If you remember, Mac sysadmin at University of Wisconsin Madison, Dave Schroeder, set up a Mac mini as a type of honeypot to challenge the "hacking" community to see if anyone could compromise a Mac OS X 10.4.5 system. The Mac mini in question was set up as an "out-of-the-box" system with Apple's Security updates applied, and he turned on both SSH and Apache, two common Internet services, but not ones that the average Mac OS X user would ever enable.
Initially, the contest was set to end on Friday, March 10th, after which he would publish the details of his
experiment. However, checking the site this evening, I see that he's scheduled
it to end tonight at midnight (Central Time). Dave Schroeder also says that "the machine is under intermittent DoS attack. Most of the other traffic, aside from
casual web visitors, is web exploit scripts, ssh dictionary
attacks, and scanning tools such as Nessus."
Has the box been compromised? He
doesn't say, but he will be publishing the results of the experiment (probably tomorrow). I'm very interested and
intrigued to read what the end result will be, even if it the news isn't good (i.e. the machine was actually
compromised). Whatever the results, it's sure to be a better analysis of Mac OS X security than the misleading and poorly-designed example
making the news rounds yesterday.
Univ. of Wisc. Madison Mac OS X Security Challenge Update
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.