A Mac OS X hacker challenge apparently got a systems engineer at the University of Wisconsin-Madison into trouble with university administrators.
Dave Schroeder on Monday invited hackers to break into a Mac Mini he attached to the university network. The challenge would last until Friday, he announced. The contest was in response to an earlier challenge, which Schroeder criticized as too easy.
But the event ended early--Tuesday night. On Wednesday, information emerged that the contest had drawn the scrutiny of the university's chief information officer, Annie Stunden.
"The Mac OS X 'challenge' was not an activity authorized by the UW-Madison," Brian Rust, a university spokesman, said in an e-mailed statement. "Once the test came to the attention of our CIO, she ended it...Our primary concern is for security and network access for UW services."
The same statement also appeared on Schroeder's challenge Web site Wednesday afternoon. (His site, http://test.doit.wisc.edu, was down as of Thursday morning.)
"Dave was well-meaning, but he did the test pretty much on his own," Rust said in a phone interview.
Universities are often the target of cyberattacks. The academic institutions face the challenge of balancing the need to share information on large networks with the need to secure data.
The Mac OS X contest ended without a negative impact on the University of Wisconsin-Madison's network, Rust said. "We were able to handle the traffic, and there were no compromises to university systems," he said. The university apologized for any inconvenience its action caused to the Mac community.
The university is distancing itself from the challenge. "If Dave wants to continue this test, he has to do that privately, not using university systems," Rust said.
Schroeder had said he wants to publish some details on the attempts that were made to hack his Mac. The computer was connected to the Net for more than 30 hours, apparently without being compromised. In the earlier challenge, an anonymous hacker claimed he was able to compromise OS X within 30 minutes using an undisclosed vulnerability. However, attackers in that case had been given user-level access to the system rather than being shut out completely.
As the CIO, she has the right to shut down the test, because her job is to make sure all data at that university is secure, no matter what. He also did it without permission, so she was well within her authority to shut it down.
The University definitely had the right to shut this down. I'm sure it was causing unnecessary load on their servers. It's still impressive that this Mac made it so long w/o compromise, however ;)
I want to see a real test, boxes behind firewalls, private routers, etc. don't count to me. The average user is lucky to have a router that has NAT. I want to see out of the box, connected to a cable modem, on the net, test.
The Windows people and the Mac people should only accept these types of tests, no other 3rd party interference. No firewalls(outside built in OS ones and to use these they must be at default settings) or anything else, this tests the OS security which is what would settle this once and for all. Every 3rd party router, firewall, A/V etc only proves that if you know how to configure your box it is safe. That is not the question being raised here.
Annie is an idiot. If you agree, let her know: <a class="jive-link-external" href="http://www.doit.wisc.edu/feedback.asp?path=annieblog" target="_newWindow">http://www.doit.wisc.edu/feedback.asp?path=annieblog</a>
Professor Schroeder makes a bold and potentially historic move - an in-your-face challenge to the best of the best. And Mac wins again, much to the dismay of those who champion or who are locked into inferior systems. Make me king for three days, and I'll add a $5000.00 prize to the successful hacker and, after the contest, when the miniMac keeps humming along, cowards like Annie can take their safe, careful, prudent, and backward vision and shove off with the other bean-counters in the accounting and internal auditing departments.
It's a mean world out there. It's time for Mac. We win. They lose. End of line.
Calling someone doing her job a coward is kinda dumb.
She is in charge of data secuirty and making sure the bandwidth at the university is used properly.
He DID NOT ask for permission. Thus most of the university's bandwidth was going into this test. Bandwidth students may have needed for research purposes.
Why call the woman a coward for doing HER job.
What is it that you do? Are you an employer or employee? Would you want an employee doing something without permission? Yes? No?
Is your blind loyalty to Steve Jobs and Apple so great that you have to stoop to childish levels to make someone just doing her job look bad?
Hey, at least my friend doesn't have a c-net id. He considers Mac zealots idiots and calls MAC OSX a second rate OS.
ME? I say windows and macs both have good and bad parts. Its all in what you use it for.
1. Support technician in the (non-academic) IT division of a major University sets up hacker challenge. 2. Without getting permission from anyone. 3. He refers to it on major IT sites as "academic" and plasters an official university logo on it, implying that he's a professor or academic (which he isn't... see <a class="jive-link-external" href="http://das.doit.wisc.edu/" target="_newWindow">http://das.doit.wisc.edu/</a>), and has the University's blessing (which he obviously didn't). 4. Every script-kiddie on the planet heads for the UW's network. 5. The CIO finds out. 6. The CIO shuts it down before the UW's lawyers have her head on a pike. A wise move. 7. The CIO apologizes to the community for shutting it down. 8. Arm-chair analysts post poorly thought-out responses on teh intarweb.
1. Support technician in the (non-academic) IT division of a major University sets up hacker challenge. 2. Without getting permission from anyone. 3. He refers to it on major IT sites as "academic" and plasters an official university logo on it, implying that he's a professor or academic (which he isn't... see <a class="jive-link-external" href="http://das.doit.wisc.edu/" target="_newWindow">http://das.doit.wisc.edu/</a>), and has the University's blessing (which he obviously didn't). 4. Every script-kiddie on the planet heads for the UW's network. 5. The CIO finds out. 6. The CIO shuts it down before the UW's lawyers have her head on a pike. A wise move. 7. The CIO apologizes to the community for shutting it down. 8. Arm-chair analysts post poorly thought-out responses on teh intarweb.
It will fail miserably. Since it is based on old, unsecure code, any fixes and those workarounds will be comprimised in short order.
Sure you can secure a windows box. Castrate many functions, install several third party apps and of course a firewall. A default setting + solid firewall on OSX and Linux is far more secure then any castrated, bloated windows box.
Always has been, always will. Unless MS pulls its head out and starts from scratch with security as the #1 priority rather then the afterthought it has always been at Redmond.
The company says that manufacturing facilities in Shenzhen and Chengdu, China, will be inspected by a group "dedicated to ending sweatshop conditions in factories worldwide."
A group calling itself Evil Shadow Team reportedly hacked into Microsoft's online store in India, stealing usernames and passwords of the site's customers.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
The space agency powers down its last System Z machine, years after IBM stopped selling them for the mathematical calculation jobs for which NASA originally bought them.
was causing unnecessary load on their servers. It's still impressive
that this Mac made it so long w/o compromise, however ;)
The Windows people and the Mac people should only accept these types of tests, no other 3rd party interference. No firewalls(outside built in OS ones and to use these they must be at default settings) or anything else, this tests the OS security which is what would settle this once and for all. Every 3rd party router, firewall, A/V etc only proves that if you know how to configure your box it is safe. That is not the question being raised here.
purpose will host the challenge. Hmmm. How about C/Net?
Windows box.
Windows box.
Email ron <dot> bannon <at> gmail <dot> com if you need more
information.
Here's my port scan:
<BLOCKQUOTE>
<TT>
Port Scan has started ...
Port Scanning host: 71.56.240.67
Open TCP Port: 80 http
Port Scan has completed ...
</TT>
</BLOCKQUOTE>
<BR>
<a class="jive-link-external" href="http://www.doit.wisc.edu/feedback.asp?path=annieblog" target="_newWindow">http://www.doit.wisc.edu/feedback.asp?path=annieblog</a>
- an in-your-face challenge to the best of the best. And Mac
wins again, much to the dismay of those who champion or who
are locked into inferior systems. Make me king for three days,
and I'll add a $5000.00 prize to the successful hacker and, after
the contest, when the miniMac keeps humming along, cowards
like Annie can take their safe, careful, prudent, and backward
vision and shove off with the other bean-counters in the
accounting and internal auditing departments.
It's a mean world out there. It's time for Mac. We win. They lose.
End of line.
She is in charge of data secuirty and making sure the bandwidth at the university is used properly.
He DID NOT ask for permission. Thus most of the university's bandwidth was going into this test. Bandwidth students may have needed for research purposes.
Why call the woman a coward for doing HER job.
What is it that you do? Are you an employer or employee? Would you want an employee doing something without permission? Yes? No?
Is your blind loyalty to Steve Jobs and Apple so great that you have to stoop to childish levels to make someone just doing her job look bad?
Hey, at least my friend doesn't have a c-net id. He considers Mac zealots idiots and calls MAC OSX a second rate OS.
ME? I say windows and macs both have good and bad parts. Its all in what you use it for.
1. Support technician in the (non-academic) IT division of a major University sets up hacker challenge.
2. Without getting permission from anyone.
3. He refers to it on major IT sites as "academic" and plasters an official university logo on it, implying that he's a professor or academic (which he isn't... see <a class="jive-link-external" href="http://das.doit.wisc.edu/" target="_newWindow">http://das.doit.wisc.edu/</a>), and has the University's blessing (which he obviously didn't).
4. Every script-kiddie on the planet heads for the UW's network.
5. The CIO finds out.
6. The CIO shuts it down before the UW's lawyers have her head on a pike. A wise move.
7. The CIO apologizes to the community for shutting it down.
8. Arm-chair analysts post poorly thought-out responses on teh intarweb.
That about the size of it?
1. Support technician in the (non-academic) IT division of a major University sets up hacker challenge.
2. Without getting permission from anyone.
3. He refers to it on major IT sites as "academic" and plasters an official university logo on it, implying that he's a professor or academic (which he isn't... see <a class="jive-link-external" href="http://das.doit.wisc.edu/" target="_newWindow">http://das.doit.wisc.edu/</a>), and has the University's blessing (which he obviously didn't).
4. Every script-kiddie on the planet heads for the UW's network.
5. The CIO finds out.
6. The CIO shuts it down before the UW's lawyers have her head on a pike. A wise move.
7. The CIO apologizes to the community for shutting it down.
8. Arm-chair analysts post poorly thought-out responses on teh intarweb.
That about the size of it?
same contest and see how if it does any better than OS X.
Now that would be a newsworthy story. Any CNET Editors ready for
that juicy bone of a story.
Sure you can secure a windows box. Castrate many functions, install several third party apps and of course a firewall. A default setting + solid firewall on OSX and Linux is far more secure then any castrated, bloated windows box.
Always has been, always will. Unless MS pulls its head out and starts from scratch with security as the #1 priority rather then the afterthought it has always been at Redmond.