Posted on 03/06/2006 10:43:40 AM PST by Senator Bedfellow
Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .
According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users… There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.
"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.
Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.
"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.
Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.
"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.
An Apple Australia spokeswoman said today it was unable to comment at this stage.
Bwahahahahahaha!!!
Ruh Roh.
The Kool-Aid has just become bitter-sweet ;)
I was thinking of switching to Mac. However if it's that easy to attack, I'll stay with a secure Windows machine.
A Windows worm or virus can spread it's plague to hundreds of other Windows computers in just a few seconds. So far, Macs have not experienced that problem.
I would like to see a fully patched and secured Windows 2003 server with the same rules and see how long it would take to get in.
Looking at the hacker contest link - http://rm-my-mac.wideopenbsd.org/ - it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine. So this test was totally bogus for purposes of evaluating security for the average Mac user.
You can ignore this story. The moron issued accounts to the machine AND left open a way for these people to remotely access the machine without a problem(SSH).
Read the story. This idiot issued accounts and left SSH wide open. The real story here is your constant need to bash something that is soooooooo inconsequential.
Hmmmmmmmmmm. The lady doth protest too much, methinks.
That effectively makes it a local exploit rather than a remote exploit, but I do not think it makes it worthy of being completely ignored. Considering that Apple would very much like its machines to be used in public, lab-type environments, this does not speak well to their security in such situations.
Automatically creating admin accounts on request. How handy. It's like giving the keys to an auto thief.
You have brought up the only true concern in all of this. But as any computer security expert would say - If you can get physical access to a machine, you can compromise it. This example is almost that. Giving someone complete, unfettered access to a machine like this means that it is not in any kind of secured state.
The person who did it says "It wouldn't have mattered" if they did not issue accounts and opened up SSH. But has yet to display this ability.
You said -- "I was thinking of switching to Mac. However if it's that easy to attack, I'll stay with a secure Windows machine."
It's not. There are discrepancies with the story and not a lot of detail. In addition, from what I read, one source says they got root access, while another says that root was disabled. Then, another source says that it was not hacked from the outside, but hacked from inside the company itself, from others in the office.
In other words, the whole situation is so dubious and lacking details, along with conflicting accounts -- that it's becoming obvious that it's not what the "headline" says.
And you would probably never set up your computer the way that guy did (if it's a real story in the first place). I did go to that original web site and I can't make out any more details than what the article says (it's all lacking detail).
The bottom line is that Macs are the most secure computer that you're going to be able to use and have all the consumer conveniences of a modern computer system with it's extreme ease-of-use.
Regards,
Star Traveler
P.S. -- You can't get a better system on the market for all us people who want to us a computer like "normal folk".
ping
You said -- "... it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine."
I've read some comments on that article that says that Microsoft is putting certain people up to misleading the public by doing these kinds of "fake tests" to introduce FUD into the discussion.
I hear that they are starting to fear the massive changeover of previous Microsoft users to the Macintosh.
And also I have read others who say that the Anti-virus companies are also behind a lot of this FUD.
Actually, that makes sense when you see the "over-hyping" of a lot of these kinds of things and also how well Apple responds to a lot of these minor inconveniences (which are not major exploits at all).
I would say a lot of people are out there just trying to stir up the pot -- more or less.
There's not really any big issues with Macintosh Security on OS X. It's a pretty solid system and works *extremely well* for the average user -- which most of us are. It sure works a lot better for that average user than the Windows systems do.
Regards,
Star Traveler
How fallen are the mighty.
I'm laughing so hard, tears are streaming down my face.
Bwahahahahahahahahahahahahahahahahah! Schadenfreud bumpski!
Thanks for the info. My niece has a Mac and really happy with it. She has been trying to get me to switch from Windows for years.
Constant?
I rarely "bash" something like this, especially something so "inconsequential".
Sorry, but you uninformed GLEE gave you away.
They gave this "hacker" an account with undetermined permissions and left SSH opened - both non standard right out of the box.
To bad you appear to be too dim to understand what this means.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.