A senior Apple systems engineer, not impressed by a recent overseas hacking challenge in which the winner reportedly gained root access to a Mac Mini in under 30 minutes, has launched his own security challenge.
Dave Schroeder, who works in the Division of Information Technology at the University of Wisconsin in Madison, said his challenge asks competitors to alter this web page.
The difference between his contest and last month's "rm-my-mac" competition – set up by a Sweden-based Mac fan, according to ZDNet Australia – is that Schroeder's asks participants to gain control of a Mac Mini from the outside, he said.
The two challenges come as the Mac OS X faces increasing scrutiny following Apple's security update release last week that patched some 20 flaws. Included among them is a critical vulnerability that allows an attacker to run arbitrary code when a user visits a malicious website through the Safari browser.
Following last month's challenge, the winner told ZDNet that "Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders."
But Schroeder was not impressed by the results because participants were given local client access. The contest author enabled SSH, a tool that provides encrypted connections for accessing network machines.
"This machine was not hacked from the outside just by being on the internet," he said. "It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction."
He said almost all Mac OS X machines would not grant local account access to external users.
"Mac OS X is not invulnerable," Schroeder said. "It, like any other operating system, has security deficiencies in various aspects of the software."
But Schroeder said he believes Macs are inherently safer than other platforms.
"The general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system."
The challenge, which concludes 11 a.m. EST Friday, does not offer a prize but will recognize the winner, if he or she wants to be named.