Dave Schroeder on Monday invited hackers to break into a Mac Mini he attached to the university network. The challenge would last until Friday, he announced. The contest was in response to an earlier challenge, which Schroeder criticised as too easy.
But the event ended early -- Tuesday night. On Wednesday, information emerged that the contest had drawn the scrutiny of the university's chief information officer, Annie Stunden.
"The Mac OS X 'challenge' was not an activity authorised by the UW-Madison," Brian Rust, a university spokesman, said in an e-mailed statement. "Once the test came to the attention of our CIO, she ended it...Our primary concern is for security and network access for UW services."
The same statement also appeared on Schroeder's challenge Web site on Wednesday afternoon. "Dave was well-meaning, but he did the test pretty much on his own," Rust said in a phone interview.
Universities are often the target of cyberattacks. The academic institutions face the challenge of balancing the need to share information on large networks with the need to secure data.
The Mac OS X contest ended without a negative impact on the University of Wisconsin-Madison's network, Rust said. "We were able to handle the traffic, and there were no compromises to university systems," he said. The university apologised for any inconvenience its action caused to the Mac community.
The university is distancing itself from the challenge. "If Dave wants to continue this test, he has to do that privately, not using university systems," Rust said.
Schroeder had said he wants to publish some details on the attempts that were made to hack his Mac. The computer was connected to the Net for more than 30 hours, apparently without being compromised. In the earlier challenge, an anonymous hacker claimed he was able to compromise OS X within 30 minutes using an undisclosed vulnerability. However, attackers in that case had been given user-level access to the system rather than being shut out completely.
These hacker challenges came after weeks of scrutiny of the safety of OS X, prompted by the discovery of two worms, and the disclosure of a serious vulnerability. Security experts are also questioning the effectiveness of Apple's latest patch.
Just to put it into perspective - OS X is neither safer nor more risky regarding security than before that ZDNet Australia article was published, contrary to what ZDNet might have you believe. All the same good behaviours regarding security still apply.
To get an insight into the perspective ZDNet Australia might be trying to push I find it informative to look at their front news page on security.
At the time of posting this I count a total of 16 major headline articles including a boxed discussion title. Of the 16 articles the breakdown is this
Mac OS X serious security issues/hacked/"serious flaw patch": 7
Mobile PDA/Phone Devices: 3
Firefox Phishing Shield: 1
Mozilla: 1
Open Source: 1
Legal trade secrets challenges Yahoo/unnamed French: 2
Symantec Net security Meter: 1
If this is the true state of affairs then it is clear that Mac OS X must be the most unsafe OS on the planet by a huge margin. It's funny then that all the talkback computer shows on radio seem to spend about 80% of their time or more on adware, spyware, and virus, trojan and worm attacks for another operating system.