Cracked! To the surprise of the Macintosh Internet community, the second-generation Crack-A-Mac Web server security challenge noted in TidBITS-387 was successfully defeated last week. Unlike the first Crack-A-Mac challenge (which featured an out-of-the-box Mac Web server; see TidBITS-378), the second contest was built around a sophisticated server setup featuring third-party software for remote administration, database access, and other functions. Apparently, the successful break-in exploited a security hole in Lasso, a CGI from Blue World Communications that ties together WebSTAR and FileMaker Pro. Blue World has issued a security patch for Lasso; in addition, Pacific Coast has updated its SiteEdit products to address similar potential problems. The Crack-A-Mac challenge is up and running again, and still offering 100,000 Swedish crowns (about $12,500 U.S.) to anyone else who can break in by 15-Oct-97. [GD]

<http://hacke.infinit.se/>
<http://www.blueworld.com/>
<http://www.pacific-coast.com/>