If you follow Apple, you'll remember that various security demonstrations they've had for OS X and Macs in general. The most recent one, in which a contest to break the security of a machine was held, won. And in under 30 minutes
at that. In this particular demonstration, all the users were given local accounts on the machine, which typically makes system compromise much easier, but the speed at which it was brought down and had the web page for the contest deface is most definitely humbling. The contest didn't even last a day, and was defeated by and as of yet unpublished security vulnerability.
"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.
Though this might seem a bit embarassing, this is probably one of the best ideas the IT industry as a whole can use - allow anyone access to a particular machine with the goal of bringing it down, for reward. What a way to use the collective mind power of thousands of people to help "bug test" a system. Enterprise companies have used a similar tactic for many years, hiring someone on the outside to probe them externally, looking for exploits. Sort of like a security audit.