Security-related grins

  • From: "M.K. Chatterji" <chat@xxxxxxxxxxxxxxxxxxxxxx>
  • To: technocracy@xxxxxxxxxxxxxxxxx
  • Date: Tue, 6 Jun 2000 15:33:27 -0500

Below is part of an ongoing security-related conversation between some folks at my end, started with the Apache foundation site getting hacked -- so just FYI for you on Technocracy..

Thought you NoWin guys would get a kick out of this. Unlike the Crack-a-Mac contest which not even Mac hackers could hack into, Microsoft put up the NT webserver challenge and the damn server kept crashing before it could even be hacked into! Haha. "The ZDNet story is informative and well written, so go read it, the gist is that Microsoft placed the challenge in an attempt to shore up their security image. The result was that the server crashed and is currently inaccessible. "

(Meanwhile the previously peppered USArmy website is very pleased that no one has been able to hack their now Mac-based main website since they changed over to MacOS/Webstar.)



Eric, et al:

Speaking of security and such, I saw this (below). And all this time I had thought Kerberos was passe' nowadays. No? (As you may already know, MacOS X is a derivative of BSD and closely related to NeXTStep.)


Scientists at the Massachusetts Institute of Technology (MIT) are
currently working with Apple Computer engineers so that a version
of MIT Kerberos, the cryptography-based security program for Macs
created at the university, will be compatible with Apple's new
Mac OS X operating system.  Kerberos ascertains the identity of a
network user on an insecure connection, but makes the information
invulnerable to sniffer programs used by hackers to figure out
passwords.  Kerberos also allows for all online communication to
be encrypted.  The program is used not only at MIT, but also at
Carnegie Mellon, Cornell, Stanford, Dartmouth, and the University
of Michigan.  Mac OS X, which will be available in early 2001,
has an open source operating system, and university programmers
say they want to obtain the source code so new functions can be
added to the OS as needed. (Chronicle of Higher Education Online, 31 May

At 9:40 -0500 6/6/00, ewilson@xxxxxxxxxxxxx wrote:

On 6 Jun 2000, at 2:55, Chat Chatterji wrote:

 > Grin. That's funny.
 > Sherry Prow will get a grin out of this (if she doesn't already
 > know). As the US Army will point out, the most secure web servers are
 > in fact Macintosh servers! You'd think this was so mainly because of
 > their relative obscurity, but in fact they don't have a shell and if
 > you _could_ hack a port, you wouldn't see anything a typical hacker
 > would expect. There have been large sums of prize money put up ("Crack
 > a Mac Contest") within the Mac-internet community which have never
 > been awarded--thus when even Mac programmers can't break in to their
 > own systems, that says something!
 > -Chat
 > >Maybe you already know about this... I didn't until today.  Some
 > >folks were kind enough to hack and replace its feather
 > >logo with a "powered by Microsoft Backoffice" logo, and then wrote a
 > >white paper explaining how it was done.  I saved in on cnsand.  The
 > >original is linked from here:
 > >
 > >
 > >Content-Type: text/x-vcard; charset=us-ascii;
 > >  name="dsharp.vcf"
 > >Content-Transfer-Encoding: 7bit
 > >Content-Description: Card for Doug Sharp
 > >Content-Disposition: attachment;
 >  filename="dsharp.vcf"

Other related posts:

  • » Security-related grins