Mac OS X hacked under 30 minutes

Discussion in 'Apple Desktop Hardware/Software' started by stmok, Mar 7, 2006.

  1. stmok

    stmok Member

    Joined:
    Jul 24, 2001
    Messages:
    8,878
    Location:
    Sydney
    On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

    Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".


    To continue...
    http://www.zdnet.com.au/news/securi..._than_30_minutes/0,2000061744,39241748,00.htm

    Another article on the same story...BUT it does go into details that will explain a few things.

    Mac OS X web server security competition over in six hours
    http://arstechnica.com/news.ars/post/20060306-6321.html

    The site...
    http://rm-my-mac.wideopenbsd.org/


    In direct response to this story, another "Hacker Challenge" has been organised.

    Mac OS X Security Challenge
    http://test.doit.wisc.edu/
     
  2. ernie

    ernie Member

    Joined:
    Dec 2, 2002
    Messages:
    16,418
    Location:
    Brisbane
    Yeah well people who leave SSH enabled deserve it, it's not enabled by default. Ever had a look in logs for brute force SSH attempts, there are zillions every day.
     
  3. Eroda

    Eroda Member

    Joined:
    Jul 28, 2003
    Messages:
    489
    Location:
    Greenmount, Perth W.A
    thats right it was a loophole, anyone who wanted to take part in the challenge had an account and ssh enabled so they could prove they were on, now lets see how it goes
     
  4. GreenBeret

    GreenBeret Member

    Joined:
    Dec 31, 2001
    Messages:
    19,370
    Location:
    Melbourne
    In the real world, when you give people SSH accounts on your server, there are lots of security layers you apply to stop them from doing nasty stuff: chroot jails, secure partitioning, hardened kernel, and even things like personal ID (passport/driver license etc.) or other ways to identify and reach the person. This guy made a consumer level OS with no server hardening a web server that's open to access from everyone and even allowed them to have accounts on the server. No surprise.
     
  5. BenZor

    BenZor (Banned or Deleted)

    Joined:
    Dec 5, 2002
    Messages:
    7,027
    Location:
    Marayong.NSW.AU
    So... He's removed all of the security features from the OS. And then said it's insecure?

    Excuse me, I'm off to park my car in Redfern, with the keys in it, windows down, and $50k in the passenger seat. Then I'll go to the TV networks about how my Holden is so easy to steal.
     
  6. Eroda

    Eroda Member

    Joined:
    Jul 28, 2003
    Messages:
    489
    Location:
    Greenmount, Perth W.A
    perfect analogy
     
  7. tx1138

    tx1138 Member

    Joined:
    Jun 30, 2005
    Messages:
    943

    WHOA good call ;)
     
  8. OP
    OP
    stmok

    stmok Member

    Joined:
    Jul 24, 2001
    Messages:
    8,878
    Location:
    Sydney
    Its like what Microsoft does in their "Get the Facts" FUD campaign.

    They get third-parties to set up tests such that it delibrately favours them from the beginning. Of course, when you read those reports, you notice there's holes in just about everyone of them!

    I think that's the biggest difference between Apple and Microsoft.

    At least Apple acknowledges and use open-source...Microsoft just wants to kill it.

    Overall, you can see that its a delibrate attempt for a headline grab. I guess when you dig into the issue enough, it just turns out to be nonsense.
     
  9. x0nt

    x0nt Member

    Joined:
    Aug 10, 2001
    Messages:
    1,140
    Location:
    Sydney
    University of Wisconsin launches Mac OS X Security Challenge In response to the woefully misleading ZDnet article, Mac OS X hacked under 30 minutes, the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh).

    http://test.doit.wisc.edu/
     
  10. Devilsmurf

    Devilsmurf (Banned or Deleted)

    Joined:
    Jul 9, 2003
    Messages:
    1,422
  11. Goose1981

    Goose1981 Member

    Joined:
    Sep 30, 2004
    Messages:
    19,356
    Location:
    Perth
    Why on earth would anyone steal a Holden. I mean.. seriously.

    The residents of redfern would probably have it towed somewhere else.

    Cute story tho.
     
  12. fox1

    fox1 Member

    Joined:
    Jun 28, 2001
    Messages:
    3,084
    Location:
    Brisbane
    what a big steaming pile of bull shit.
     
  13. JonBob

    JonBob Member

    Joined:
    Nov 27, 2003
    Messages:
    515
    Apple seem to be taking open source making it closed source, Charging people a premium for using an Intel based machine running an Unix based OS? the power of marketing.
     
  14. fox1

    fox1 Member

    Joined:
    Jun 28, 2001
    Messages:
    3,084
    Location:
    Brisbane
    (my comment was for the microsoft not supporting open source, if you thought i was referring to apple instead.).

    Yep, but also remember Apple build applications to run on top of the base operating system (unix), so they're not really doing anything illegal or morally wrong.
     
  15. OP
    OP
    stmok

    stmok Member

    Joined:
    Jul 24, 2001
    Messages:
    8,878
    Location:
    Sydney
    Really?

    Explain the existance of "Get the Facts" ?
    http://www.microsoft.com/windowsserversystem/facts/default.mspx

    Everyone with half a brain knows that open-source is the very thing that Microsoft fears. Their "Shared Source Initiative" isn't because they like to do it out of the goodness of their own heart (if they had one to begin with). Its because they have to!

    Even Steve Jobs knows that open-source is a threat to MS. Why does Apple bother with OpenDarwin ( http://www.opendarwin.org/ )? Why did Apple bother with basing their OS X on open-source technologies?

    Why do you think IBM is supporting it?
    IBM will not use Windows Vista - but will move to Linux desktops
    http://www.neoseeker.com/news/story/5436/

    You're an absolute fool if you don't see the bloody obvious.
     
  16. fox1

    fox1 Member

    Joined:
    Jun 28, 2001
    Messages:
    3,084
    Location:
    Brisbane
    Not sure, why?
    Not sure, why?

    --

    So where on does that microsoft page does it say all open-source is evil?

    Your sounding a bit like channel 7 news at the moment, twisting facts to how you want them to sound.

    Tip, going open source doesn't always save you time and money.
    Remember, we're not talking about home users little boxes sharing internet, but rather, big projects (like the ones listed at the bottom of that page).

    I love this quote. So even microsofts competition is saying microsoft is scared of open source. If microsoft said apple is scared of bats would you believe them?

    ----

    also forgot to add,

    MS provide an open source language that people can use for free to make system applications/etc. I know it doesn't let you rewrite the operating system (god knows I'm never going to do that).

    and now even a free SQL server.


    ---


    Just admit it, you love the thought of an all mighty evil empire thats out to rule the world and enslave humanity. I'm sorry neo but its just not true.
     
    Last edited: Mar 9, 2006
  17. GreenBeret

    GreenBeret Member

    Joined:
    Dec 31, 2001
    Messages:
    19,370
    Location:
    Melbourne
    Which platform does it run on?

    May want to check the terms and conditions associated with that "free" SQL server, mate.
     
  18. jimbow

    jimbow Member

    Joined:
    Jan 29, 2002
    Messages:
    672
    Location:
    Perth 6163
    I've seen windows xp boxes be on the net for twelve minutes before being subjected to crap. Popups, hacking attempts, (net send) messsenger alerts, the works! I've never had OS X Console offer me a Penis Enlargement, or a quick and easy way to invest $25,000USD for GREAT RETURNS!! :)

    And how's this for conspiracy theory material? I just went to the zdnet.com.au site to see if they were running on ASP.NET or something. The first link under news headlines is University nixes Mac hacker contest, and on that page, the first sponsored link at the bottom was to Microsoft.com.au - See how SQL Server can help your business! oooOOO!!1 :)
     

Share This Page

Advertisement: