IP: anyone want to give it a try -- cracking in for $10,000

[David Farber <farber () cis upenn edu>]

The following was passed on to me by Chuck Culbertson,  who thought you may
find it of interest.


   
****************************************************************************
************
Ryan - it might be interesting to track this to see now many hits the site
gets and how many are from "bandit" states or extra-territorial groups (if
those are even remotely trackable). 
Regards - Chuck Culbertson
****************************************************************************
************
http://www.wired.com/news/topframe/2015.html


A Swedish consulting firm affiliated with Apple Computer has posted a
10,000-crown (US$1,500) reward for anyone who can break into the
company's Apple Web server and change something on the homepage.
Thechallenge follows a similar contest two years ago in the United
States, when $10,000 in prize money went unclaimed.


"We believe that this system can't be cracked," said Joakim Jardenberg,
who runs Infinit Information. "And if it can be cracked, then we have
gained knowledge."


Since the contest opened on Monday, Jardenberg said, about 24,000
crackers have tried to gain access to the server at IP 195.198.39.110 -
so far without success. Roughly 90 percent of the attempts are being
made from the US.


Infinit's "Crack a Mac" challenge is not officially endorsed by
Cupertino, although the firm consults and designs Web pages for Apple's
Swedish affiliate, and Jardenberg said he's received encouragement on
the contest from Apple officials.


Jardenberg is using a standard Apple Internet Server Solution running on
a Power Macintosh 8500/150, upgraded with WebStar 2.0. There are no
firewalls or router filters. Just, as Jardenberg temptingly put it, "an
unprotected server."
 
He said the Mac operating system has been largely overlooked by
security experts intent on erecting expensive barriers for Unix servers,
which he claims are more vulnerable. Jardenberg's inspiration for the
contest came from "The Security Challenge" in 1995, when big bucks
were offered to anyone who could tamper with a company's Apple Web
server. No one did.


On Tuesday, a group of security experts testified before a congressional
technology subcommittee that crackers are finding it easier to break
into computers and perpetrate everything from minor mischief to grand
theft. "Just using simple tests, I could break into two-thirds of the
systems I tried," one security consultant told the panel.
 
David Shayer, who runs a company called Sentient Software and wrote
Symantec's Norton Disklock program for the Mac, said the MacOS makes
for a more secure environment because the "heritage" of the system is
vastly different from that of Unix-based systems.
 
"People are used to machines on the Internet being broken into, and most
of those machines are Unix machines," he said. "The Mac just doesn't
have systems running that respond to TCP packets, so it's much harder
to break into."


As for why more Mac systems aren't being used by the
security-conscious, Shayer lays the blame at Apple's doorstep. The
company, he said, hasn't been effective in marketing itself as a cheap,
efficient, and secure server solution.


For his part, Shayer encourages crackers to try their luck, but he
suspects that no one will take the cash to the bank. "My guess," he
said, "is that no one's going to be able to get through."


****************************************************************************


Chuck Culbertson, Senior Vice President, ISX Corporation
2000 N. 15th Street, Suite 1000, Arlington, Va.  22201      PH: 
703-247-7800   Fax:  703-247-7895
Pager:  1-800-759-8888, pin # 1972219