No home user in their right mind gives out SSH logins to every passing schmuck who asks for one (few would even know how) - this made the so-called 'challenge' from Sweden flawed beyond belief.

While this challence from Wisconsin does open mroe than most home users do (web services and a couple of ssh accounts to certain users), I see these as necessary evils to prove one way or the other how secure OSX is in an average box.

I would also, as a corollary, like to see someone repeat the swedish test using an SSH Win32 server on, oh, Windows XP... just to see how long it takes to get local privilege escalation on it (evil grin...) Betcha ZDNet wouldn't be so hot and eager to report on the results.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/158/748#748