Below is part of an ongoing security-related conversation between
some folks at my end, started with the Apache foundation site getting
hacked -- so just FYI for you on Technocracy..
Thought you NoWin guys would get a kick out of this. Unlike the
Crack-a-Mac contest which not even Mac hackers could hack into,
Microsoft put up the NT webserver challenge and the damn server kept
crashing before it could even be hacked into! Haha. "The ZDNet story
is informative and well written, so go read it, the gist is that
Microsoft placed the challenge in an attempt to shore up their
security image. The result was that the server crashed and is
currently inaccessible. "
http://www.macobserver.com/news/99/august/990805/win2000challenge.htm
(Meanwhile the previously peppered USArmy website is very pleased
that no one has been able to hack their now Mac-based main website
since they changed over to MacOS/Webstar.)
-Chat
--
Eric, et al:
Speaking of security and such, I saw this (below). And all this time
I had thought Kerberos was passe' nowadays. No? (As you may already
know, MacOS X is a derivative of BSD and closely related to NeXTStep.)
-Chat
NEW APPLE OPERATING SYSTEM WILL INCLUDE AN MIT SECURITY PROGRAM Scientists at the Massachusetts Institute of Technology (MIT) are currently working with Apple Computer engineers so that a version of MIT Kerberos, the cryptography-based security program for Macs created at the university, will be compatible with Apple's new Mac OS X operating system. Kerberos ascertains the identity of a network user on an insecure connection, but makes the information invulnerable to sniffer programs used by hackers to figure out passwords. Kerberos also allows for all online communication to be encrypted. The program is used not only at MIT, but also at Carnegie Mellon, Cornell, Stanford, Dartmouth, and the University of Michigan. Mac OS X, which will be available in early 2001, has an open source operating system, and university programmers say they want to obtain the source code so new functions can be added to the OS as needed. (Chronicle of Higher Education Online, 31 May 2000)
http://www.macobserver.com/news/99/august/990805/win2000challenge.html
On 6 Jun 2000, at 2:55, Chat Chatterji wrote:
> Grin. That's funny. > > Sherry Prow will get a grin out of this (if she doesn't already > know). As the US Army will point out, the most secure web servers are > in fact Macintosh servers! You'd think this was so mainly because of > their relative obscurity, but in fact they don't have a shell and if > you _could_ hack a port, you wouldn't see anything a typical hacker > would expect. There have been large sums of prize money put up ("Crack > a Mac Contest") within the Mac-internet community which have never > been awarded--thus when even Mac programmers can't break in to their > own systems, that says something! > http://db.tidbits.com/getbits.acgi?tbart=05552 > > -Chat > > >Maybe you already know about this... I didn't until today. Some > >folks were kind enough to hack Apache.org and replace its feather > >logo with a "powered by Microsoft Backoffice" logo, and then wrote a > >white paper explaining how it was done. I saved in on cnsand. The > >original is linked from here: > >http://www.apacheweek.com/issues/00-05-12. > > > >Content-Type: text/x-vcard; charset=us-ascii; > > name="dsharp.vcf" > >Content-Transfer-Encoding: 7bit > >Content-Description: Card for Doug Sharp > >Content-Disposition: attachment; > filename="dsharp.vcf"
