Of course the key here is "LOCAL ACCESS" ...
|
Posted on 03/06/2006 10:43:40 AM PST by Senator Bedfellow
Too bad you missed the point of the comment.
You Mac snobs are a piece of work.
It's a tool, not a religion.
Grow up.
How fallen are the mighty.
I'm laughing so hard, tears are streaming down my face.
Bwahahahahahahahahahahahahahahahahah! Schadenfreud bumpski!
Sounds to me like you have no idea of what exactly went on in this "test". Either that, or are incapable of understanding why this wasn't a real "hack" job at all.
The article said -- ""It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia ."
I've had a Mac with the latest operating system running for months and months (years, actually) without any problems -- being online continuously with a high-speed Internet connection. That's the model I have at home. And then, I have a laptop model that I take out and use with all sorts of *other* Internet connections (all sorts of WiFi connections). And I use them both extensively.
I've noticed through the logs on the computer that I've got many different people hammering away at both machines, trying to break in. I see it all logged -- but no one can get in. I have the machines set up so I can access them both remotely, myself -- but no one else can.
So, they're both accessible by me -- but not others. And even with all the hammering away by all those others (from all over the place, from China to Korea, to Russia to you-name-it) -- there's no problem at all with me keeping the machines secure.
And no worries about any virus at all. The last time I saw any kind of virus for the Mac was back in 1990. I've had Macs since 1986 -- and have used floppy disks, transferred information in and out of them, used e-mail and have had all sorts of "outside connections" with all these Mac. And with *all* the Macs that I've ever had -- in all those years I've had *only 1 virus*. That's it -- just one virus. And that one was wiped off pretty quickly with a run-through of the virus program I had back then (which was Virex).
It's a totally secure machine, great operating system, no one can break into it and I don't get viruses or trojan horses or worms -- even with receiving lots of e-mail, downloading lots of things and using it on lots of web sites and transferring a lot of information back and forth.
It's just great and rock-solid.
Regards,
Star Traveler
Well, that wasn't a "test". You might as well give a stranger the keys to your car and then be "amazed" that your car was stolen. Of course, if it were a "Mac" car, then there would be articles about how the security of the car was so bad that someone was able to steal it so easily. Yeah... riiiiggghhhttt!
Take a look at a more realistic test --
This experiment didn't just leave the front door unlocked, it left it wide open, with invitations.
I wish you could understand how foolish you sound right now.
The point of the comment was that the main reason that we haven't seen wider exploitation of Mac vulnerabilites is that, for the most part, NO ONE CARES.
Now, there's a reason why Macs own the market share that they do, and I'm sure that you'll think of it if you really, really try.
Meanwhile, as an exercise for the reader, there's this:
Most amazing spin on Mac vulnerabilities ever!
For those of us who make all or part of our living dealing with security issues, the smug self-assurance of Mac bigots is certainly amusing. And no one will be more dismayed when their false sense of security is shattered once someone decides to have a go at their previously sacred domain. And that's fine by me. There's be good money to be made cleaning up the wreckage and consoling the victims. Former Norton and McAfee users know exactly what I'm talking about.
If giving someone a local account gives them full control of the machine, you've got problems. This is more like someone stealing your car merely by riding in the back seat.
How many time have we been told that without the admin account you can't hack a Mac?
The chief weakness of a PC being that most home users run it with the admin account.
That isn't usually the case with domains. I don't know of anyone using strong passwords being hacked by domain users.
Of course every failed login attempt shows up in the event log, and can generate an email to the real admin.
BS
Of course the key here is "LOCAL ACCESS" ...
|
Any IT manager who allowed any Tom, Dick, or Mary to create an Admin account is only asking for trouble... and this one got it.
Isn't it interesting that everytime Apple releases new OSX Macs the FUD spreaders create big stories out of things that are very little to worry about.
Sorry, but you would be surprised at what people DON'T notice or do and assume the person they noticed belonged there. Often audacity will get a criminal more than stealth. If someone looks official, most people will assume they are.
before any mac-bashers decide to drink a bit of their own kool-aid, I suggest a little background on this supposed security breach be investigated.
Check this out before you pass judgement.....shines a little light on the misleading story posted here....
http://test.doit.wisc.edu/
I don't see where admin accounts were created, merely local user accounts. Perhaps you see something I do not?
And that, my friend, is the crux of the arguement. I too have had Macs continually connected to the internet via DSL/Sattelite/Ethernet local network/wireless/etc. with ZERO breaches. I have even manually taken down the OSX built-in firewall for an experiment, and still didn't have any actual violations....
Bigotry is usually a function of the MAJORITY to a MINORITY, not the other way around.
In the last quarter, Apple's Market Share climbed from 4.7% the previous years similar quarter to 6.2% of computer sold in the US. However, that is only the reported SALES
in any specified period. When various magazines such as Consumers Reports, Popular Science, etc, have done scientific surveys of computer Users, they have found that approximately 14% of them are using Macs. Part of the reason for this is the reported useful life-span of Macs which is 2 to 3 time longer than Windows machines. Another explanation for this "Market share" v. "Users" discrepency is that many of the Windows PCs sold do not have a specified "user" but are being used in control applications, dedicated single purposes, etc.
25,000,000 OSX users are hardly to be ignored... especially when the demographics show that they are generally wealthier than the average computer user and are more likely to spend money on line or do other financial activities on line.
As to the BLOG you linked to... Secunia reports an OSX vulnerability when Apple reports an improvement in any of the underlying UNIX applications. Being open source, ALL UNIX vulnerabilities are reported. Microsoft does NOT report hidden vulnerabilities in their proprietary applications until they are "discovered" and reported by someone outside Microsoft.
Although many of these Unix applications are either turned off or not- implemented in OSX, Apple reports the vulnerabilities and provides the fixes and updates in any case.
Now, there's a reason why Macs own the market share that they do, and I'm sure that you'll think of it if you really, really try.
Instead of us "really, really trying" why don't you just tell us what you think it is?
The challenger gave ALL users an admin account... so this proves nothing.
So, you work at the mall wearing a rentacop suit?
The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). Yes, there are local privilege escalation vulnerabilities; likely some that are "unpublished". But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.
You are aware, I suppose, that not all local user accounts are admin accounts. At least, I certainly hope not, or OS X is simply a deathtrap for security.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
