The Call is Coming from Inside the Mac!
Remember the OS X hacked story I linked to yesterday? Sure you do. Well, it turns out there was a rather vital piece of information left out of those initial reports. To wit:
So, more or less, the contest consisted of giving people access to the machine via SSH and then asking them if they were idiots. When everyone else said "no," apparently the media was called in to bellow a full-throated "yes." To which panicked bloggers replied, "Holy Crap the sky is falling!" and more or less flew off the handle without bothering to find out more about the so-called hack.
Oh, wait, that was me.
In response to all this foolishness, Dave Schroeder of the University of Wisconsin has posted a legitimate security challenge:
Let's see how long Schroeder's page stays up unaltered. My guess is that even with the vulnerabilities he intentionally included, his Friday deadline will come and go with no untoward exploits, despite a lot of trying.
UPDATE:It looks like I'll be eating my words. Schroeder is ending the contest early:
Clarification: The story has been updated to clarify that participants were given local client access to the target computer.Oh! Local access you say. You say you gave everyone who stumbled in your doorway non-admin user access and a password, eh? And you had your firewall turned off?
So, more or less, the contest consisted of giving people access to the machine via SSH and then asking them if they were idiots. When everyone else said "no," apparently the media was called in to bellow a full-throated "yes." To which panicked bloggers replied, "Holy Crap the sky is falling!" and more or less flew off the handle without bothering to find out more about the so-called hack.
Oh, wait, that was me.
In response to all this foolishness, Dave Schroeder of the University of Wisconsin has posted a legitimate security challenge:
The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open. Email das@doit.wisc.edu if you feel you have met the requirements, along with the mechanism used. The mechanism will then be reported to Apple and/or the entities responsible for the component(s).The first viruses and Trojan horses designed to exploit Mac OS X are out there, sure. But I think people have been over-reacting lately. There's more than a little bit of glee on behalf of non Mac-users who have grown tired of hearing what a secure system it is, and too much defensive protestation on behalf of some Mac users unwilling to admit that their systems aren't completely impregnable. They are neither Fort Knox nor Windows boxes. But what they are is pretty damn good.
Let's see how long Schroeder's page stays up unaltered. My guess is that even with the vulnerabilities he intentionally included, his Friday deadline will come and go with no untoward exploits, despite a lot of trying.
UPDATE:It looks like I'll be eating my words. Schroeder is ending the contest early:
The testing period will be closed at 11:59 PM CST on 7 March 2006 (0559 GMT 8 March 2006). The response has been strong. Test results and information will be published at a future date.
A片,A片,成人網站,成人漫畫,色情,情色網,情色,AV,AV女優,成人影城,成人,色情A片,日本AV,免費成人影片,成人影片,SEX,免費A片,A片下載,免費A片下載,做愛,情色A片,色情影片,H漫,A漫,18成人
a片,色情影片,情色電影,a片,色情,情色網,情色,av,av女優,成人影城,成人,色情a片,日本av,免費成人影片,成人影片,情色a片,sex,免費a片,a片下載,免費a片下載
情趣用品,情趣用品,情趣,情趣,情趣用品,情趣用品,情趣,情趣,情趣用品,情趣用品,情趣,情趣
A片,A片,A片下載,做愛,成人電影,.18成人,日本A片,情色小說,情色電影,成人影城,自拍,情色論壇,成人論壇,情色貼圖,情色,免費A片,成人,成人網站,成人圖片,AV女優,成人光碟,色情,色情影片,免費A片下載,SEX,AV,色情網站,本土自拍,性愛,成人影片,情色文學,成人文章,成人圖片區,成人貼圖
情色文學,色情小說,色情,寄情築園小遊戲,AIO交友愛情館,情色電影,一葉情貼圖片區,色情遊戲
言情小說,情色論壇,色情網站,微風成人,成人電影,嘟嘟成人網,成人,成人貼圖,成人交友,成人圖片,18成人,成人小說,成人圖片區,微風成人區,成人網站,免費影片,色情影片,自拍,hilive,做愛,微風成人,微風論壇,AIO
Posted by
will |
10:42 AM