[ISN] University nixes Mac hacker contest

InfoSec News isn at c4i.org
Thu Mar 9 01:32:32 EST 2006


By Joris Evers 
Staff Writer, CNET News.com
March 8, 2006

A Mac OS X hacker challenge apparently got a systems engineer at the
University of Wisconsin-Madison into trouble with university

Dave Schroeder on Monday invited hackers to break into a Mac Mini he
attached to the university network. The challenge would last until
Friday, he announced. The contest was in response to an earlier
challenge, which Schroeder criticized as too easy.

But the event ended early--Tuesday night. On Wednesday, information
emerged that the contest had drawn the scrutiny of the university's
chief information officer, Annie Stunden.

"The Mac OS X 'challenge' was not an activity authorized by the
UW-Madison," Brian Rust, a university spokesman, said in an e-mailed
statement. "Once the test came to the attention of our CIO, she ended
it...Our primary concern is for security and network access for UW

The same statement also appeared on Schroeder's challenge Web site
Wednesday afternoon. "Dave was well-meaning, but he did the test
pretty much on his own," Rust said in a phone interview.

Universities are often the target of cyberattacks. The academic
institutions face the challenge of balancing the need to share
information on large networks with the need to secure data.

The Mac OS X contest ended without a negative impact on the University
of Wisconsin-Madison's network, Rust said. "We were able to handle the
traffic, and there were no compromises to university systems," he
said. The university apologized for any inconvenience its action
caused to the Mac community.

The university is distancing itself from the challenge. "If Dave wants
to continue this test, he has to do that privately, not using
university systems," Rust said.

Schroeder had said he wants to publish some details on the attempts
that were made to hack his Mac. The computer was connected to the Net
for more than 30 hours, apparently without being compromised. In the
earlier challenge, an anonymous hacker claimed he was able to
compromise OS X within 30 minutes using an undisclosed vulnerability.  
However, attackers in that case had been given user-level access to
the system rather than being shut out completely.

These hacker challenges came after weeks of scrutiny of the safety of
OS X, prompted by the discovery of two worms, and the disclosure of a
serious vulnerability. Security experts are also questioning the
effectiveness of Apple's latest patch.

More information about the ISN mailing list