Posted on 03/06/2006 10:43:40 AM PST by Senator Bedfellow
Bwahahahahahaha!!!
Ruh Roh.
The Kool-Aid has just become bitter-sweet ;)
I was thinking of switching to Mac. However if it's that easy to attack, I'll stay with a secure Windows machine.
A Windows worm or virus can spread it's plague to hundreds of other Windows computers in just a few seconds. So far, Macs have not experienced that problem.
I would like to see a fully patched and secured Windows 2003 server with the same rules and see how long it would take to get in.
Looking at the hacker contest link - http://rm-my-mac.wideopenbsd.org/ - it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine. So this test was totally bogus for purposes of evaluating security for the average Mac user.
You can ignore this story. The moron issued accounts to the machine AND left open a way for these people to remotely access the machine without a problem(SSH).
Read the story. This idiot issued accounts and left SSH wide open. The real story here is your constant need to bash something that is soooooooo inconsequential.
Hmmmmmmmmmm. The lady doth protest too much, methinks.
That effectively makes it a local exploit rather than a remote exploit, but I do not think it makes it worthy of being completely ignored. Considering that Apple would very much like its machines to be used in public, lab-type environments, this does not speak well to their security in such situations.
Automatically creating admin accounts on request. How handy. It's like giving the keys to an auto thief.
You have brought up the only true concern in all of this. But as any computer security expert would say - If you can get physical access to a machine, you can compromise it. This example is almost that. Giving someone complete, unfettered access to a machine like this means that it is not in any kind of secured state.
The person who did it says "It wouldn't have mattered" if they did not issue accounts and opened up SSH. But has yet to display this ability.
You said -- "I was thinking of switching to Mac. However if it's that easy to attack, I'll stay with a secure Windows machine."
It's not. There are discrepancies with the story and not a lot of detail. In addition, from what I read, one source says they got root access, while another says that root was disabled. Then, another source says that it was not hacked from the outside, but hacked from inside the company itself, from others in the office.
In other words, the whole situation is so dubious and lacking details, along with conflicting accounts -- that it's becoming obvious that it's not what the "headline" says.
And you would probably never set up your computer the way that guy did (if it's a real story in the first place). I did go to that original web site and I can't make out any more details than what the article says (it's all lacking detail).
The bottom line is that Macs are the most secure computer that you're going to be able to use and have all the consumer conveniences of a modern computer system with it's extreme ease-of-use.
Regards,
Star Traveler
P.S. -- You can't get a better system on the market for all us people who want to us a computer like "normal folk".
ping
You said -- "... it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine."
I've read some comments on that article that says that Microsoft is putting certain people up to misleading the public by doing these kinds of "fake tests" to introduce FUD into the discussion.
I hear that they are starting to fear the massive changeover of previous Microsoft users to the Macintosh.
And also I have read others who say that the Anti-virus companies are also behind a lot of this FUD.
Actually, that makes sense when you see the "over-hyping" of a lot of these kinds of things and also how well Apple responds to a lot of these minor inconveniences (which are not major exploits at all).
I would say a lot of people are out there just trying to stir up the pot -- more or less.
There's not really any big issues with Macintosh Security on OS X. It's a pretty solid system and works *extremely well* for the average user -- which most of us are. It sure works a lot better for that average user than the Windows systems do.
Regards,
Star Traveler
How fallen are the mighty.
I'm laughing so hard, tears are streaming down my face.
Bwahahahahahahahahahahahahahahahahah! Schadenfreud bumpski!
Thanks for the info. My niece has a Mac and really happy with it. She has been trying to get me to switch from Windows for years.
Constant?
I rarely "bash" something like this, especially something so "inconsequential".
Sorry, but you uninformed GLEE gave you away.
They gave this "hacker" an account with undetermined permissions and left SSH opened - both non standard right out of the box.
To bad you appear to be too dim to understand what this means.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.