Hack My Mac, PleaseSecond competition sees no hack, but ends early ( old news - 01:11PM Wednesday Mar 08 2006) tags: security · MacLast week a Mac hacking competition made headlines after a hacker claims he got root on a Mac-mini in less than 30 minutes. As our users quickly pointed out, the competition wasn't too sound, since the host was doling out local access to the Mac-Mini. The hacker claims he broke into the box using an un-patched vulnerability. "There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access," he claims. Since that report, a second test was launched using a Mac Mini, running Mac OS X 10.4.5 with Security Update 2006-001. SSH and http were open with their default configurations. The test was closed after 38 hours, with the computer remaining unhacked. Traffic to the host spiked at about 30Mbps, claims the host, and most of it consisted of web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus. Nobody can seem to explain, however, why his experiment was ended prematurely.
Related:- BBR Users Get Macworld Privacy Issue Corrected
- Hack My Mac, Please
- Can't find a flaw? Create one!
- Symantec: Apple Security Risk Rising
- Apple Silencing Wireless Hackers?
- Friday Evening Links
- Friday Evening Links
- Wednesday Evening Links
|
 wirelesswoes
join:2004-02-12
Hialeah, FL | With unix underneath the skin Duh!  | |
|  | 
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs:
 ·Comcast
| Re: With unix underneath the skinthe article said something about 4000+ ssh login attempts over the 38 hour test period... thats nothing new, one of our web facing server see 1500 - 4000 'attempts' a day routinely:
--------------------- pam_unix Begin ------------------------
sshd:
Invalid Users:
Unknown Account: 1739 Time(s)
Authentication Failures:
mail (222.40.20.164 ): 12 Time(s)
ftp (chlastna.kh-net.cz ): 7 Time(s)
news (chlastna.kh-net.cz ): 2 Time(s)
root (86.34.189.98 ): 4 Time(s)
apache (chlastna.kh-net.cz ): 7 Time(s)
unknown (chlastna.kh-net.cz ): 283 Time(s)
operator (222.40.20.164 ): 7 Time(s)
ftp (222.40.20.164 ): 6 Time(s)
mail (chlastna.kh-net.cz ): 2 Time(s)
mysql (chlastna.kh-net.cz ): 13 Time(s)
unknown (222.40.20.164 ): 1456 Time(s)
root (chlastna.kh-net.cz ): 92 Time(s)
root (222.40.20.164 ): 169 Time(s)
nobody (chlastna.kh-net.cz ): 3 Time(s)
games (chlastna.kh-net.cz ): 2 Time(s)
adm (chlastna.kh-net.cz ): 2 Time(s)
---------------------- pam_unix End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Invalid Users:
Unknown Account: 42987 Time(s)
Authentication Failures:
apache (130.70-85-94.reverse.theplanet.com ): 224 Time(s)
mysql (130.70-85-94.reverse.theplanet.com ): 67 Time(s)
root (130.70-85-94.reverse.theplanet.com ): 224 Time(s)
mail (130.70-85-94.reverse.theplanet.com ): 224 Time(s)
unknown (130.70-85-94.reverse.theplanet.com ): 42987 Time(s)
squid (130.70-85-94.reverse.theplanet.com ): 224 Time(s)
root (218.14.157.80 ): 43 Time(s)
---------------------- pam_unix End -------------------------
of couse none of those got in either..
--
Webmaster Steve
- - - - - - - - - - - -
»ppnhosting.com
»sphenterprizes.com
»pokemonpalace.net | |
| | | 
MxxCon
join:1999-11-19
Brooklyn, NY
clubs: 
| needless server load said by pokesph  :the article said something about 4000+ ssh login attempts over the 38 hour test period... thats nothing new, one of our web facing server see 1500 - 4000 'attempts' a day routinely of couse none of those got in either.. move ssh to any other port and those wild logins will drop to 0.:)
--
[Sig removed by Administrator: Signature can not exceed 20GB] | |
| | | |
pokesph
It Is Almost Fast
Premium
join:2001-06-25
Sacramento, CA
clubs: | Re: needless server load yeah i know.. it's just lame script-kiddies.. can't be bothered to swap ports  | |
| 
MarkyD
Premium
join:2002-08-20
Oklahoma City, OK
clubs: | I just love... BBR's new spelling of "Mac" is fantastic. Now everyone is going to call it a "Mack." | |
| | 
Shamayim
I already have a Messiah.
Premium
join:2002-09-23 | Re: I just love... At least it's not MACK. | |
| | | 
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA | Re: I just love... So these would me Macking competitions?
...sorry. | |
| | | 
kamm
join:2001-02-14
Brooklyn, NY | said by Shamayim :At least it's not MACK. :D:D:D | |
| | 
firephoto
KDE
Premium
join:2003-03-18
 ·Verizon west (ex G..
| The New Mack even comes with a Dish, I'm impressed.
--
Location: +48° 5' 23.40", -119° 48' 30.00" | |
| | |
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| Re: ROFL I bet there are plenty who would like to be first for the bragging rights. It just ain't happening though 
--
"tick...tick...tick..." »www.jtf.org/ | |
| | |
kamm
join:2001-02-14
Brooklyn, NY
 ·T-Mobile US
| Re: ROFL said by Shamayim :I bet there are plenty who would like to be first for the bragging rights. It just ain't happening though FYI: being "first" have been passed already in many category. The trick is anytime something happens, Macalots will change the course to downplay its importance or even discredit the news - see last week's events. | |
| | | | 
barnett25
join:2004-01-26
Huntington, WV
| Re: ROFL And if anything happens, people like you will change the course to overplay its importance - see last week's event.
Last week's test was obviously worthless, as anyone with any knowledge of security will tell you. Why is it that some people hate a computer platform so much that they jump on any opportunity to try to mock and discredit it, even at the cost of supporting and backing erroneous claims? | |
| | | | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| Re: ROFL said by barnett25 :And if anything happens, people like you will change the course to overplay its importance - see last week's event. Last week's test was obviously worthless, as anyone with any knowledge of security will tell you. Why is it that some people hate a computer platform so much that they jump on any opportunity to try to mock and discredit it, even at the cost of supporting and backing erroneous claims? The problem is when kids like you assume a lot but they actually just talking out of their bottom prts.
FYI: I do have a dual G5, a cool one with PCI-X slots and 8 memory slots.
bang, so much for your silly monologue...:p | |
| | | | | |
barnett25
join:2004-01-26
Huntington, WV | Re: ROFL I dont even own a Mac, but I still recognize good design and give credit where credit is due. And if your posts made a little more sense, and weren't full of bashing maybe I wouldn't make assumptions like I did. | |
| | | | | | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| Re: ROFL said by barnett25 :I dont even own a Mac, but I still recognize good design and give credit where credit is due. And if your posts made a little more sense, and weren't full of bashing maybe I wouldn't make assumptions like I did. Thanks for confirming you don't un derstand the whole story... | |
| | | | | | | | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
1 edit | Re: ROFL said by elias :said by kamm :said by Shamayim :I bet there are plenty who would like to be first for the bragging rights. It just ain't happening though FYI: being "first" have been passed already in many category. The trick is anytime something happens, Macalots will change the course to downplay its importance or even discredit the news - see last week's events. It was downplayed for a reason, because the test was not exactly just. He was giving them shell accounts to begin with, meaning they were already inside the machine. The real test, which was this one, is to not give anything to anyone, and let them break in. -- Elias You really didn't get my 'insinuation', did you?
My point was about the fact that nobody mentioned if a simple user account can be elevated to root then possibly anything with user credentials can get root too. | |
| | | Thaler
Premium
join:2004-02-02
Encino, CA
| said by Shamayim :I bet there are plenty who would like to be first for the bragging rights. Keep in mind, bragging rights don't pay the bills. Why put all your effort into a no-rewards hacking competition? | |
| | | | 
JacksGhost
Got Bottle?
join:2002-12-29
Buffalo, NY | Re: ROFL Respect and merits. | |
| | 
BuriedCaesar
It's Not Polite To Stare.
join:2004-03-27
Richardson, TX
 ·AT&T U-Verse
·AT&T Yahoo
| There you go again with a vague "market share" reference... so I'll say my piece again.
"Market share" is a specious phrase, easily thrown around without context or meaning, as you so deftly have demonstrated. In what context are you using "market share"? Do you mean actual, in-use machines? Machines that logged on to the internet today, or last week, or last month? Numbers of PCs sold over time? During a specific period in time? How about PCs in use that are tracked when they visit some company's website so they can make a buck selling that data to news outlets that then report that, erroneously, as "fact"?
And there are lots of ways to determine a statistical margin of error, but then that depends on the data set you're using (and usually a definition of the referencing term, such as your favorite phrase "market share").
This seems to me to be just a clever attempt to dismiss and deflect attention from what was presented by this second effort to refute the original, flawed "contest." Did you perhaps not RTFA? 
And you say the Mac is a "rare platform"? Interesting notion. How did the original story garner such immediate attention if "nobody cares"? Why is this follow-up even being reported here, then? I suspect there are several millions of Mac users out there who would disagree with you about how "rare" this platform really is.
Clearly there are some high emotions tied up in this whole thing - I'm sure other comments in this thread will bear that out. And we both know this won't be going away any time soon. Soon enough there will be another attempt to show that Macs are just as vulnerable as their previously hapless PC cousins, or not - whether you care about it, or not.
--
That was preposterous! Utter Nonsense! Totally unsupportable drivel! You can't be serious!....Um, what did you say? | |
| | | Shark_615
join:2006-01-17
Pickering, ON
| Re: ROFL That was a very long post that said absolutely nothing at all.
Fact: there are a lot more PC's then macs. No matter which way you twist the numbers.
Fact: if a virus wants maximum penetration it will focus on the most used system otherwise it will not spread. That's how it works in humans and animals. All claims of recognition aside these people are in for money and maximum exploitation. Macs simply don't offer the numbers. | |
| | | |
barnett25
join:2004-01-26
Huntington, WV
| Re: ROFL This isn't a virus. This is a single person that wants to win the compitition. That has nothing to do with marketshare.
Now if we were talking about viruses I would probably agree with you. However that brings up the question; does it matter why there are less attacks? I would rather have an obscure system that doesn't get hacked than a popular system that is target #1 for every cracker out there. | |
| | | | |
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| Re: ROFL said by barnett25 :Now if we were talking about viruses I would probably agree with you. You would?? Did a virus in the wild ever go around infecting Macs? I must have slept late that day.
--
"tick...tick...tick..." »www.jtf.org/ | |
| | | | | | 
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY | Re: ROFL Well they had to change the name to Mack because it isn't a Mac any more. How can they call it a Mac if it has a Intel CPU. | |
| | | | | | | 
ifarrell
join:2000-08-10
Willow Spring, NC
 ·Vonage
| Re: ROFL said by Transmaster :Well they had to change the name to Mack because it isn't a Mac any more. How can they call it a Mac if it has a Intel CPU. If you were a Mac owner, you'd understand.
It has nothing to do with the CPU. | |
| | | | | | | | 
james
join:2001-02-26
antarctica | Re: ROFL For sure, everyone knows that its the sticker on the box that runs the machine. | |
| | | | | | | | vernalex
Premium
join:2000-10-19
Manchester, CT
| said by ifarrell :said by Transmaster :Well they had to change the name to Mack because it isn't a Mac any more. How can they call it a Mac if it has a Intel CPU. If you were a Mac owner, you'd understand. It has nothing to do with the CPU. It used to be though until Apple changed their architecture. | |
| | | | | | | | | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| said by BuriedCaesar :There you go again with a vague "market share" reference... so I'll say my piece again. "Market share" is a specious phrase, easily thrown around without context or meaning, as you so deftly have demonstrated. In what context are you using "market share"? Do you mean actual, in-use machines? Machines that logged on to the internet today, or last week, or last month? Numbers of PCs sold over time? During a specific period in time? How about PCs in use that are tracked when they visit some company's website so they can make a buck selling that data to news outlets that then report that, erroneously, as "fact"? And there are lots of ways to determine a statistical margin of error, but then that depends on the data set you're using (and usually a definition of the referencing term, such as your favorite phrase "market share"). This seems to me to be just a clever attempt to dismiss and deflect attention from what was presented by this second effort to refute the original, flawed "contest." Did you perhaps not RTFA? And you say the Mac is a "rare platform"? Interesting notion. How did the original story garner such immediate attention if "nobody cares"? Why is this follow-up even being reported here, then? I suspect there are several millions of Mac users out there who would disagree with you about how "rare" this platform really is. Clearly there are some high emotions tied up in this whole thing - I'm sure other comments in this thread will bear that out. And we both know this won't be going away any time soon. Soon enough there will be another attempt to show that Macs are just as vulnerable as their previously hapless PC cousins, or not - whether you care about it, or not. Market share is market share, numers are numbers, despite all these funny mambo jumbo from Macalots to perplex it.
Mac's worldwide market share roughly the statistical error margin range, that's a fact, see »www.macrumors.com/pages/2005/10/···30.shtml
Around 210 million PC were sold in 2005 - compare it to Apple's 'uhh-sooooo-hiiiiigh' 4 million untis overall.
Dell alone sells 10x more than Apple...
And finally, because Macalots love to brag about Apple's growth: Gateway had higher increase in sales than Apple...
Check all the numbers here: »macdailynews.com/index.php/weblo···ts/8291/
PS: to avoid idiotic posts about credibility, I've picked two pro-Mac sites. ;) | |
| | | | itguy05
join:2005-06-17
Camp Hill, PA
| Re: ROFL quote:
Around 210 million PC were sold in 2005 - compare it to Apple's 'uhh-sooooo-hiiiiigh' 4 million untis overall.
But it's up 33% from last year, that's a good thing as long as it keeps growing.
quote:
Dell alone sells 10x more than Apple...
GM sells more than Toyota. Doesn't mean it's a better product. Dell = junk of the PC world.
quote:
And finally, because Macalots love to brag about Apple's growth: Gateway had higher increase in sales than Apple...
By 1 percent. Mainly due to them getting into retail again. | |
| | | | |
See 15 replies to this post | |
| | |
BuriedCaesar
It's Not Polite To Stare.
join:2004-03-27
Richardson, TX
·AT&T U-Verse
·AT&T Yahoo
| said by kamm :Market share is market share, numers are numbers, despite all these funny mambo jumbo from Macalots to perplex it. Mac's worldwide market share roughly the statistical error margin range, that's a fact, see » www.macrumors.com/pages/2005/10/···30.shtmlAround 210 million PC were sold in 2005 - compare it to Apple's 'uhh-sooooo-hiiiiigh' 4 million untis overall. Dell alone sells 10x more than Apple... And finally, because Macalots love to brag about Apple's growth: Gateway had higher increase in sales than Apple... Check all the numbers here: » macdailynews.com/index.php/weblo···ts/8291/PS: to avoid idiotic posts about credibility, I've picked two pro-Mac sites. ;) Thanks for providing a basis for your argument - it's still pretty slim-pickins, though, since you've narrowed your numbers to a single year of actual sales. Yes, from that perspective, the difference is clear, but there's no "statistical margin of error" here - you're using the term incorrectly, and it's misleading. Apple sold that many units. Other companies sold more. Where's the error? Are you saying it's possible those sales didn't occur? Apparently you care about this more than I expected - thanks for trying.
--
That was preposterous! Utter Nonsense! Totally unsupportable drivel! You can't be serious!....Um, what did you say? | |
| | | | |
See 12 replies to this post | |
| | | 
YOUR_UGLY_VT
Windows Is Crap
join:2001-09-27
Hoover, AL
| said by kamm :said by BuriedCaesar :There you go again with a vague "market share" reference... so I'll say my piece again. "Market share" is a specious phrase, easily thrown around without context or meaning, as you so deftly have demonstrated. In what context are you using "market share"? Do you mean actual, in-use machines? Machines that logged on to the internet today, or last week, or last month? Numbers of PCs sold over time? During a specific period in time? How about PCs in use that are tracked when they visit some company's website so they can make a buck selling that data to news outlets that then report that, erroneously, as "fact"? And there are lots of ways to determine a statistical margin of error, but then that depends on the data set you're using (and usually a definition of the referencing term, such as your favorite phrase "market share"). This seems to me to be just a clever attempt to dismiss and deflect attention from what was presented by this second effort to refute the original, flawed "contest." Did you perhaps not RTFA? And you say the Mac is a "rare platform"? Interesting notion. How did the original story garner such immediate attention if "nobody cares"? Why is this follow-up even being reported here, then? I suspect there are several millions of Mac users out there who would disagree with you about how "rare" this platform really is. Clearly there are some high emotions tied up in this whole thing - I'm sure other comments in this thread will bear that out. And we both know this won't be going away any time soon. Soon enough there will be another attempt to show that Macs are just as vulnerable as their previously hapless PC cousins, or not - whether you care about it, or not. Market share is market share, numers are numbers, despite all these funny mambo jumbo from Macalots to perplex it. Mac's worldwide market share roughly the statistical error margin range, that's a fact, see » www.macrumors.com/pages/2005/10/···30.shtmlAround 210 million PC were sold in 2005 - compare it to Apple's 'uhh-sooooo-hiiiiigh' 4 million untis overall. Dell alone sells 10x more than Apple... And finally, because Macalots love to brag about Apple's growth: Gateway had higher increase in sales than Apple... Check all the numbers here: » macdailynews.com/index.php/weblo···ts/8291/PS: to avoid idiotic posts about credibility, I've picked two pro-Mac sites. ;) The only reason that Windows sells more is becaue its like a wholesale OS. They allow it to run on any PC thus allowing more options. Apple only legaly lets you run it on their computers. Also A Mac is alot harder for a virus to harm because Apple was smart in the way they designed their file system and OS. Windows is WAY MORE vunerable to viruses than the Macintosh system. Even Norton Antivirus agrees.
--
I hate VT_ Insert Employee's or Users Name here! Cough.. | |
| | | | |
See 10 replies to this post | |
| 
cableties
Premium
join:2005-01-27 | I love that one: Macalots!
Mac Zealots = Macalots!
 | |
| | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| Re: ROFL said by cableties :I love that one: Macalots! Mac Zealots = Macalots! ;) | |
| | | | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| Re: ROFL said by BuriedCaesar :said by kamm : ...Macalots... BTW - have you sold your own Mac yet? An Apple dual G5 1.8GHz, wasn't it? (» /metashare/792459) Yep, atn least somebody pays attention to fine details...
No, it is still up for sale.
Just curious, ya know... wouldn't want you to get lumped in with all those "macalots" you're slamming | |
| |
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| Windows fan kamm said Mac fans “are talking out of their bottom parts,” “idiotic,” “utterly clueless,” spout “idiocies,” and have a “racist mind.”
Number of Mac fan insults returned to kamm: 0.
Evidently one person here has a deeper problem.
--
"tick...tick...tick..." »www.jtf.org/ | |
| | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| Re: ROFL said by Shamayim :Windows fan kamm said Mac fans “are talking out of their bottom parts,” “idiotic,” “utterly clueless,” spout “idiocies,” and have a “racist mind.” Number of Mac fan insults returned to kamm: 0. Evidently one person here has a deeper problem. Too bad it's not true - originally I didn't say anything like this.
I stated some facts, explained, documented my points several times, despite childish tricks from Macalots to change the subject. Only after the Nth try I lost my patience. | |
| | | | 
KCrimson
Premium
join:2001-02-25
Brooklyn, NY
·Optimum Online
·Verizon FIOS
| Re: ROFL Talk about the pot calling the kettle black - show me where you applied ANY facts, explained ANYTHING, and please - attempt to deny that you called me names. This is the last time I'll reply to you. You evidently can not control yourself in civilized conversation. Even in the above rant you couldn't control yourself - "childish" and "Macalots" are not endearing terms, nor were any facts explained or documented. | |
| | | | |
kamm
join:2001-02-14
Brooklyn, NY
·T-Mobile US
| Re: ROFL said by KCrimson :Talk about the pot calling the kettle black - show me where you applied ANY facts, explained ANYTHING, and please - attempt to deny that you called me names. This is the last time I'll reply to you. You evidently can not control yourself in civilized conversation. Even in the above rant you couldn't control yourself - "childish" and "Macalots" are not endearing terms, nor were any facts explained or documented. Yaaawn... Very typical Macalots trick... playing the 'cool', 'professional' posting style, completely without substance...
Pal, instead of engadging yourself in these utterly empty chitchats, first spend some time and try to rebuke my facts about Apple's virtually nonexisting market share and the obvious logic behind the lack of hacks it leads to.
Then we may have a talk, OK? | |
| iSEPIC
join:2001-04-17
Las Vegas, NV | Why did it go down early? I am curious, this machine was supposed to stay up for a week. Why did they bring it down after only 38 hours, anyone know? | |
| | | | | jrbianch
join:2005-10-20
Wylie, TX | Re: Why did it go down early? They reached their 2GB/Month limit. | |
| | |
See 8 replies to this post | |
| Shark_615
join:2006-01-17
Pickering, ON | Why Something is not adding up here...
Why did he bin his "project" 3 days early if all was going well?
How is he supposed to remain creditable if he can't even stick to his proposal? | |
| | Primis1
join:2005-06-13
Coldwater, MI
| Re: Why quote:
Why did he bin his "project" 3 days early if all was going well? How is he supposed to remain creditable if he can't even stick to his proposal?
Bingo, that's what I've stated elsewhere here.
One of several things happened:
a) He started seeing something he didn't like and shut down the competition early before something could happen,
or b) Someone else told him to cut it short by 3 days, so he did.
Given the fact that he shut it down right around the time it began getting actual pub, it's suspicious. And it basically compromises any point he was trying to make by him not sticking to his own parameters.
If someone wants a valid point made with this, run a real test with static set parameters and give people a go at it. Until then, this guy's done nothing but waste everyone's time. | |
| | | Insder
There never was a second I in my name
Premium
join:2005-04-27
Salem, MA
1 edit | Re: Why I'm pretty sure he's hosting it on a school connection, and they might've not liked the whole 30mbps bandwidth thing. That's some crazy traffic.
Edit: Unsure if he's a student or what, but yeah, that's a lot of traffic, even for a college pipe. That'll probably be the best explanation.
--
The one, the only, the Insder. :: Verizon Online DSL (2793/719) and Deer Alpha Firefox! | |
| | | | Primis1
join:2005-06-13
Coldwater, MI
| Re: Why Then he's proven nothing in his little excursion, has he, because he couldn't see anything through?
You don't set a challenge, set the parameters, and then arbitrarily change the parameters and declare victory. I realzie that IS sadly how most science is conducted nowadays, but that doesn't make it valid or right. | |
| | | | | Insder
There never was a second I in my name
Premium
join:2005-04-27
Salem, MA
| Re: Why He's proven a Mac box can't be hacked from the ground up, original factory settings, in 38 hours. I wonder how well a Windows box will hold up (probably just as well with firewall on) in that time. Not bashing anything specific here, just saying he pretty much pointed out that other contest was flawed because it had local access.
--
The one, the only, the Insder. :: Verizon Online DSL (2793/719) and Deer Alpha Firefox! | |
| 
BellBoy
Obama racist? Then Bush is Hitler.
Premium
join:2001-02-20
Los Angeles, CA
clubs: | Humble Pie Anyone? I guess it can be said to the Windows Mac-bashers that so quickly jumped on the "30-min" story: eat it.
| |
| |
See 11 replies to this post | |
Michieru2
zzz zzz zzz
Premium
join:2005-01-28
Miami, FL
| Mmmm First off the first test proved Mac OS X is vunerable locally.
While this test proved Mac OS X is as vunerable remotely.
When in your a local enviroment you are already granted privilages as a user of that system. You can mostly almost always escalate the privilages to your desire after all it is a shell account. With a shell account sftp is also granted so he was probably able to create malicious scripts against the system upload them through sftp have them on the server itself and then execute scripts which uses the program that probably already is granted root access by default then execute data that way to gain root access or the key itself.
Again I am a Mac supporter but this is indeed a vunerability in the local user end plus this second test had SSH1 support so there are ways to get a shell and escalate from there.
From the first test there are many ways to exploit Mac OS X locally because you will have access to deamons which are not available over the network which are that way for a reason. The true strength on a Mac is more of it's external security. Yet it's internal security is quite vunerable and like on any system can be knocked down in couple of hours to minutes maybe ven seconds.
Mac OS X will be targeted by it's internal flaws and total integration. Which is why a trojan or worm for that matter would be more appropiate for OS X. Yet since mac os x relies heavily on unix security there are some obsticles for the average worm writer to do. As more people use Macs more flaws, bugs and other things will be discovered.
While the market share issue is somewhat false part of it is also true. Since the user base of Macs are smaller than that of Windows users the system is seen by less eye's not everyone uses there system for the same purpose and when people start using the Mac for everything security issues from internal services, problems in the UI and improvements are made. So that in return means less people bug report, less people use the system so most likely not everyone uses the Mac for it's full potential and has not uncovered flaws from maybe a professional who has been using for example SMB for a while and discovers a flaw. Most likely it would be reported unless a hacker finds the flaw and uses it for his own purpose.
But hopefully I am making myself clear and not confusing anyone.
When it comes to security you need to watch all fields because just one can have you knocked down to the ground, your reputation tarnished and of course the haters who come with it.
Just a word of advice, no system will ever be 100% secure but at least some are better and less vunerable than other's. | |
| | gersey
join:2003-01-28
Richmond, VA
clubs:
| Re: Mmmm Looks like he got busted.
Yesterday we discovered the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it. The site, test.doit.wisc.edu, will be removed from the network tonight. Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community. | |
| 
iam me
Cunnilingus Is Next To Godliness
Premium
join:2001-08-05
evolve
| Unix IS/Was the internet... I don't know why so many people here are bashing Mac as an obscure OS. You would think that technically literate people would know better.
I mean Mac is BSD UNIX, sure it's proprietary hardware, but it's still *NIX.
The Internet was originally built on and for UNIX, and if the majority of script kiddy cracker wanna be's play with Winblows after thoughts to networking, then even un-patched *NIX boxes will better off.
Screw all of the Microsucks lemmings. They get what they deserve for selling out their intellectual responsibility for the illusion of convenience.
On a side note; anybody else notice how the newer windows kernel and networking structure mimics UNIX??
--
»serlacausa.org »www.veteransforpeace.org/ | |
| | | |
|
|
This test doesn't show OSX is secure!