Linked by Thom Holwerda on Mon 6th Mar 2006 21:59 UTC, submitted by crispoe
Mac OS X "In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."
Thread beginning with comment 102035
To view parent comment, click here.
To read all comments associated with this story, please click here.
anduril
Member since:
2005-11-11

Not exactly FUD. It was completely different situations. On the box that the ZDnet article talks about anyone and everyone was given local shell accounts. Quite a bit different than whats currently being used in the UnvWi hackertest.

Reply Parent Score: 1

modmans2ndcoming Member since:
2005-11-09

and quite a bit diffrent than what happens in the world.

Reply Parent Score: 1

anduril Member since:
2005-11-11

Not totally tho. Most webhosting servers will have SSH access for any of their users. So a similar privelage escelation attack COULD be accomplished. Tho it should technically be much harder

Reply Parent Score: 1