Mac Server UNCRACKABLE.

I Find Karma (adam@cs.caltech.edu)
Sun, 13 Apr 97 14:34:31 PDT


http://www.nytimes.com/library/cyber/week/041297crack.html

> But when the dust had settled, the humble Apple Macintosh Web server
> was still intact -- a boast that industry giants and more powerful
> computers could not match.

Perhaps Apple has found a niche? *evil grin*

---------------------------------------- 8< ---------------------------

April 12, 1997 [Image]

Hacker Contest Fails to Crack Mac Web Server

By JOE HUTSKO

It was an invitation few hackers could resist, a cracker come-on backed
by a cash prize: Be the first to break into our Web server and alter the
home page, and we'll give you $15,000. But when the dust had settled,
the humble Apple Macintosh Web server was still intact -- a boast that
industry giants and more powerful computers could not match.

Two months have passed since Infinit Information, a systems consulting
firm based in Sweden, posed its digital dare, dubbed "Crack a Mac,"
offering 100,000 Swedish kroner, or about $15,000, to anyone who could
break into its Macintosh-powered Web server.

In the first week alone, more than 38,000 visitors dropped by to take
either a curious peek or an outright crack at the challenge. But by the
time the contest closed on Thursday, the company's chief executive,
Joakim Jardenberg, said that the cash would go uncollected because no
one had managed to crack into the company's server.

In all, Jardenberg said, people at more than 100,000 computers (as
identified by uniqure IP addresses) visited the challenge site, sending
more than 8 gigabytes of data in their attempts to break in. He said
that about 75 percent of the visitors were from the United States, 20
percent were from Sweden, and the remaining 5 percent were from other
nations, including El Salvador and Mauritius.

The rules of the game were straightforward. Crackers could not
physically attack the computer or company premises; they were required
to reach the Infinit Information Web server through the Internet.
"Breaking into our house would not only mean you would be disqualified
from the challenge, you would also have to deal with our dog and the
police," the company declared.

Proof of the crack was to be substantiated by altering the company's
home page in whatever way the cracker deemed fit -- graphically,
textually, noisily -- so long as it was "human-readable." To collect the
prize, the winner would be required to describe in detail how the crack
was accomplished, as well as permit Infinit Information to publish
(anonymously, if the winner preferred) its findings.

Jardenberg also asked that anyone who managed to break in not violate
the company's other servers, which it uses to run its business.

The contestants included at least a few heavy hitters, said Jardenberg,
who was inspired by a similar cracker contest, The Security Challenge,
that ran in 1995. Jardenberg listed International Business Machines,
Microsoft, Silicon Graphics Inc., AT&T, Netscape Communications, NASA,
and the United States Army among the higher-profile organizations that
tried to break into his company's server.

Citing high-profile cracker jobs like ------------------
the attack on the Central Related Articles
Intelligence Agency's home page last
year, Jardenberg stated that the U.S. Restrictions
contest's main objective was to prove Give European
the trustworthiness of the Apple Encryption a
Macintosh as a secure Web server in Boost
comparison with Unix-based servers (April 7, 1997)
produced by companies like Sun
Microsystems and Silicon Graphics. Go Ahead, Be
Paranoid: Hackers
There is no such thing as a Are Out to Get
definitive test of the security of You
one system versus another, but the (March 17, 1997)
outcome of Jardenberg's challenge
clearly gives a lot of bragging Hacker Puts
rights to Mac proponents -- Racial Slurs on
especially at a time when the Net is NCAA Site
deluged with horror stories about (March 11, 1997)
security weaknesses in both Web
servers, the machines that host Hackers Disrupt
sites, and Web browsers, the software Air Force Web
that brings the Web into the user's Page
machine. (Dec. 31, 1996)

Infinit Information's challenge Hackers Vandalize
machine was a Macintosh 8500/150 C.I.A.'s Web Page
running StarNine Technologies'
WebStar server software. (Sept. 19, 1996)

Having survived its first onslaught of attacks, Jardenberg said the
company is giving its Mac server "a well-deserved break." But it won't
be a vacation long. Jardenberg is promising foiled contestants another
crack at the Infinit Information site in a few weeks.

Copyright 1997 The New York Times Company

----
adam@cs.caltech.edu

I've been crying lately, thinking about the world as it is.
Why must we go on hating, why can't we live in bliss?
-- 10,000 Maniacs (or Cat Stevens)