nuff said. One of the dumbest things I have ever heard. What was he thinking. If he was a punk ass kid, that is one thing. But being a CEO, that is insane!

I'd love it if someone could explain to me why this is any different from the hacker challenge/vulnerability test contests that have been held over the last few years on Linux and Windows boxes.

If he felt that he could get in trouble with the law, that's one thing, but short of that I see no problem with this kind of thing.

The one thing I'd change, though, is that you should have to develop a fix for the hack you've created in order to collect the prize money. So even if your prize winning virus got out, there would already be a way to stop it.

Other then those 2 issues, I'd say this kind of thing is actually good for the platform in the long run.

Damn. Maybe somebody exempt from U.S. law will pick up on this story and host their own OS X virus challenge. Seeing a big cash prize go unclaimed because it's so extraordinarily difficult to win a challenge like that is exactly what the Windows world needs to see. It wouldn't end lies and disinformation like the "security through obscurity" myth, but it'd expose them for having absolutely no credability.

I have not read the terms of the contest, with that in mind the only way it would be different would be if the virus were (even accidentially) released in the wild. The company would then probably (IANAL) have some sort of liability. The standard vulnerability challenges are usually basically penetration tests and are directed at specific machines and do not generally self-propagate. I think the key here (as stated above) is the risk of the virus escaping into the wild.

I seriously doubt this. IMHO this guy deserves no publicity and his motivation is circumspect.

Do a little research on Mr. Campbell, say, at MacInTouch, and form your own opinion as to his motivation.

http://www.macintouch.com/mactable.html

Previous "hack the computer" contests were exactly that - find a path in and alter something (usually a file) to prove that you were there.

This "contest" explicitly stated the creation of a virus, which has a very definite meaning, including the ability to self-replicate and spread to other machines. The creation of a virus is in direct violation of the Federal Computer Abuse Act of 1994 (18 U.S.C. Sec. 1030).

Soliciting, and then offering to pay for, the creation of a virus would not be looked upon favorably by any court in the U.S., and I can't imagine any other country would either.

My knee-jerk reaction is to call this guy a whole bunch of explitives, and even after reading his reasons for doing this, I still think he's looking for publicity and recognition.

Still, there has always been the lingering statement - "Mac OS X hasn't been hacked because the hacker community hasn't really tried yet."

Now, I personally don't buy into that, but it's hard to refute a statement that really can't be refuted with hard evidence - only (what I consider to be very persuasive) circumstantial evidence.

Do we think it would be worth it for such a challenge to be issued? Would the results yield a benefit to our platform that made the risks worthwhile?

I think that that challenge has already been issued by the vocal Mac community that has been practically engraving a stone invitation to the hacker community, but maybe it will take someone like Campbell to raise that invitation up.

I have always been very suspicious of anything that uses "The ends justify the means" as the rationalization for activity that is inherently wrong, but part of me feels like it would be good for a Mac OS X box to either survive or fall prey to just such a challenge. Am I just as much of an ***hat as Campbell for thinking this?

Jack Campbell appears to be a scam artist looking for another play. Do read the Macintouch treatment of his dubious record before giving this man any cred.

is IMHO, a good thing for the Mac OS X world, regardless of who Jack Cambell is or who what has been written about it. We need some very serious, very focused efforts by the hacker community to really either show that our OS is truly a much better one than Windows on security issues or to find security issues in a controlled virus-creation environment (if such a thing does exist) and then to patch those holes. As a previous post had said, the thought that 'Macs are safer because of their small market share'-type statement needs to truly be put to the test.

In the days before Mac OSX, a contest was set up by a Swedish company which they named Crack A Mac. That was back in 1997 and the prize was 13.500 US dollars. The challenge was to get into their server (Mac) and plant content on their web pages, so it wasn't exactly the same as creating a virus, but still interesting, perhaps?
You can read the story here: http://db.tidbits.com/getbits.acgi?tbart=02166

Quote

Guest wrote:
In the days before Mac OSX, a contest was set up by a Swedish company which they named Crack A Mac. That was back in 1997 and the prize was 13.500 US dollars. The challenge was to get into their server (Mac) and plant content on their web pages, so it wasn't exactly the same as creating a virus, but still interesting, perhaps?
You can read the story here: http://db.tidbits.com/getbits.acgi?tbart=02166

It was also completely unsuccessful. And that was with OS9.

The Macintouch series devoted to Jack Campbell is eye-opening and rather astonishing, as Brutno above has pointed out. The most eye-popping link Macintouch provides is this one, regarding a letter Campbell wrote to the author of the Hymn project ( that strips DRM from iTunes-purchased music) in which he proposes a multi-million dollar commercial venture, SUPPORTED BY MICROSOFT (he claims), to hack iTunes and convert a user's iTunes library to WMA DRM files, with M$ paying no royalties to anyone. Let Apple pay the musicians, then we'll steal their stuff! Lovely.

http://www.hymn-project.org/forums/viewtopic.php?t=634

"If you had unrestricted (and sanctioned access) to all developer info for WMA DRM from Microsoft, and no direct information from Apple regarding iTMS DRM, are you capable of developing a utility that would allow a Mac OS X user to directly convert an iTunes library of iTMS DRM songs to a folder of WMA DRM songs? "

I would not give this guy's companies (DVForge, Macmice) a nickel's worth of commerce. His products are garbage anyway:

http://playlistmag.com/reviews/2005/03/jampod/index.php

Quote

Intruder wrote:

Quote

Guest wrote:
In the days before Mac OSX, a contest was set up by a Swedish company which they named Crack A Mac. That was back in 1997 and the prize was 13.500 US dollars. The challenge was to get into their server (Mac) and plant content on their web pages, so it wasn't exactly the same as creating a virus, but still interesting, perhaps?
You can read the story here: http://db.tidbits.com/getbits.acgi?tbart=02166

It was also completely unsuccessful. And that was with OS9.

It's probably of note that Mac OS 9, like all Mac OS's prior, has a number of 'features' which make it difficult to remotely exploit in the same kind of way that Windows and UNIXes can be. First and foremost is the lack of a common shell environment. Though most Windows exploits seem to not use it, one of the first things to attempt when trying to break into a UNIX environment is obtaining a useable shell on the machine. Also notable is the lack of many, if any, listening servers running on a stock OS 9 computer, a feature it shares with OS X (which runs none unless specific services are enabled), and in contrast to Windows, which has a nasty habit of allowing services that shouldn't really listen externally to do so (LSASS, anyone?). People with UNIX systems often have to explicitly close mostly-useless services like daytime and echo which are potentially exploitable.

Symantec's fearmongering aside, we do need to be realistic about the potential threat of malicious software. I do not foresee some huge influx of malicious software, but it is likely to happen someday, and we need to be prepared.

Perhaps because of the difficulty of direct remote exploitation of vulnerable services on OS X, we should be wary of potential social engineering attacks. Consider, for example, the Bagle worm on Windows (at least, I think it was Bagle that did this). In order to be infected, you must receive and read the infected email, open the attached .zip file, use the provided password to decrypt the file, and then run the worm. Despite this convoluted process, this was a relatively common worm, meaning people did fall for it.

Similar attacks are possible today on OS X machines. Without going into too much detail, be aware that when asked for your administrator password, the program to which you give it will potentially have full control over your computer. Be sure you trust the program that is running, and the data it is using.

Symantec's warning may be overblown, but we shouldn't be complacent as a result.

Jason

… offered $2500 (that could be doubled under certain conditions …), then withdrew the offer, for very obvious reasons …
No risk, no pain … but quite a bit of gain : he gets free advertising on just about every tech site (Mac or not …) for his apparently shoddy businesses. Not a bad deal !
Con men always have great imaginations, and they usually can turn a pretty convincing discourse …