March 7, 2006 4:00 AM PST

Mac OS X patch faces scrutiny

Related Stories

Apple patches serious Mac OS flaws

March 1, 2006

Is Mac OS as safe as ever?

February 27, 2006

Mac OS flaw exposes Apple users

February 21, 2006
An Apple Computer patch released last week doesn't completely fix a high-profile Mac OS X flaw, leaving a toehold for cyberattacks, experts said.

The Mac maker released a security update for its operating system on Wednesday to plug 20 holes. The patch arrived after two weeks of intense scrutiny of the safety of OS X, prompted by the discovery of two worms, and the disclosure of a vulnerability that was deemed "extremely critical" by security monitoring company Secunia.

The update added a function called "download validation" to the Safari Web browser, Apple Mail client and iChat instant messaging tool. The function warns people that a download could be malicious when they click on the link. Before that change, clicking on a link could have resulted in the automatic execution of code on a Mac.

But Apple failed to address a key part of the problem, the fix should be at a lower, operating system level, experts said. It is now still possible for hackers to construct a file that appears to be a safe file type, such as an image or movie, but is actually an application, they said.

"While Apple added a checkpoint to the downloading and execution process, they did not eliminate this vulnerability," said Kevin Long, an analyst at security specialist Cybertrust and a Mac user for 11 years. "If a user can be tricked into opening a file that looks like a picture, the user may actually be opening a malicious script."

After installing the Apple patch, Safari, Mail and iChat in most cases will display a warning when downloading a potentially malicious file. However, the same is not true for other applications that let users receive files, such as the Firefox Web browser, Thunderbird e-mail client, Yahoo Messenger and LimeWire file-sharing tool. Apple does not offer safeguards for those applications.

Also, Safari won't display an alert for users who have disabled the "Open safe files after downloading" option in the Web browsers. Security experts urged users to disable this setting after initial details of the flaw were disclosed since it made users more vulnerable.

CNET News.com was alerted to the limitations of the patch by readers, who described themselves as "concerned Apple fans." Security experts confirmed the existence of an issue.

Apple acknowledged that, despite its patch, it is still possible to make a malicious file look innocent.

"It is definitely possible on the Mac and on any platform to create an application and try to pretend that it is something that its not. That's the definition of Trojans," Philip Schiller, Apple's senior vice president of worldwide product marketing, said in an interview. "There are Trojans in the world, I have yet to see a successful one on the Mac, but there are such things in the world as Trojans."

However, with its security update for Safari, Mail and iChat, Apple believes it cut off access for such Trojans. "The tools most people use (now) have built-in validation for things before they even get to the desktop," Schiller said. "The point of where people get the file is often through the browser and mail and instant messaging."

Apple's security fix is an important first step, said Michael Lehn, doctoral candidate and research assistant at the University of Ulm in Germany.

"I think Apple did the right thing," said Lehn, who first disclosed the Mac OS X vulnerability. "The fact that a script gets executed automatically had to be fixed immediately. They just have to go further."

Related coverage
Is Mac OS as safe as ever?
Trio of problems turn the spotlight on Apple security.

Microsoft Windows users have grown accustomed to a seemingly incessant stream of computer worms, viruses and security vulnerabilities. The same is not true for Mac owners. Going by fan forum postings, many Apple customers believe their systems are impervious to cyberattacks.

Lehn said it was good that Apple made the fix it did, even though it wasn't complete. "In my opinion, it is better to release several security updates," he said. "Apple fixed the serious part very quick and that's good."

The unresolved vulnerability is due to a problem with the Mac OS Finder, the component of the operating system used to view and organize files, Lehn said. The operating system assigns an identifying image, or icon, for a file based on the file extension. However, it decides which application will handle the file based on information that is stored separately from the file, called metadata.

CONTINUED: Masquerading files…
Page 1 | 2

See more CNET content tagged:
Apple iChat, scrutiny, Apple Computer, cyberattack, Apple Mac OS

80 comments

Join the conversation!
Add your comment
FUD
So it's still possible to trick a user? I'm shocked and amazed. Be
serious c/net, human engineering will always be possible on any
platform, since the weakness isn't in the computer.
Posted by Macsaresafer (802 comments )
Reply Link Flag
Well i am not a mac user
But from reading this small piece

Quoting : "By pulling this Trojan horse-style trick, a user might believe he is getting a movie or an image, but running it could wipe all user data on the hard drive, for example. "

only frustrates me. I know Unix based OSes enough to understand that this venerability would not be able to clean out your entire hard drive due to strict file permissions. Unless this venerability elevates the scripts privileges to a system wide level.
However i know there are many readers out there that will equate this to the easily achievable situation on Windows system.
Posted by Martin_Jozef (21 comments )
Reply Link Flag
it happened to me...
unfortunately, that exact thing happened to me...i was downloading what i thought was a patch for one of my games ( a stupid thing to do, not downloading it directly from the game developers web site), and when i to installed it i browsed to the drive io had my games on to find i thad been wiped completely clean. all i can say is...be careful.
Posted by beamer86 (1 comment )
Link Flag
look for news elsewhere
This is my last post at CNet.com, as well as my last visit. While
I've never thought their 'journalism' to be based on fact, reason,
and the desire to fully inform their readership, I've often visited
the site to see the topical headlines for the day - mostly as a
jumping off point. Well, no more. It has become painfully clear
over the last few weeks that CNet will publish anything that can
increase their web traffic (ad hits), regardless of the quality of
the story. They have realized that by printing negative articles
about Apple/Mac, that they can draw the fanboys out of the
closet to battle on the 'Talkback'. Since everyone (mostly) who
visits the site either use macs or pcs - they know that the
everyone will have an opinion. It is obvious that they
intentionally publish articles just to flame the fire of the Mac vs.
PC crowd, getting them irrate enough to post Talkback. I can
almost picture them now, huddled around a screen watching the
traffic on this article and cheering as the page view meter climbs
on ad impressions. If you agree with me that this is the case, I
suggest the following.

Do not post to the Talkback regardless of how 'incorrect' the
published article is. Just don't. The PC trolls are just waiting for
your response, and they will be sure to reply. You should even
reconsider reading any and all stories regarding Apple (don't
worry, you won't miss anything).

Without the 'bait' of Apple fans to ratchet up discussion (and
rekindle the OS war), CNet will lose the incentive to write such
garbage. Just realize that by voicing your opinion on Talkback,
you are justifying CNet's modus operandi to increase their
advertising revenue, and rewarding them for a job poorly done.

As I said, I'll never be seen here again - so good luck with my
advice. To the writers at CNet: Hope you never lose your job,
because you won't pass muster in any publishing company that
values integrity and reputation.
Posted by bitjunky (8 comments )
Reply Link Flag
bye
excuses vs. excuses
Posted by brian g--2008 (25 comments )
Link Flag
Keep reading and responding
I agree with Mr. Rogers that cnet appears to be generating page
hits by using sensational headlines. However, it makes no sense
to NOT respond to these articles with facts and corrections. If BS
gets spread without someone setting the record straight, it just
grows. Best practice is to nip it in the bud right there in the
comments. Then everyone who cares to do so can read it and
make up their own minds what to believe.

It is also a gret idea to let cnet know when they are being sloppy.
It can't be good for the site's reputation for a large percentage of
the comments to continually point out their sloppiness.

Have a nice day!
Posted by lesfilip (496 comments )
Link Flag
Windows FUD is OK; Mac FUD not OK?
Just so I understand...C|Net was a nice "jumping off point" for stories and headlines as long as the sensational FUD was focused on Windows. Now that Apple is receiving that same sensational FUD, suddenly C|Net is a festering pit of fraud and libel. That about sum it up?

Your contempt for truth and integrity is your problem.

As for me, I'm loving the irony of it all. But you left these talkback forums so I guess my reply is lost.
Posted by Richard G. (137 comments )
Link Flag
You've been saying "bye" under different handles
Typical *******, always yapping, never DOING.
Posted by kamwmail-cnet1 (292 comments )
Link Flag
Is there another site like this for Apple news?
I agree. It sure looks like cnet is just flaming the fire. But what
else is there out there where you can find the technology news of
the day like on cnet? I do like reading the responses and
occassionaly responding.
Posted by John B. Kendrick (20 comments )
Link Flag
Fascinating....
I'm a windows not by choice (workplace is a windows house) and its fasinating to see how all of a sudden all of these "news stories" are coming out around the same time as Vista beta releases....I'm not a conspiracy theorist or anything but the timing is just too weird to ignore.

As for the security risks, there isn't an OS out there that can't be hacked. Coming from a windows world, you just learn to live with these security threats and keep them in mind. Same goes for Macs. The article isn't shocking news in terms security threats so I don't know why they're making a big deal out of it...Users wheither it be Apple, Windows, or Linux must be aware of what's out there and to do simple things to protect themselves end of story.

BTW, I am switching to a MacBook Pro for my work machine, although there are security threats, they less frequent on a mac than they are on windows machines. As for CNET, stop making a big deal out of the obvious; security threats are a concern no matter WHAT OS you use. Whether the companies patch them or not. PERIOD.
Posted by New2Mac (2 comments )
Reply Link Flag
Interesting..
I read through the entire article and did not notice any doom and gloom about Apple. What I read is while Apple was quick to patch the issue they didn't go far enough.
This is understandable as Apple has not had to deal with these types of issues with the level of scrutiny before.
As for CNET making a big deal about it... This is no different from they way they report MS issues.
All OS's should be treated equal in that reguard be it MS, Apple or Linux.
Posted by Sboston (498 comments )
Link Flag
Looking under the wrong rock
You're trying to make a simple co-incidence into a seeming conspiricy by implying that someone working on Vista is trying to tear down the MacOS. It just doesn't fly though, there have been several "Vista Beta" releases and there will be more yet to come. Also MS has always been one of the most stalwart boosters of the Mac, taking down the Mac would only result in the loss of one of their markets for MS Office.

The rest of your arguments are a simple regurgitation of what we've been telling the OSX zealots for a very long time, arguments that fell on deaf ears because those zealots were perfectly sure there wasn't a chance in the world that OSX was vulnerable. Now that their house of cards is tumbling down their tune is changing and there are those who can't resist the urge to tweak those zealots for their previous intransigance.

Now the true learning from this particular article is that it's easy to patch symptoms and miss the actual underlying problem, this is something MS did many times especially in regard to the ActiveX controls running in IE.

Apple is going to find out just like Oracle recently did that it's not a good idea to wait for people to tell you what's broken, you need to actively search for these problems yourself. MS has a leg up on it's competitors in that regard since it's been forced into that hunt already.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Denial, Denial, Denial
Already, one *******'s posting threats of "boycott". Many more will start posting threads of Denial.

And much like any other junky on bad dope, they'll continue to suffer until they wake up to reality and recognize they have a problem.

Problem is not with the Mac OS itself. All OS's have holes. The problem is with Apple for not fixing these holes or just burying their heads in the sand until the holes get really big. And the flip side of the problem is the stupid ******* who lets Apple get away with this idiocy through their blind "loyalty".

Mac used to be good. Now, I trust Linux more.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
nicely put
couldn't have said it better myself.
Posted by City_Of_LA (118 comments )
Link Flag
Message has been deleted.
Posted by J.G. (837 comments )
Link Flag
I'm switching to Windows Vista!
I'm annoyed by all these reports of the vulnerability of
Mac OS X and yet I still don't have any viruses or spyware
on my mac! This is unfair! I'm switching to Windows Vista!
At least then I'll have the viruses and spyware to back up
cnet's constant warnings and claims.
Posted by titanium667 (11 comments )
Reply Link Flag
Great Plan
Since the only piece of malware I ever got was a deliberate, if mistaken, download on my part that was trapped by my firewall... I guess I can conclude there are no viruses and one piece of spyware for Windows!
Posted by Xpheyel (32 comments )
Link Flag
Welcome to affordable computing
I'm annoyed by all these reports of the vulnerability of Windows and yet I still don't have any viruses or spyware on my peecee! This is unfair! I'm switching to an overpriced platform with little third party support!
At least then I'll have no money for a home network connection and so no viruses and spyware.
Posted by sanenazok (3449 comments )
Link Flag
What We Need Is a Patriot Act For Computers!
That way we won't have to make any decisions about keeping
ourselves safe on the machine. You can just have someone
hang out over your shoulder and say, "don't click that".
Posted by djemerson (64 comments )
Reply Link Flag
C|NOT MAC FUD = MS PAYOFF
Mac OSX & Apple are on the rise recently & with Intel Chips on board too.

OSX Security warnings by C|NOT along side of MS VISTA is a comming, hang on people our Lord & Savor is rushing in to rescue us from all of our problems with SIX versions of AstalaVista OS ( aka Longhorn-Longshot)...

Coincidense?

Windows has 90% of the worldwide market with 99% of the virus/trojan horse/worms/malware/crashes/hackers too.

Follow the money my friend, for the proof is in all the MS banner ads & "rumors, MS PR leaks about Origami"...

FUD PDQ CNOT!
Posted by Llib Setag (951 comments )
Reply Link Flag
Incoherent
Your post is almost completely incoherent but it seems the gist is you think (and I use the word "think" lightly) that MS is behind these stories.

Your actual thoughts must be as incoherent as your message since you conveniently forget that MS is and always has been one of the biggest boosters of the Mac and is still it's largest software vendor. MS has money invested in Apple and the Mac so your "follow the money" theory falls flat on it's ignorant face.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
CNet and Joris, your journalistic integrity is suspect
It's amazing to me that time and time again, CNet and the author (Joris) keep dredging up potential threats against a platform that, frankly, no virus writer really cares about. This is scare-news, not real news.

All computer platforms are insecure, and the Mac has flown under the radar due to it's numbers. Now that you're screaming it's doom from the rooftops, I'm sure it's only a matter of time.

You claim to be doing it for the benefit of the public, but from the consistent lack of real information in these articles, like, how does one secure themselves from these vulnerabilities? How great a threat is it, really? Who authored the exploit? Has it spread? It's obvious you're just trolling for news.

You are not impartial, and your journalistic integrity is suspect.
Posted by kylegas (81 comments )
Reply Link Flag
For a company that's going out of business soon...
...(and has been for 30 years) there sure seems to be a lot of interest in how secure/unsecure their OS is.
Posted by Norseman (1319 comments )
Reply Link Flag
Are you serious..
They are having some of their best quarters now more than ever.
The only way Apple is going anywhere, is if you get rid of Steve
Jobs, once he is gone, Apple will follow. Even then Apple would die
a slow death of a few years. So I don't know how soon you are
talking about, what the next 5-10 years, after Jobs is gone "some
day"?
Posted by MidniteRaider (94 comments )
Link Flag
Mac "hackers": want a REAL challenge?
By Jim Dalrymple

Claims of Mac OS X being hacked in under 30 minutes are not
quite what they seem, according to Dave Schroeder, Senior
Systems Engineer at the University of Wisconsin - Madison.

A recent ZDNet article told the story of a Swedish man who
setup his Mac mini as a server and invited people to try to break
into the system and gain root control. Having root control of a
computer allows you do install applications, move or delete files.

Anyone that wanted to hack the machine was given access to the
machine through a local account (which could be accessed via
SSH), so the Mac mini wasnt hacked from outside  root access
was actually gained from a local user account.

That is a huge distinction, said Schroeder.

Schroeder points out that, by default, Mac OS X machines will
not give any external entities local account access; not have any
ports open; and most consumer machines will also be behind
personal router/firewall devices, further reducing exposure.

Mac OS X is not invulnerable, said Schroeder. It, like any other
operating system, has security deficiencies in various aspects of
the software. Some are technical in nature, and others lend
themselves to social engineering trickery. However, the general
architecture and design philosophy of Mac OS X, in addition to
usage of open source components for most network-accessible
services that receive intense peer scrutiny from the community,
make Mac OS X a very secure operating system.

Schroeder is so sure of the Macs security if setup properly that
he is having his own security challenge. According to his Web
site, the challenge is as follows: simply alter the web page on
this machine, test.doit.wisc.edu. The machine is a Mac mini
(PowerPC) running Mac OS X 10.4.5 with Security Update
2006-001, has two local accounts, and has ssh and http open -
a lot more than most Mac OS X machines will ever have open.
Email das@doit.wisc.edu if you feel you have met the
requirements, along with the mechanism used. The mechanism
will then be reported to Apple and/or the entities responsible for
the component(s). Going after other hosts/devices on the
network is out of bounds.

Schroeder told Macworld by email that the challenge will be
open until Friday, March 10, 2006.
Posted by rslavelle (11 comments )
Reply Link Flag
And what does this have to do with the price of tea in China?
You're off subject.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
2nd paragraph totally erroneous
This article totally mis-reports the facts of the original problem.

Ultimately, the only way to stop someone from doing something
stupid, like double clicking on an file of which they don't know its
provenance, is to unplug the !@#$ computer.
Posted by kiltbear--2008 (7 comments )
Reply Link Flag
Five C/Net articles for $100?
A Wall Street Journal columnist recently wrote that online
'reporters' are being paid a little as $100 to write five 500-word
articles. Perhaps that explains the extremely poor quality of
articles like this one. The basics of journalism -- who, what,
when, where, how and why -- are mainly absent. My first
career was as a journalist for two highly respected newspapers.
I would not refer to drudges who grind out material like this by
that title.

Other commenters have addressed some of the numerous flaws
in this article. Still, let's clarify a few:

" The patch is not meant to prevent people from opening files
of their choice, but to warn them of the possibility the files
contain malicious code. After being warned, the user can either
proceed to open the file or check its information profile in Get
Info. If he is really concerned, he can confirm the nature of the
file in an application such as DataViz' MacLink. The article is
written as if Apple has a duty to prevent users from ever
downloading a file with malicious code. It does not. Such a
requirement would be an impossible burden.

" The patch is for Safari because it is an Apple progam. Apple
cannot realistically be held responsible for foreseeing exploits of
every third-party program a user might install.

" Mac users generally do not say their computers are
impregnable, as the article implied. They say their computers
are much more secure than Windows-compatible computers,
which is true.

Five C/Net articles for $100? C/Net gets what it pays for.
Posted by J.G. (837 comments )
Reply Link Flag
Another one misses the point
The patch was a band-aid which only covers a subset of the problem. The basic problem itself is deeper in the architecture and only taking away one route for the problem to occur doesn't fix it. The warning is only provided if the file is downloaded using a specific application while the underlying ability for a file to masquerade as something it isn't remains intact and examples were given of other applications which could result in unsafe files being executed simply because they look "safe". How hard is that for you to understand?

Suppose I used the built in FTP program to retreive the file instead of Safari? Should Apple also add that patch to the FTP program? How many other built-in programs can be used to get files from remote sites? Should they all be patched? Or perhaps Apple should examine the underlying problem and see if there's something they can do to prevent themselves from having to work on each and every individual program that could download a file.

And you've not been following these boards long if you think that Mac Users haven't been saying their computers are impregnable because there have been a lot of posts implying exactly that posted on these boards.

Also how much someone gets paid per article is between them and their publisher, your attitude is nothing more than snobbishness.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Time to Take Away Custom Icons?
It seems like that's the only fix to this Mac "vulnerability" that's been around for what, 15+ years?
Posted by open-mind (1027 comments )
Reply Link Flag
Possibly but...
Possibly but give Apple some time to think about it. Perhaps they can come up with something innovative that'll solve the problem without have to take that kind of step.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Will it ever end...
You know, I don't wish Apple users any ill will, but all of this media attention is going to result in a nasty zero-hour exploit from someone just itching to prove that it can be done. Nothing is perfect, and I think Apple is in for some rough times security-wise in the very near future.
Posted by rfordtech (6 comments )
Reply Link Flag
CNet should interview an expert on the Law of Diminishing Returns
You can only pump the "Mac security flaw" page-view machine so much, and interview so many random "experts," before people just ignore fluff like this.

By the time there IS a legitimate security flaw or REAL experts to interview, no one may care.
Posted by M C (598 comments )
Reply Link Flag
Exploits
I have to point that all OS may be cracked, last year an official pactch (yes a patch) opened an exploit on Solaris 9. And this exploit needed an internal acount to be used.

The default security of Mac OS is tuned for convenience not for security. It's a personal workstation.

And no amount anti-* software will prevent careless users to get infected. That's why secure PC's in business enviroments don't let users to install anything.

In my last work, a windows machine got infected with a trojan. That's not a result of a windows flaw, but a careless operator that used the server for personal tasks.

Even the best security is useless without correct procedures (humans included).

If you try to tighten security, then usability and convenience goes trough de window. Just try to enable full selinux.
Posted by Pablo Vogel (3 comments )
Reply Link Flag
This is not an Apple Only Problem!
Social engineering is a problem that has to be faced on every
system as well as in real life.

I also pointed that out in the email interview:

----------
[http://....|http://....]
This later issue is known as "Social engineering" (<a class="jive-link-external" href="http://" target="_newWindow">http://</a>
en.wikipedia.org/wiki/Social_engineering_%28computer_security
%29). A hacker does not exploit a security flaw. Instead he/she
exploits the user. There is no way to completely prevent this.
So at least it should be made as hard as possible. In this case a
hint that a file is an executable and not a movie would help. But
still, if a user downloads some file from the internet and really,
really wants to execute it you can't stop the user. You only can
decrease the possibility the user is doing something he/she
doesn't actually want to do.

So it's right at the moment is seams suddenly more dangerous
to disable the "automatic open" option. If it's on and the
security update is installed you now get a warning. If the option
is disabled files are downloaded without warning. If you extract
the file there is no warning. After that it might look like a movie
with a tempting name. If you double-click it, it gets started
without warning.

Finally a computer is only safe if you turn it off. Making a
system secure is always finding the right mix. It has to be
usable, but transparent, but not too complicated,.... (no warning
-&gt; obviously bad; too many warnings -&gt; the user will ignore
them; a too restrictive firewall -&gt; the user turns it off; ...). In
this respect it I just trust that Apple will find the right mix. If
not them who else?
[http://...|http://...]
------
Posted by Michael Lehn (1 comment )
Reply Link Flag
Warning meets diligence standard
I found the article unrealistic partly because Joris is missing the
point, on which both you and I are focusing: The point of
Apple's patch IS NOT to prevent a user from ever installing
malware. The point IS to warn the user and make such an
installation less likely. The ignorant or indifferent user of any
product may find a way to do harm with it. In the law, we use
the 'reasonable man' standard to analyze issues of culpability. I
believe that a reasonably prudent person would be aware of the
possibility a file is malware, and, as a result, confirm that it is
what it says it is based on the warning when downloading a file
in Safari. The demand that Apple make downloading foolproof
that some of the sources have is unrealistic and unreasonable.
Posted by J.G. (837 comments )
Link Flag
Proof of CNet biased reporting...
"News.context

What's new:
Experts say Apple's most recent patch doesn't completely fix a
high-profile flaw, leaving a toehold for more cyberattacks.
Bottom line:
It's another ding in the reputation of the Mac maker, which has
previously stood on the sidelines of the security fray."

The "High Impact" box says it all. This is biased "gotcha"
journalism in its purest form. Dan Rather couldn't have done any
better.
Posted by lkrupp (1608 comments )
Reply Link Flag
Every OS is vulnerable
even OSX
Posted by Stan Johnson (322 comments )
Reply Link Flag
Good Lord!
Does the crap ever stoppeth?????

Why is Apple getting scrutinized for this?
Sure it would be nice if my Picture icon really looked like the app it really was...but then again I wouldn't need a password to launch the damn thing anyways.....

Then again it would be nice if all OSs did this, DUH!!

Go find someone else to pick on...

I think I've given up on CNET &#38; ZDNET.....
Posted by theoscnet (36 comments )
Reply Link Flag
Password?
Correct me if I am wrong, but I don't think you need a password to delete your user files or to send e-mail messages. Script code could be programmed to do this.
Posted by JorisEvers (48 comments )
Link Flag
Ha!!!
And triple ha!!!

:-p
Posted by Mendz (519 comments )
Reply Link Flag
A happy little reminder
Yeah It's the same as any other OS

<a class="jive-link-external" href="http://symantec.com/avcenter/global/vinfodb.html" target="_newWindow">http://symantec.com/avcenter/global/vinfodb.html</a>
Posted by scweezil (171 comments )
Reply Link Flag
NEW CONTEST ( http://test.doit.wisc.edu/ ) CLOSED. RESULTS??
Nothing.

As in NADA.

After traffic spiking at 30Mbps...
After two concentrated DoS attacks where the host remained
up...
After numerous web exploit scripts, ssh dictionary attacks and
having its rear probed by scanning tools...
After OVER FOUR THOUSAND login attempts...

ALL ATTEMPTS FAILED!
(unless he's lying)

Next??

PS: I LOVE the "Objections to this test" section of the page. It
shows perfectly how Mac users truly have the best of both
worlds. At its core, Mac OS X enjoys the benefits of using open-
source technologies (Apache, OpenSSH). And yet, OS X users
also benefit from the concerted effort and vision of ONE
COMPANY designing and implementing these and many other
technologies, both open and closed-source, making sure (to the
best of their abilities) that "it all just works". This is a benefit
that neither Linux (fully open source but "headless" in it's
implementation -- and challenging to implement across the
hardware "soup" of the x86 PC platform) nor Windows can offer
(totally a closed technology, requiring all that it is to emanate
from a single source or brain/talent pool: Microsoft... and ALSO
subject to the hazards of doing so in the "soup" of the x86
hardware platform).

To all of this, I say GO APPLE!!! I GOT FOUR WORDS FOR YA: I...
LOVE... THIS COMPANY!!! EEEEEYYYYYEEEAAAAHHHHHHHH!!!!!!
Posted by MacDuff (62 comments )
Reply Link Flag
Have seen a single incigence of iis 6hack?
Exactly. No one publicises this, but ii6 has not been exploited a single time. Compare that to apache....
Posted by Pascoli (74 comments )
Link Flag
Canot access the web site http://test.doit.wisc.edu/.
I cannot find the site <a class="jive-link-external" href="http://test.doit.wisc.edu/" target="_newWindow">http://test.doit.wisc.edu/</a>. Can you post more info about the hacking contest of this site? a google search did not show any info about this site except for the above URL, which cannot be accessed.

Basicly, if you have a web site that just serves static pages, it will be a lot easier to defend than one with lots of functionatlies.
Posted by fc11 (48 comments )
Link Flag
LOL! Hide the beer! My folks are home!
WOW! I cannot believe this! While you can if you go to <a class="jive-link-external" href="http://" target="_newWindow">http://</a>
test.doit.wisc.edu/ (the big hacker test at University of
Wisconsin), you are greeted with this plain text message:

"Yesterday we discovered the Mac OSX "challenge" was not an
activity authorized by the UW-Madison. Once the test came to
the attention of our CIO, she ended it. The site,
test.doit.wisc.edu, will be removed from the network tonight.
Our primary concern is for security and network access for UW
services. We are sorry for any inconvenience this has caused to
the community."

So... the guy staged this challenge on the university bandwidth
-- and network -- without proper authority! bad move! Like,
what IOF someone got through? How much collateral damage
could have been done? In the back of my mind I wondered if this
was sanctioned by the university, but then I thought the guy
couldn't be THAT dumb! Turns out he was! it doesn't negate the
results... but it could negate his employment!
Posted by MacDuff (62 comments )
Reply Link Flag
The challenge needs a new home
Hopefully, a tech site that can dedicate an isolated server to the
purpose will host the challenge.
Posted by J.G. (837 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.