They must mean OS 9 is worth 5 points - it is extremely hard to hack considering you can only do a remote login if there is software setup to do so.
OS X should be no harder or easier than any other BSD machine.
And for all of those thinking that this type of non-oriented, hacking for the sake of hacking has no purpose, you are right - and wrong.
Isn't better that a hacker hack a site just to do it, rather than hack it with the malicious intent of stealing information or infecting machines with virii? What is going on here seems like nothing more than a bunch of kids going out to egg houses.
As far as creating more work for legitamite webmasters - too bad. The internet is a dangerous place, and having a website that is in any way valuable is like parking your Mercedes in the ghetto. You best have a damn good alarm. Well good luck webmasters - I hope you did your homework, because the hackers certainly have.
BTW, here is the site:
www.defacers-challenge.com
eschaton

You can check ANY site at:

http://uptime.netcraft.com/

and type the address into the 'Whats that site running' field.

Interesting that Army running Webstar instead of Apache.

The way this kind of thing adds 'value' to the web is that if someone is hacked ... that the software gets patched.

Over time, they'll learn how to truly protect a website.

This is not at all amusing for those of us who count on our websites to earn a living. My site was compromised through an FTP exploit a year or so ago, and it meant the loss of thousands of dollars in sales while I rebuilt it. I don't run FTP (or telnet) anymore, but I'm sure an enterprising hacker could still find a way in.

Not funny.

patch your holes or shut the f*** up. part of the job of being a webmaster isn't just to build the sites...it's to make them secure. f****** grow up and patch your holes. if you're one of those web people that don't know anything about a computer except how to make flash pages, go buy a book about server administration and read it.

FR33 K3VIN

I also think the point system is based on how common the o/s is partially, because windows is so prevalent, many people will hack them, and its alot easier to find ones that aren't up to date on patches. Also I think it is to encourage hacking mac machines, maybe this will bring a new era in finding vulnerabilities in the unix/mac systems.

Sorry, but telling a webmaster that he needs to "shut the f*** up" and "patch your holes" does not justify hacking into his site. Doing so is ILLEGAL and is no different than breaking into someone's house. You can't tell that person after you break his door down "well, gee, you should be thankful because this will show you that you need to buy a bigger and stronger door." Well, you can tell the person that after you are led off the scene in handcuffs.

I'll repeat again: HACKING IS ILLEGAL. Depending on how angry you make the webmaster, you may end up having federal agents knock at your door, informing you that are under arrest and that you WILL be prosecuted on charges of illegal entering of a computer system.

So, you know what? f*** YOU.

I would laugh my a** off if this was an FBI sting operation. Hack a site, go to collect your prize and land yourself in jail!

LOL!

The whole idea behind this is stupid. Someone needs to shut them down....

"This contest is irresponsible. Furthermore, MacNN is equally irresponsible by printing it. I agree, this is just motivation for more people to try and hack Macs."

yeah, and how is MacNN irresponsible? it's a news item, they are reporting it. end of story. by your logic, i think the New York Times is irresponsible for posting news about the 9/11 tragedy, because it's just motivation for more people to try to crash planes into buildings...

"I would laugh my a** off if this was an FBI sting operation. Hack a site, go to collect your prize and land yourself in jail!"

Haha, LOL, that would be great! It would show these arrogant morons that they aren't as smart as they think they are. LOL!

by your logic, i think the New York Times is irresponsible for posting news about the 9/11 tragedy, because it's just motivation for more people to try to crash planes into buildings..."

Wrong analogy, you blistering idiot. It would be more equivalent to the New York Times printing a news item about how bin Laden was looking to pay huge cash prizes to the families of people willing to crash planes into buildings before 9/11.

Dumbass, get your logic straight.

i see this report in No way promoting hacking, i am glad that MacNN reported on this, because it is probably a good idea for webmasters to get prepared, at least this time we get a warning.

A proper setup of AppleSare IP without any third-party software should be worth 1000 points.

i see this report in No way promoting hacking, i am glad that MacNN reported on this, because it is probably a good idea for webmasters to get prepared, at least this time we get a warning.

Wrong, this whole thing should not be taking place at all.

You know you can get arrested for this. It's no different than breaking and entering. Even if you did not "take" anything. It's still against the law. And any contest that is advocating something illegal is it self void and illegal. So the people legally do not have to pony up the prize. If fact they could be held liable for any damage these people do for the "contest"

I dont understand, what do you mean by "thig whole thig", do you mean the hacking contest should not be taking place at all? (and how do you propose we can stop it?) or do you mean that MacNN should not report about this hacking contest?

this report hopefully will help me not get hacked, at least this sunday, i will make sure to turn off services that are not vital to the site and check for other possible security holes.

I'm guessing it will be particiating sites don't you think?Who the h*** is going to deface major comercial sites and expect to get away with it..DOH!
Relax.

Hacking is not only illegal, but soon you will get a mandatory life sentence for hacking, if Bush and Congress get their way. Congress has been hinting at this for about a year now and if they haven't already passed this, they will. What a way to throw away your life for a short thrill.

Go to jail you idiot.

Riiiiight, so I guess we'll all be safe if we close our eyes, cover our ears, and sing "la la la la la...". To bad the problem is it is happening, and people like me (who run several Mac OS X websites) are glad to know about it and prepare for it.

I'm pretty sure my sites are secure, but before the weekend maybe I'll run one last check to make sure everything's locked down and patched up to date, all my passwords are freshly changed and complex, and someone hasn't accidently changed permissions on any files.

And yes, Windows admins (including myself) need to patch their stuff. I'm to the point of breaking fingers of folks who get hacked because they haven't applied patches that are over six months old. I feel no pity for them, and wouldn't mind it a bit if their systems were wiped clean because at least then they wouldn't become a jumping off point to try to attack my boxes. Hacking Windows is only good for one point because it's so easily exploitable when not properly administered, and if this finally drives that home to folks, then good.

And now for something constructive: http://www.securemac.com/

Excuse me, but you shouldn't be posting this. It's called giving publicity. I will laugh if you guys get hacked.

Seems the URL posted here for their website no longer works...probably the company hosting it didn't like the heat they were going to get from the webhosting community.

As for the wanker berating webmasters for not making their sites secure I think in most cases it is the webhosting company who is responsible for installing security updates and making the server secure...after all that is what I am paying that monthy charge for. I have been searching for a new host and one of the ones I had been looking at had everyone of the sites they host hacked last weekend by some Brazilian dudes spouting n*** propaganda in Portuegese. Kind of rules those guys out for my business...and now I will wait until after Sunday to make sure any of the other ones I am considering don't get hacked. It really is pretty difficult to judge if a host is has secure server...I really don't want to become a security expert just because I want to host a site showing off my photography. Of course this doesn't apply to big companies who host their own sites, but the majority of sites out their are hosted on shared servers.

First of all, MacNN is a news website. Other news websites (The Washington Post, NY Times, /. etc.) are all reporting on this as well. How is this "irresponsible"? It IS news, and is being reported as such.

Second, if you're afraid of your site getting cr/hacked, GO UPDATE YOUR SERVER SOFTWARE and quit complaining. It is f****** stupid to say that it "cost us thousands of dollars when we got hacked last time". That money is usually spent on updating out of date software. If you haven't updated IIS or Apache, then you deserve to get hit.

Third, hacking is sure illegal, but is your computer completely legal? Any MP3s? Illegal "backup copies" of your software? Exactly. Don't be a hypocrite.

all sites and databases on my OS X server. I'm not worried but it's always good to be safe.

I really feel sorry for the fools running Windows and MS IIS. They might want to cancel their weekend plans or take their servers offline JIC.

It is a full time job just working on securing servers. Any web admin that thinks differently is deluding themselves and is cheating their customers. IF you are not fully patched and get hacked, it's only your fault. Anyone who thinks that laws are going to protect you from begin hacked right now is also delusional. Laws exist only to get compensation for damages after the fact. They will never stop everyone. So I'll repeat what has already been said,

Patch your systems, or shut the F**K up.

The InformationWeek web site is apparently down right now... did the hackers start with them??

Can the persons spouting swear words at webhosts and masters please give out the home (physical) address. I will be more than glad to host a site offering a award to break into his home and deface it. 1 point for a schlage lock, 2 points for a medeco 3 points if there is a bolt lock too.

Anyone ??

Would kinda suck when the police showed up.
"sorry dude, as a homeowner it is part of your responsebility to put bars on all the windows. Sorry cant help you. What you said the wrote sucker on you mirror. Well you are a sucker, aren't you"

I like people attitude. Oh i is her own fault she got raped, she was wearing a skirt.
And I though we Mac people were the slightly more intelligent and responisble of the computing crowd.
Guess not

" FR33 K3VIN "

FYI, Kevin is already free.

AMEN!

Can the persons spouting swear words at webhosts and masters please give out the home (physical) address. I will be more than glad to host a site offering a award to break into his home and deface it. 1 point for a schlage lock, 2 points for a medeco 3 points if there is a bolt lock too.

Anyone ??

Would kinda suck when the police showed up.
"sorry dude, as a homeowner it is part of your responsebility to put bars on all the windows. Sorry cant help you. What you said the wrote sucker on you mirror. Well you are a sucker, aren't you"

I like people attitude. Oh i is her own fault she got raped, she was wearing a skirt.
And I though we Mac people were the slightly more intelligent and responisble of the computing crowd.
Guess not

The reason that HP-UX and OSX get more points is not because they are more secure, it is down to user base. Everyone and his mate runs windows boxen as web servers, less (mostly people in the know) use BSD and Linux.

Nobody in their right mind would run a web server on HP-UX (far too expensive), and Mac OSX is a pile of gusset compared with proper *nix. Looks pretty, comes in a nice designer box, but I don't think they're ever gonna port CATIA to it somehow - and have you tested how poor the NFS performance is?

So it will be difficult to find too any sites hosted purely on OSX or HP - thus their rarity gives greater value in hacking.

"Hackers offered most points to hack a Mac"

Misleading title. Since you can also get the maximum point by hacking a site running HP-UX as well. And, like others have said before, web service on OS X = Apache on BSD.

The problem with the reporting at MacNN is that they make it sound CREDIBLE. They treat it matter of factly and even mention InformationWeek as if it were sanctioned. I had to read the IW article to realize that it was a disreputable group promulgating their foul agenda.

They should have reported this as an internet advisory not a curious contest.

And yes, it is stupid to flame admins who don't apply every MS patch without taking time to test. In many cases the vulnerability is less dangerous than the hurried fixpack. Besides, there will always be new holes that noone has found yet.

I can't believe the attitude some people have. I would think it irresponsible for a webmaster to not warn a client about the platform the client chose. You don't sell a house without disclosing the problems with it, do you? You don't run a website on a box with an open root password of god or money or even 'click here'. You make regular backups, follow security alerts and know what white hats is. To equate a defacement challenge with breaking into someone's house is an exageration.

Breaking into someone's house is usually a first degree crime because there is a high chance of it involving a personal crime. Buisnesses are generally classed as property crimes and less damaging. Considering the economy there isn't really that much you can do to a company to hurt the economy and the last time I checked incompetent webmasters were a dime a dozen. Oh and there's that little thing about it not being illegal everywhere. I

Yeah, the fact that it got so much publicity makes it a little weak/commercial and only an idiot would want to go accept the prize ;), but it's defacement. Be educated and back up your site ppl.

Every UNIX has it's flaws. After working with SCO (smoldering pile of c***) and Alphas I will take OS X anyday - even without Aqua (Darwin).

Besides, NFS hardly has anything to do with a web server.

web service on OS X = Apache on BSD.

BSD is pretty tough to hack into. OS X even more so - the defaults are sooo robust. Further, OS X security fixes are extremely easy to implement with no need to even build Apache, just download from Software Update Control Panel.

**
Considering the economy there isn't really that much you can do to a company to hurt the economy
**
I am sorry. That is an assanine comment. So if Amazon's website was down for 1-2 hours, or their products were replaced, it would not hurt them. Please if you can't develop a reasonable argument then don't try.

**
and the last time I checked incompetent webmasters were a dime a dozen.
**

Well here is another stupid argument. What does that say. What is the point of it. Even competent Webmasters can get their site hacked. Sorry to break the news to you, but hackers think different than webmasters. Webmasters and most computer users thinks in Yes or No, 0 or 1. Hackers are the ones that say Maybe or 1/2.

Why do you think most large companies and government agencies have huge security departments with tremendous equipment, yet still get hacked by one hacker with decent equipment.

Bottom Line is.
yes firm up your security, but to the persons that yell at webmasters and say it is their own fault i have no respect. You are the type of person that will walk by a mugging and say, oh well.

Regardless of people's opinions of hacking, there are honourable people out there who will say "Hey, I found this hole in your system" Any skript kiddie can go and download a bunch of scripts to execute brute force attacks against a site, but it takes someone of true skill to actually find the hole. This is a valuable learning opportunity. And kudos to MacNN for bringing out this story... If you didn't know about it then you might not back up your website, and THEN who would look like an idiot?

Security should be a function of an OS and a web vendor. I don't think there should be any law against hacking--unless real damage or theft occurs (like SS Numbers and credit cards). Liability should be against companies that do not have security.

If this were adopted, there would be pressure to secure OS's and not this draconian c*** that we see now that limits everyone's rights but allows companies like Microsoft to leave us unprotected. Depending on legal remedies only helps stop those who care. Foreign mafia rings and truly malicious hackers are not daunted by however many pimply-faced kiddies deface a web site.

I am sick and tired of people knocking hackers (I am not one). If it were not for them, we would be wide open to some serious c***, because we would be reassured that the proper authorities had things well in hand--right up to the point where the S**t hits the fan. These little tests help to push web masters to take basic precautions. A little embarassment is good medicine to improve the immune system of the web.

Besides, I really hope there are hackers good enough to get through the toughest government security. We may need them one day--like after Patriot II.

If you go by a house and you notice a door is open and the owner is gone. Wouldn't you as the good neighbor you are contact the owner and tell him the door is open?

..Cracking is another story, and has nothing to do with the topic.

This is very much like an unlocked house. But some people, like myself, still live in neighborhoods where unlocked doors are common. There are others that live in neighborhoods where crime is common - where people aren't nice and will walk into your house and steal your stuff - where people have multiple locks on the door and use them. Well, just becuase your computer is located in your nice neighborhood, doesn't mean that the interent is that same nice place. All of our commputers are in that bad neighborhood - DSL, cable, T1, modem what ever. If you don't lock your doors and your your neighbors do, then who do you think is going to get broken in to.

The key to security: you don't have to be faster than the bear, you just have to be faster than your friend.

Malicious hackers suck--fact. If they didn't exist (as in, if the world were a happy utopia it never will be), then running a website would be a whole lot easier than it is now. No security patches to keep up with, less moderation needed, easier to write web-accessable software, etc. I know my job would be easier.

However, in the real world, where people do bad things, some hackers provide a valuable service--"Your site has a hole somebody will probably get to eventually, you should patch it." I want that, and really I wish more people did it--then only people too stupid or lazy to pay attention to a polite warning would be at risk.

This particular contest is just annoying. Reporting it, however, is a valuable service--I run several websites, and I want to know that I should be doing backups ahead of schedule, just in case.

On the other hand, it does encourage me to give things a once-over looking for loose ends and cleaning up duplicated passwords as an extra security measure. I should've done it sooner, but a little encouragement never hurts.

...all you like, but I laughed my a** off when Dubya's website was hacked just before election 2000. If hacking is nothing more than "throwing stones through windows", then that was one well-placed stone.

IMO, hacking can be used very effectively as a sort of political guerrilla warfare against the corporate elite and others who abuse and horde wealth and power. Yeah if you hack some poor b******'s puppy dog website then that's pretty low, but if you go hack the Rush Limbaugh's website, then you deserve a medal. End of story.

the internet is simply a non secure platform. If you have really important information never ever put it on a pc.

They'll say its secure but watch all those updates every month. And that proves the point.

Surely the point of awarding points can only be based on how difficult is is to hack the site. Else why differentiate?

Valid as at 12:35 MDT 2003 July 04

> Try this soon, before Google fixes its site:
>
> 1) Go to Google.com
>
> 2) type in (but don't hit return): "weapons of mass destruction"
>
> 3) Hit the "I'm feeling lucky" button, instead of the
> normal "Google search button
>
> 4) read what appears to be a normal error message carefully.

f*** YOU!

As a webmaster and entrepreneur attempting to run a legitimate computer retail business through a website and a retail brick and mortar store and relying on e-commerce to support a portion of the wages to gainfully employ human beings who have to eat, as computer professionals at my store, I think the ARSE-f**** called hackers should be eradicated from planet earth. Consumer confidence in e-commerce has been destroyed thanks to these f***-HEADS called hackers for real people who consider dot com business as more than just a hobby by a lively-hood.

Let's display the names, faces, telephone numbers and addresses of the winning a**-HOLES and promoters of the contest, so I can personal congratulate the pimple headed, slack jawed, mouth breathing teenage f**** with my fist to his f****** head.

... BTW Hackers and Spammers... "Burn in h***."

Signed.
Joe employer of “Real computer professionals” … people who appreciate someone’s intellectual and personal property on the Internet.

Real funny.
Happy 4th of July you heartless a**.

September 11, 2001
We will never forget!

http://larry.911photos.com/

Even a hack, but a link.

L
0
S
E
R


Here is an old one removed.

http://www.albinoblacksheep.com/text/victories.html

As for www.defacers-challenge.com, it sounds like someone ATTEMPTING to sound like a non-native English speaker. I've immersed myself in a lot of cultures and have become familiar with the common English mistakes made by speakers of different languages. With the exception of "big attention" and "for everybody," which are common, I doubt that any non-native speaker would put an "s" on most of those words, like "continues." It reminds me of the many Chinese-American actors who try to pass as Japanese in American movies and TV shows, using language and accents that don't even resemble actual Japanese attempting to speak English. This site was obviously put up by an English speaker trying to pass as a foreigner.

http://lists.netsys.com/pipermail/full-disclosure/2003-July/010910.html

Security problem affects Mac OSX?

Screensaver crashing gains desktop


By INQUIRER staff: Saturday 05 July 2003, 15:35

A REPORT on a board claimed there's a way to circumvent security on the machines running the latest version of Mac OSX, by crashing a locked screensaver and recovering the desktop.
According to the filing, if you leave a key pressed for five minutes or more and then press the Return key, that crashes the screensaver and gives you access to the desktop.

The person who filed the report claimed that he's notified Apple of the hole but hasn't had a reply from the firm.

Any moron who relies on the screensaver to secure his/her machine is a fool of the highest order.

That password is to keep fellow nosey employees from gaining access while you run to the water cooler, not secure your private files. That job is for 128 bit or higher-bit encryption, which is cheap these days.

Finally, that is a small hole compared to the many in Windows.
Anyone can crash a Windows screensaver to gain access, but I'm not going to broadcast it in here, or anywhere.

Dumbass