Monday, March 6, 2006

Mac OS X Hacking Contests

Last month, a blogger conducted an OS X hacking contest. Attackers were given local user access to a Mac running OS X and were asked to remove several directories or deface the running website...it was contest ended 6 hours later.

The winner stated that he used a non-public vulnerability to gain root access to the Mac. But this isn't a true hacking test, is it?

I do agree that giving attackers local access does make the process MUCH easier, but it still sends a very powerful message. OS X has local privilege escalation vulnerabilities that are not public. They are not known by the vendor and not known by the public. However, Apple isn't alone in this class. Blackhats are constantly on the lookout for unknown holes in all operating systems. At least once a year, you will hear about some new critical zero-day vulnerability that affects Windows users.


But what about hacking into OS X from the internet with no beginning access? What will happen? I don't know, but the University of Wisconsin plans to find out. They have started their own Mac OS X Security Challenge. It is slated to end on March 10th...so get to hacking. Go ahead.

Was Apple ready for this new surge of hacker attention? Only time will tell...

No comments:

Post a Comment