Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Incomplete Reporting of OSX "Hack"

Mar 6, 2006 9:49PM PST

I'm sitting here listening TMV talk about the Mac OSX "hack" and am a bit disappointed that they are repeating the same incomplete hype that the rest of the media are spreading.

The really big, huge, important, critical thing that *EVERYONE* has left out is that the competitors were given SSH access to the box as a start. So this was, in essence, a local exploit. So comparing a 30 minute hack of an OSX machine when local access is already available to a Windows machine being hacked when no local access is granted is just plain irresponsible.

I encourage folks to find out more about the competition before spreading more misinformation about this.

Discussion is locked

- Collapse -
Agreed
Mar 6, 2006 10:15PM PST

You're right. That service is turned off by default on a standard OS X installation. And most users will be behind a router and/or have the firewall turned on. This is an example of a setup destined to fail (almost like he wanted the publicity, huh?)

TUAW has a pretty good wrap up of this:
http://www.tuaw.com/2006/03/07/another-look-at-mac-os-x-security/

- Collapse -
Agreed
Mar 7, 2006 4:35AM PST
- Collapse -
U of Wisconsin (almost) proper security challenge
Mar 7, 2006 7:20AM PST

A friend sent this link to me. Apparently the University of Wisconsin is sponsoring a Mac OSX security challenge that is more representative of real life. The machine will still have both SSH and HTTP open, so it still isn't a Mac sitting at its most secure state. But at least it's CLOSER to a real life scenario.

http://test.doit.wisc.edu

-Kevin S.

- Collapse -
Ha
Mar 7, 2006 9:29AM PST

Funny. Tom, Molly and V mentioned the U of W challenge on the podcast today (I just now listened to it). I like the 11:00 post of the podcast better. I'll be less likely to repeat what you guys already covered Happy

-Kevin S.

- Collapse -
Man, I'm getting behing on my BOL fix ...
Mar 7, 2006 11:24AM PST

Having Apple training this week is really hindering my daily fix of BOL.

-Terry

- Collapse -
osX withstood 38 hours of attacks sans local accounts
Mar 7, 2006 11:23PM PST