>I found it funny that no one was up for the challenge :) The reality is that no one could ever get their ISP to provide written permission for an attack. Kinda made the challenge knowingly impossible from the git go and thus an easy challenge to make but of no real value. >We'll also need written consent from your ISP giving us permission to attack an IP address on a subnet owned by them. An email signed with your PGP key is sufficient for your written consent, the ISP will have to fax me their waiver. >On Jan 13, 2005, at 5:08 AM, Chris Olson wrote: > >>On Jan 12, 2005, at 1:46 PM, Robert Ameeti wrote: >> >>>And do please give a link showing me where the Mac was cracked in a cracking contest. All the ones that I've heard about were not cracked. And my opinion was in this case that Ray's computer was not attacked by the experts capable of winning contests worth $10K or more. >> >>I indeed agree that Ray's computer more than likely was not cracked. But never make the mistake of thinking Mac OS X is infallible. As shipped in it's default configuration it is indeed secure, usually more so than other Unices, but people use their computers for things. The computer does little good sitting there with the ethernet plug lying on the floor not plugged into the wall jack. If it has ports open and is running services on those ports, it can be cracked. Period. I don't care what it runs. >> >>In addition, I'm up for a challenge, and I'd like to prove it to you first hand. >> >>Firstly, those of us who specialize in, and like to play with cracking computers are *NOT* hackers, nor does your box get "hacked". "Hacking" is writing software. >> >>Place a "secret" text file in your user directory someplace named "secret.txt", the contents of which only you know. I don't want to know your user name (if the box has multiple users), nor where you put the file as long as it's in your user directory. Put your Mac on a DSL or Cable modem with a static IP that won't change for 48 hours. Connect it directly to the modem with the firewall on, with web sharing (http port 80), remote login (SSH port 22), and FTP access (FTP control port 21 and data port 20, plus non-privileged ports 1024-65535) turned on. Make certain Windows File Sharing and Personal File Sharing are turned off, along with all other services on the box except for the three mentioned above. Email me the IP address of the machine along with a waiver that gives express consent to me and an undisclosed number my colleagues to attack the box. We need the waiver to state an understanding on your part that this is not a criminal activity, that we may take root control of the target box over remote connection, and that we may modify some critical system utilities, including replacing the NetInfo database in the BSD subsystem in order to do so. We'll also need written consent from your ISP giving us permission to attack an IP address on a subnet owned by them. An email signed with your PGP key is sufficient for your written consent, the ISP will have to fax me their waiver. >> >>Give us a start time, and allow 48 hours continuous access to the box. To prove we broke in, one of us will email you the contents of your secret text file before the 48 hour time period expires, with complete step by step documentation of how we broke in. And we'll do it for fun. We won't expect any big prize for breaking in. >>-- >>Chris >> >>_______________________________________________ >>Titanium mailing list >>Titanium at listserver.themacintoshguy.com >>http://listserver.themacintoshguy.com/mailman/listinfo/titanium >> > >_______________________________________________ >Titanium mailing list >Titanium at listserver.themacintoshguy.com >http://listserver.themacintoshguy.com/mailman/listinfo/titanium -- <><><><><><><><><><><><><><><><><><> Robert Ameeti The road to success is always under construction. <><><><><><><><><><><><><><><><><><>