Linked by Thom Holwerda on Mon 6th Mar 2006 21:59 UTC, submitted by crispoe
Mac OS X "In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."
Thread beginning with comment 101944
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Port scan
by someone on Mon 6th Mar 2006 22:49 UTC in reply to "Port scan"
someone
Member since:
2006-01-12

I tried "ssh test.doit.wisc.edu" and the machine seems to have ssh access enabled.

Edited 2006-03-06 22:50

Reply Parent Score: 2

RE[2]: Port scan
by archiesteel on Mon 6th Mar 2006 23:35 in reply to "RE: Port scan"
archiesteel Member since:
2005-07-02

Indeed, nmap reveals that ssh and http are open:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-06 18:33 EST
Interesting ports on test.doit.wisc.edu (128.104.16.150):
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
427/tcp closed svrloc
443/tcp closed https

Nmap finished: 1 IP address (1 host up) scanned in 35.609 seconds

Reply Parent Score: 3

RE[3]: Port scan
by CloudNine on Tue 7th Mar 2006 07:51 in reply to "RE[2]: Port scan"
CloudNine Member since:
2005-06-30

"and has ssh and http open"

It's all in the summary.

Reply Parent Score: 1