"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.
Though this might seem a bit embarassing, this is probably one of the best ideas the IT industry as a whole can use - allow anyone access to a particular machine with the goal of bringing it down, for reward. What a way to use the collective mind power of thousands of people to help "bug test" a system. Enterprise companies have used a similar tactic for many years, hiring someone on the outside to probe them externally, looking for exploits. Sort of like a security audit.