Linked by Thom Holwerda on Mon 6th Mar 2006 21:59 UTC, submitted by crispoe
Mac OS X "In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."
Thread beginning with comment 101934
To read all comments associated with this story, please click here.
Port scan
by JustAnotherMacUser on Mon 6th Mar 2006 22:37 UTC
JustAnotherMacUser
Member since:
2006-01-08

128.104.16.150, no response.

Publicity stunt or he went home early.

FOUL!!!

Like anyone is really going to give up their secrets to cracking Mac OS X.

shesh, so lame

Reply Score: 0

RE: Port scan
by someone on Mon 6th Mar 2006 22:49 in reply to "Port scan"
someone Member since:
2006-01-12

I tried "ssh test.doit.wisc.edu" and the machine seems to have ssh access enabled.

Edited 2006-03-06 22:50

Reply Parent Score: 2

RE[2]: Port scan
by archiesteel on Mon 6th Mar 2006 23:35 in reply to "RE: Port scan"
archiesteel Member since:
2005-07-02

Indeed, nmap reveals that ssh and http are open:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-06 18:33 EST
Interesting ports on test.doit.wisc.edu (128.104.16.150):
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
427/tcp closed svrloc
443/tcp closed https

Nmap finished: 1 IP address (1 host up) scanned in 35.609 seconds

Reply Parent Score: 3