Mac Os X Hacked Under 30 Minutes
Posted 06 March 2006 - 08:05 AM
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .
According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users… There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.
Full story here :: http://www.zdnet.com...39241748,00.htm
Posted 06 March 2006 - 08:26 AM
Posted 06 March 2006 - 08:32 AM
Posted 06 March 2006 - 08:36 AM
Posted 06 March 2006 - 01:58 PM
Posted 06 March 2006 - 02:56 PM
Posted 06 March 2006 - 04:12 PM
And mac is more secure than windows, but not as secure as BSD, unix, etc. so someone shouldn't be obsessing over a mac.
Posted 06 March 2006 - 04:43 PM
Posted 06 March 2006 - 08:12 PM
Posted 07 March 2006 - 06:22 AM
Quidquid latine dictum sit, altum sonatur.
Posted 07 March 2006 - 04:06 PM
the amount of exploits on an OS doesnt mean its not secure , but people put an eye on it so it looks weaker but if people concentrated on the mac os , u will find its much weaker than winblows i think ...
Posted 07 March 2006 - 04:47 PM
or... is it that mac os is not secured very well but there are less exploits / vulns against the mac and *nix has more exploits / vuln but can be secured better?
Posted 07 March 2006 - 06:40 PM
the exploit could be for the MAC OSX itself or perhaps for the webserver running there (very likely). any script kid with basic knowledge on MAC OS could do a lot using private exploits
Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users