Security Challenge
How many licks does it take to hack into a Mac mini? The world may never know. Damien mentioned the real security
challenge for OS X that Dave Schroeder set up over at UW Madison... and that it had been rescheduled to end a few
days earlier than planned. Well as of now it is just shut down entirely. Apparently Dave didn't get permission to set
all this up, and fearing for their network, the powers that be have just clicked the OFF button. I wonder if they're
running Windows servers for the rest of their network?The page now reads: "Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight. Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community."
Yes, well, I can understand their concerns. But I'm a little shocked no other Mac website, host, or educational institution has picked up the gauntlet. Are we really that blasé about security?
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Chris said 9:29AM on 3-09-2006
It was up and active for longer than 30 minutes though, right? Wouldn't that have been PLENTY of time, according to the previous article that spawned all of this, to hack that insecure little box? /sarcasm
Reply
Curious George said 9:44AM on 3-09-2006
I would imagine the powers that be don't really WANT to know how easy it would be to hack into it. Then they'd be forced to spend money to do something about it.
Reply
Greg said 10:20AM on 3-09-2006
"Are we really that blas?bout security?"
In a word, yes.
Reply
Jer said 11:00AM on 3-09-2006
"Are we really that blas?bout security?"
How about the TUAW site/staff steps forward to address the challenge?
Oh, right, you guys run on windows... ":^)
Reply
dogfriend said 11:01AM on 3-09-2006
It was up for 38 hours, according to an eariler summary posted on the site. It wasn't compromised in any way, but they were getting some severe DOS attacks which weren't successful, but may have influenced the decision to stop early.
Reply
Ian Betteridge said 11:34AM on 3-09-2006
Given that the policy amongst a certain section of the Mac community towards any suggestion that the Mac might not be bullet proof is "blame the messenger", I think any sane site would simply avoid hosting the challenge. If you hosted it, and it got hacked, you'd then spend the next two weeks being blamed by idiots for the security hole, somehow.
Reply
Joe said 12:15PM on 3-09-2006
http://badgerherald.com/news/2006/03/09/hacking_invite_troub.php
they make some good points, but wouldnt an academic network be the ideal place for things like this?
Reply
superjeff said 12:18PM on 3-09-2006
Excellent point Jer... it seems a couple of bloggers here have new Mac Minis. Step up to the plate TUAW. Surely you have the resources to run something like this.
Reply
Derek said 12:59PM on 3-09-2006
The site is now down completely. There is no server at all.
Reply
Rob Meyer said 12:20PM on 3-10-2006
Any sort of "hacking challenge" is a very, very poor security test. These are generally staged by the vendor as an example of how "secure" their product is. Compromised or not, this sort of test proves nothing at all, and provides no new security information.
Just because the Mac security community or I doesn't care about a meaningless security test doesn't mean we're blas?bout security.
Reply
DaS said 3:52PM on 3-10-2006
What would it take to run a good security test on a mac server?
I just got mac mini, and if someone can tell me what to run, I will do it.
~DaS
Reply