Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mac OS X hacked under 30 minutes
ZDNet Australia ^ | 03/06/2006 | Munir Kotadia

Posted on 03/06/2006 10:43:40 AM PST by Senator Bedfellow

Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users… There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.

"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.

Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.

In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.

An Apple Australia spokeswoman said today it was unable to comment at this stage.


TOPICS: Computers/Internet
KEYWORDS: apple; bogus; falsealarm; mac; macintosh; osx; security
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-64 next last
To: SengirV

Too bad you missed the point of the comment.

You Mac snobs are a piece of work.

It's a tool, not a religion.

Grow up.


21 posted on 03/06/2006 12:49:25 PM PST by Noumenon (Yesterday's Communist sympathizers are today's terrorist sympathizers)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Noumenon
What is the point of this comment exactly?

How fallen are the mighty.
I'm laughing so hard, tears are streaming down my face.
Bwahahahahahahahahahahahahahahahahah! Schadenfreud bumpski!

Sounds to me like you have no idea of what exactly went on in this "test". Either that, or are incapable of understanding why this wasn't a real "hack" job at all.

22 posted on 03/06/2006 12:54:59 PM PST by SengirV
[ Post Reply | Private Reply | To 21 | View Replies]

To: Senator Bedfellow

The article said -- ""It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia ."

I've had a Mac with the latest operating system running for months and months (years, actually) without any problems -- being online continuously with a high-speed Internet connection. That's the model I have at home. And then, I have a laptop model that I take out and use with all sorts of *other* Internet connections (all sorts of WiFi connections). And I use them both extensively.

I've noticed through the logs on the computer that I've got many different people hammering away at both machines, trying to break in. I see it all logged -- but no one can get in. I have the machines set up so I can access them both remotely, myself -- but no one else can.

So, they're both accessible by me -- but not others. And even with all the hammering away by all those others (from all over the place, from China to Korea, to Russia to you-name-it) -- there's no problem at all with me keeping the machines secure.

And no worries about any virus at all. The last time I saw any kind of virus for the Mac was back in 1990. I've had Macs since 1986 -- and have used floppy disks, transferred information in and out of them, used e-mail and have had all sorts of "outside connections" with all these Mac. And with *all* the Macs that I've ever had -- in all those years I've had *only 1 virus*. That's it -- just one virus. And that one was wiped off pretty quickly with a run-through of the virus program I had back then (which was Virex).

It's a totally secure machine, great operating system, no one can break into it and I don't get viruses or trojan horses or worms -- even with receiving lots of e-mail, downloading lots of things and using it on lots of web sites and transferring a lot of information back and forth.

It's just great and rock-solid.

Regards,
Star Traveler


23 posted on 03/06/2006 2:47:46 PM PST by Star Traveler
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Bedfellow
The article said -- "Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system."

Well, that wasn't a "test". You might as well give a stranger the keys to your car and then be "amazed" that your car was stolen. Of course, if it were a "Mac" car, then there would be articles about how the security of the car was so bad that someone was able to steal it so easily. Yeah... riiiiggghhhttt!

Take a look at a more realistic test --

http://test.doit.wisc.edu/

24 posted on 03/06/2006 3:41:04 PM PST by Star Traveler
[ Post Reply | Private Reply | To 1 | View Replies]

To: Noumenon

This experiment didn't just leave the front door unlocked, it left it wide open, with invitations.

I wish you could understand how foolish you sound right now.


25 posted on 03/06/2006 4:05:33 PM PST by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Petronski
OK - let's try this again. Slowly this time, for those of you who are having trouble keeping up.

The point of the comment was that the main reason that we haven't seen wider exploitation of Mac vulnerabilites is that, for the most part, NO ONE CARES.

Now, there's a reason why Macs own the market share that they do, and I'm sure that you'll think of it if you really, really try.

Meanwhile, as an exercise for the reader, there's this:

Most amazing spin on Mac vulnerabilities ever!

For those of us who make all or part of our living dealing with security issues, the smug self-assurance of Mac bigots is certainly amusing. And no one will be more dismayed when their false sense of security is shattered once someone decides to have a go at their previously sacred domain. And that's fine by me. There's be good money to be made cleaning up the wreckage and consoling the victims. Former Norton and McAfee users know exactly what I'm talking about.

26 posted on 03/06/2006 4:25:00 PM PST by Noumenon (Yesterday's Communist sympathizers are today's terrorist sympathizers)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Star Traveler
You might as well give a stranger the keys to your car and then be "amazed" that your car was stolen.

If giving someone a local account gives them full control of the machine, you've got problems. This is more like someone stealing your car merely by riding in the back seat.

27 posted on 03/06/2006 4:49:06 PM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 24 | View Replies]

To: Senator Bedfellow
If giving someone a local account gives them full control of the machine, you've got problems.

How many time have we been told that without the admin account you can't hack a Mac?

The chief weakness of a PC being that most home users run it with the admin account.

That isn't usually the case with domains. I don't know of anyone using strong passwords being hacked by domain users.

Of course every failed login attempt shows up in the event log, and can generate an email to the real admin.

28 posted on 03/06/2006 4:55:33 PM PST by js1138
[ Post Reply | Private Reply | To 27 | View Replies]

To: Noumenon
The point of the comment was that the main reason that we haven't seen wider exploitation of Mac vulnerabilites is that, for the most part, NO ONE CARES.

BS

29 posted on 03/06/2006 6:07:41 PM PST by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: 1234; 6SJ7; Action-America; af_vet_rr; afnamvet; Alexander Rubin; anonymous_user; ...
It's FUD Season... Mac Hacked in under 30 minutes - Thread 2 - PING!

Of course the key here is "LOCAL ACCESS" ...

If you want on or off the Mac Ping List, Freepmail me.


30 posted on 03/06/2006 6:48:41 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Bedfellow
Considering that Apple would very much like its machines to be used in public, lab-type environments, this does not speak well to their security in such situations.

Any IT manager who allowed any Tom, Dick, or Mary to create an Admin account is only asking for trouble... and this one got it.

Isn't it interesting that everytime Apple releases new OSX Macs the FUD spreaders create big stories out of things that are very little to worry about.

31 posted on 03/06/2006 6:58:13 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Senator Bedfellow
...someone's likely to notice you rebooting the machine, plugging in your own hardware, or pulling out your screwdrivers and going to work.

Sorry, but you would be surprised at what people DON'T notice or do and assume the person they noticed belonged there. Often audacity will get a criminal more than stealth. If someone looks official, most people will assume they are.

32 posted on 03/06/2006 7:01:38 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Senator Bedfellow; SJSAMPLE

before any mac-bashers decide to drink a bit of their own kool-aid, I suggest a little background on this supposed security breach be investigated.

Check this out before you pass judgement.....shines a little light on the misleading story posted here....

http://test.doit.wisc.edu/


33 posted on 03/06/2006 7:02:56 PM PST by TheBattman (Islam (and liberalism)- the cult of Satan and a Cancer on Society)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I don't see where admin accounts were created, merely local user accounts. Perhaps you see something I do not?


34 posted on 03/06/2006 7:04:11 PM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 31 | View Replies]

To: Star Traveler

And that, my friend, is the crux of the arguement. I too have had Macs continually connected to the internet via DSL/Sattelite/Ethernet local network/wireless/etc. with ZERO breaches. I have even manually taken down the OSX built-in firewall for an experiment, and still didn't have any actual violations....


35 posted on 03/06/2006 7:11:03 PM PST by TheBattman (Islam (and liberalism)- the cult of Satan and a Cancer on Society)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Noumenon
...Mac bigots...

Bigotry is usually a function of the MAJORITY to a MINORITY, not the other way around.

In the last quarter, Apple's Market Share climbed from 4.7% the previous years similar quarter to 6.2% of computer sold in the US. However, that is only the reported SALES

in any specified period. When various magazines such as Consumers Reports, Popular Science, etc, have done scientific surveys of computer Users, they have found that approximately 14% of them are using Macs. Part of the reason for this is the reported useful life-span of Macs which is 2 to 3 time longer than Windows machines. Another explanation for this "Market share" v. "Users" discrepency is that many of the Windows PCs sold do not have a specified "user" but are being used in control applications, dedicated single purposes, etc.

25,000,000 OSX users are hardly to be ignored... especially when the demographics show that they are generally wealthier than the average computer user and are more likely to spend money on line or do other financial activities on line.

As to the BLOG you linked to... Secunia reports an OSX vulnerability when Apple reports an improvement in any of the underlying UNIX applications. Being open source, ALL UNIX vulnerabilities are reported. Microsoft does NOT report hidden vulnerabilities in their proprietary applications until they are "discovered" and reported by someone outside Microsoft.

Although many of these Unix applications are either turned off or not- implemented in OSX, Apple reports the vulnerabilities and provides the fixes and updates in any case.

Now, there's a reason why Macs own the market share that they do, and I'm sure that you'll think of it if you really, really try.

Instead of us "really, really trying" why don't you just tell us what you think it is?

36 posted on 03/06/2006 7:23:16 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: js1138
How many time have we been told that without the admin account you can't hack a Mac?

The challenger gave ALL users an admin account... so this proves nothing.

37 posted on 03/06/2006 7:24:58 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Noumenon
For those of us who make all or part of our living dealing with security issues,

So, you work at the mall wearing a rentacop suit?

38 posted on 03/06/2006 7:31:19 PM PST by Richard Kimball (I like to make everyone's day a little more surreal)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Senator Bedfellow
From page http://test.doit.wisc.edu/:

The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). Yes, there are local privilege escalation vulnerabilities; likely some that are "unpublished". But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.

39 posted on 03/06/2006 7:34:01 PM PST by solitas (So what if I support an OS that has fewer flaws than yours? 'Mystic' dual 500 G4's, OSX.4.2)
[ Post Reply | Private Reply | To 34 | View Replies]

To: solitas

You are aware, I suppose, that not all local user accounts are admin accounts. At least, I certainly hope not, or OS X is simply a deathtrap for security.


40 posted on 03/06/2006 7:35:09 PM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-64 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson