Univ. of Wisc. Madison Mac OS X Security Challenge Update

If you remember, Mac sysadmin at University of Wisconsin Madison, Dave Schroeder, set up a Mac mini as a type of honeypot to challenge the "hacking" community to see if anyone could compromise a Mac OS X 10.4.5 system. The Mac mini in question was set up as an "out-of-the-box" system with Apple's Security updates applied, and he turned on both SSH and Apache, two common Internet services, but not ones that the average Mac OS X user would ever enable.

Initially, the contest was set to end on Friday, March 10th, after which he would publish the details of his experiment. However, checking the site this evening, I see that he's scheduled it to end tonight at midnight (Central Time). Dave Schroeder also says that "the machine is under intermittent DoS attack. Most of the other traffic, aside from casual web visitors, is web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus."

Has the box been compromised? He doesn't say, but he will be publishing the results of the experiment (probably tomorrow). I'm very interested and intrigued to read what the end result will be, even if it the news isn't good (i.e. the machine was actually compromised). Whatever the results, it's sure to be a better analysis of Mac OS X security than the misleading and poorly-designed example making the news rounds yesterday.