University nixes Mac hacker contest

Plug pulled on Mac OS X hacker challenge over concerns about security and network access for university services.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
A Mac OS X hacker challenge apparently got a systems engineer at the University of Wisconsin-Madison into trouble with university administrators.

Dave Schroeder on Monday invited hackers to break into a Mac Mini he attached to the university network. The challenge would last until Friday, he announced. The contest was in response to an earlier challenge, which Schroeder criticized as too easy.

But the event ended early--Tuesday night. On Wednesday, information emerged that the contest had drawn the scrutiny of the university's chief information officer, Annie Stunden.

"The Mac OS X 'challenge' was not an activity authorized by the UW-Madison," Brian Rust, a university spokesman, said in an e-mailed statement. "Once the test came to the attention of our CIO, she ended it...Our primary concern is for security and network access for UW services."

The same statement also appeared on Schroeder's challenge Web site Wednesday afternoon. (His site, http://test.doit.wisc.edu, was down as of Thursday morning.)

"Dave was well-meaning, but he did the test pretty much on his own," Rust said in a phone interview.

Universities are often the target of cyberattacks. The academic institutions face the challenge of balancing the need to share information on large networks with the need to secure data.

The Mac OS X contest ended without a negative impact on the University of Wisconsin-Madison's network, Rust said. "We were able to handle the traffic, and there were no compromises to university systems," he said. The university apologized for any inconvenience its action caused to the Mac community.

The university is distancing itself from the challenge. "If Dave wants to continue this test, he has to do that privately, not using university systems," Rust said.

Schroeder had said he wants to publish some details on the attempts that were made to hack his Mac. The computer was connected to the Net for more than 30 hours, apparently without being compromised. In the earlier challenge, an anonymous hacker claimed he was able to compromise OS X within 30 minutes using an undisclosed vulnerability. However, attackers in that case had been given user-level access to the system rather than being shut out completely.

These hacker challenges came after weeks of scrutiny of the safety of OS X, prompted by the discovery of two worms, and the disclosure of a serious vulnerability. Security experts are also questioning the effectiveness of Apple's latest patch.