Contest rm-my-mac brought down in less than six hours

By Justin Mann on March 6, 2006, 2:02 PM
If you follow Apple, you'll remember that various security demonstrations they've had for OS X and Macs in general. The most recent one, in which a contest to break the security of a machine was held, won. And in under 30 minutes at that. In this particular demonstration, all the users were given local accounts on the machine, which typically makes system compromise much easier, but the speed at which it was brought down and had the web page for the contest deface is most definitely humbling. The contest didn't even last a day, and was defeated by and as of yet unpublished security vulnerability.

"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.
Though this might seem a bit embarassing, this is probably one of the best ideas the IT industry as a whole can use - allow anyone access to a particular machine with the goal of bringing it down, for reward. What a way to use the collective mind power of thousands of people to help "bug test" a system. Enterprise companies have used a similar tactic for many years, hiring someone on the outside to probe them externally, looking for exploits. Sort of like a security audit.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.