CIO 'owns' the un-hacked Mac Mini

The new and improved Mac hack competition, which was set up by an Apple systems engineer at the University of Wisconsin in response to a ZDNet Australia story, was shut down early because the university's CIO was concerned about "security and network access".

This is not really a surprise, is it?

Hackers tend to look for the easiest way to go around an obstacle. Schroeder's competition -- with the target system having most of its services cut off -- was probably forcing hackers to look for weaknesses in another part of the university's network to get behind the defences of the Mac.

In an interview with gwerdna, the hacker who won the rm-my-mac competition, the best way to approach the new challenge was to try and exploit weak spots in the university's network before attempting to gain control of the Mac.

"Considering this setup, the way to attack it would probably be to work out what mail client this person is using, research and develop an exploit for it. Get local root on his box, then piggyback into this machine -- far easier, and less likely to get caught than via a direct attack.

"However, since he hasn't put up his network for the game, it would be illegal," gwerdna told ZDNet Australia .

By holding such a competition, Schroeder was obviously putting the university's network -- not just the target Mac Mini -- on the line, which obviously did not adhere to the organisation's security policy.

So the Mac Mini may not have been hacked but it was forced off line. Who would have thought that the university's own CIO would eventually 'own' the box?

That was a surprise.