Linked by Thom Holwerda on Mon 6th Mar 2006 21:59 UTC, submitted by crispoe
Mac OS X "In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."
Permalink for comment 102293
To read all comments associated with this story, please click here.
anduril
Member since:
2005-11-11

Not totally tho. Most webhosting servers will have SSH access for any of their users. So a similar privelage escelation attack COULD be accomplished. Tho it should technically be much harder

Reply Parent Score: 1