View this article at: http://dev.macnn.com/articles/06/03/09/mac.mini.weathers.attacks
Thursday, Mar 09, 2006 6:15pm

Mac mini weathers 38hrs of ...

A university systems engineer who presented a "hack-my-Mac" contest closed down his own challenge on Tuesday, saying that even after 4,000 log-in attempts and two denial-of-service attacks, his Mac mini remained untouched. In a previous challenge, one attacker claimed he had breached security in less than 30 minutes, but later it was noted that this individual had an account on the machine. "This machine was not hacked from the outside just by being on the internet," Dave Schroeder, a senior systems engineer at the University of Wisconsin wrote. "It was hacked from within, by someone who was allowed to have a local account on the box." The professor set up a fully-patched Mac mini hosting a Web page on Monday, challenging attackers to breach security, according to InformationWeek. "It [left] people with the impression that a Mac OS X machine can be 'hacked' just by doing nothing more that being on the internet. That is patently false," Schroeder added.

Schroeder connected the PowerPC Mac mini to the internet running Mac OS X 10.4.5 with the latest security updates. The Mac held two local accounts, while both SHH and HTTP were left open. Schroeder said the system drew attention and lots of traffic, with 4,000 attempts logged. The Mac withstood two denial-of-service attacks, brute-force SSH dictionary attacks, numerous Web exploit scripts, and uncounted probes by scanning tools. "There were no successful access attempts of any kind during the 38 hour duration of the test," Schroeder said. "Apple is responsive to security concerns with Mac OS X," he continued. "[That's] one of the most important pieces of the security picture."