Hack my Mac challenge

HackmyMac.com ^ | 3/1/2006

[Swordmaker]

HackMyMac.com

“Go Ahead...Hack My Mac!”

Ok, my Apple Macintosh you’re attempting to hack may not be the SystemX Supercomputer at Virginia Tech, but it is a brand new iMac Intel Core Duo with a default installation of Mac OS X Tiger 10.4.5 and iLife 06. It is directly connected to the Internet here in Sweden thru a 24Mbps ADSL2+ line with the Firewall left OFF. ( OSX default installation and no router) The only port open is 80 for display of this webpage. There are no anti-virus or spyware software programs on this iMac computer. (IMHO, I believe they are not needed. Prove me wrong!)

 

I am attempting to prove that an out-of-box Apple Macintosh computer can be safely connected directly to the internet and used immediately without worry.

 

But...It is advisable using ANY computer to also...

 

    1. Turn the built-in software Firewall ON and/or place your computer behind a NAT Router.  

    2. Use Software/Windows Update to apply any new security updates, patches, etc...

    3. Do NOT open mail attachments.  Period.

    4. Turn off display of HTML and images in your mail software.

    5. Stay away from Porn, Warez, File Sharing, IRC, and unknown FREE software websites!

    6. Do not do daily work from an Administrator account.  

        (Hassle yes, but so is reformating your HD and reinstalling all your programs!)

    7. Listen to the PaulDotCom.com Security Weekly Podcast!

 

But for True Internet Security just unplug the network or modem cable from the Internet!

(Not as fun but at least you’re 100% secure from hackers on the net!)

 

More Internet Security Info Coming Soon

 

This website is a Work in Progress

and is brought to you by the letters ä, ö, and å!

 

Questions? Comments? Viruses? Trojans?

Send them to brad@hackmymac.com

 

Still online since March 1, 2006

[Swordmaker]

Here is the original HackMyMac.com challenge... still going after 9 days! PING!

If you want on or off the Mac Ping List, Freepmail me.

[Mind-numbed Robot]

... still going after 9 days!

The thirty minute guy must be on vacation. :-)

[Right Wing Professor]

The only port open is 80 for display of this webpage.

That helps a bit.

[goldstategop]

The default Mac firewall is good but I run Intego's NetBarrier third party firewall for maximum security. No anti-virus or anti-spyware program. None is needed and I have all the up to date OS X patches. As for allowing a hacker to gain access to my Mac, I may be many things but I'm not THAT stupid. If some one wants to gain access to my Mac Mini, they have figure out how to do it without my help.

[Tribune7]

bump

[coconutt2000]

The 30 minute guy was given a local account on the computer as a launch point. He didn't have to hack the computer first.

Given that much of a leg up, the 30 minute guy was lucky he was the first. There are probably thousands of hackers out there that can hack a UNIX based system after being given a local account and SSH access.

A local account and SSH access is all you need to copy any software you want into your personal home directory on the remote machine and launch it. The hard part is convincing a computer to grant you access in the first place.

Windows machines with no network services turned on are more vulnerable than a UNIX box with no network services turned on.

[coconutt2000]

The default Mac firewall is actually pretty good now. It even has a stealth feature for not responding to pings.

Of course, if you're a curious person, I think NetBarrier has a log that let's you see attacks and track back the attackers to their home IP address.

[Mind-numbed Robot]

Thanks coconutt, but I was making a weak attempt at humor, not a slam at Mac. I am a Mac devotee.

[coconutt2000]

I'm a Mac devotee too, but I couldn't help not taking advantage of the opportunity you provided to inform anybody else who reads this thread. :-)

To be fair to Windows machines, they're a lot more difficult now to compromise than 2-7 years ago.