Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mac OS X hacked under 30 minutes
ZDNet Australia ^ | 03/06/2006 | Munir Kotadia

Posted on 03/06/2006 10:43:40 AM PST by Senator Bedfellow

Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users… There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.

"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.

Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.

In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.

An Apple Australia spokeswoman said today it was unable to comment at this stage.


TOPICS: Computers/Internet
KEYWORDS: apple; bogus; falsealarm; mac; macintosh; osx; security
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-64 next last

1 posted on 03/06/2006 10:43:44 AM PST by Senator Bedfellow
[ Post Reply | Private Reply | View Replies]

To: Senator Bedfellow

Bwahahahahahaha!!!

Ruh Roh.
The Kool-Aid has just become bitter-sweet ;)


2 posted on 03/06/2006 10:50:34 AM PST by SJSAMPLE
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Bedfellow

I was thinking of switching to Mac. However if it's that easy to attack, I'll stay with a secure Windows machine.


3 posted on 03/06/2006 10:52:13 AM PST by duckman (I refuse to use a tag line...I mean it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Bedfellow
Macs are not invulnerable, but 20-to-30 minutes is an eternity in the world of hackers, and the typical Mac user is in a much safer environment than a Windows user.

A Windows worm or virus can spread it's plague to hundreds of other Windows computers in just a few seconds. So far, Macs have not experienced that problem.

4 posted on 03/06/2006 10:53:09 AM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

I would like to see a fully patched and secured Windows 2003 server with the same rules and see how long it would take to get in.


5 posted on 03/06/2006 10:54:17 AM PST by Lx (Do you like it, do you like it. Scott? I call it Mr. and Mrs. Tennerman chili.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Senator Bedfellow

Looking at the hacker contest link - http://rm-my-mac.wideopenbsd.org/ - it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine. So this test was totally bogus for purposes of evaluating security for the average Mac user.


6 posted on 03/06/2006 11:00:13 AM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 1 | View Replies]

To: duckman

You can ignore this story. The moron issued accounts to the machine AND left open a way for these people to remotely access the machine without a problem(SSH).


7 posted on 03/06/2006 11:00:14 AM PST by SengirV
[ Post Reply | Private Reply | To 3 | View Replies]

To: SJSAMPLE

Read the story. This idiot issued accounts and left SSH wide open. The real story here is your constant need to bash something that is soooooooo inconsequential.


Hmmmmmmmmmm. The lady doth protest too much, methinks.


8 posted on 03/06/2006 11:02:27 AM PST by SengirV
[ Post Reply | Private Reply | To 2 | View Replies]

To: SengirV

That effectively makes it a local exploit rather than a remote exploit, but I do not think it makes it worthy of being completely ignored. Considering that Apple would very much like its machines to be used in public, lab-type environments, this does not speak well to their security in such situations.


9 posted on 03/06/2006 11:02:59 AM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 7 | View Replies]

To: SengirV

Automatically creating admin accounts on request. How handy. It's like giving the keys to an auto thief.


10 posted on 03/06/2006 11:08:46 AM PST by 6SJ7
[ Post Reply | Private Reply | To 7 | View Replies]

To: Senator Bedfellow

You have brought up the only true concern in all of this. But as any computer security expert would say - If you can get physical access to a machine, you can compromise it. This example is almost that. Giving someone complete, unfettered access to a machine like this means that it is not in any kind of secured state.

The person who did it says "It wouldn't have mattered" if they did not issue accounts and opened up SSH. But has yet to display this ability.


11 posted on 03/06/2006 11:10:22 AM PST by SengirV
[ Post Reply | Private Reply | To 9 | View Replies]

To: duckman

You said -- "I was thinking of switching to Mac. However if it's that easy to attack, I'll stay with a secure Windows machine."

It's not. There are discrepancies with the story and not a lot of detail. In addition, from what I read, one source says they got root access, while another says that root was disabled. Then, another source says that it was not hacked from the outside, but hacked from inside the company itself, from others in the office.

In other words, the whole situation is so dubious and lacking details, along with conflicting accounts -- that it's becoming obvious that it's not what the "headline" says.

And you would probably never set up your computer the way that guy did (if it's a real story in the first place). I did go to that original web site and I can't make out any more details than what the article says (it's all lacking detail).

The bottom line is that Macs are the most secure computer that you're going to be able to use and have all the consumer conveniences of a modern computer system with it's extreme ease-of-use.

Regards,
Star Traveler

P.S. -- You can't get a better system on the market for all us people who want to us a computer like "normal folk".


12 posted on 03/06/2006 11:12:19 AM PST by Star Traveler
[ Post Reply | Private Reply | To 3 | View Replies]

To: SengirV
If you have unrestricted physical access, you will inevitably compromise the machine. In a lab environment, you have physical contact with the machine, but it is hardly unrestricted access insofar as someone's likely to notice you rebooting the machine, plugging in your own hardware, or pulling out your screwdrivers and going to work. You should not be able to compromise the machine merely by sitting down and logging in, and that's what happened here.
13 posted on 03/06/2006 11:16:46 AM PST by Senator Bedfellow
[ Post Reply | Private Reply | To 11 | View Replies]

To: Swordmaker

ping


14 posted on 03/06/2006 11:20:26 AM PST by sarasota
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

You said -- "... it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine."

I've read some comments on that article that says that Microsoft is putting certain people up to misleading the public by doing these kinds of "fake tests" to introduce FUD into the discussion.

I hear that they are starting to fear the massive changeover of previous Microsoft users to the Macintosh.

And also I have read others who say that the Anti-virus companies are also behind a lot of this FUD.

Actually, that makes sense when you see the "over-hyping" of a lot of these kinds of things and also how well Apple responds to a lot of these minor inconveniences (which are not major exploits at all).

I would say a lot of people are out there just trying to stir up the pot -- more or less.

There's not really any big issues with Macintosh Security on OS X. It's a pretty solid system and works *extremely well* for the average user -- which most of us are. It sure works a lot better for that average user than the Windows systems do.

Regards,
Star Traveler


15 posted on 03/06/2006 11:22:38 AM PST by Star Traveler
[ Post Reply | Private Reply | To 6 | View Replies]

To: Senator Bedfellow
"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.

How fallen are the mighty.

I'm laughing so hard, tears are streaming down my face.

Bwahahahahahahahahahahahahahahahahah! Schadenfreud bumpski!

16 posted on 03/06/2006 11:27:05 AM PST by Noumenon (Yesterday's Communist sympathizers are today's terrorist sympathizers)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Star Traveler

Thanks for the info. My niece has a Mac and really happy with it. She has been trying to get me to switch from Windows for years.


17 posted on 03/06/2006 11:33:01 AM PST by duckman (I refuse to use a tag line...I mean it.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: SengirV

Constant?
I rarely "bash" something like this, especially something so "inconsequential".


18 posted on 03/06/2006 11:47:08 AM PST by SJSAMPLE
[ Post Reply | Private Reply | To 8 | View Replies]

To: SJSAMPLE

Sorry, but you uninformed GLEE gave you away.


19 posted on 03/06/2006 11:52:20 AM PST by SengirV
[ Post Reply | Private Reply | To 18 | View Replies]

To: Noumenon

They gave this "hacker" an account with undetermined permissions and left SSH opened - both non standard right out of the box.

To bad you appear to be too dim to understand what this means.


20 posted on 03/06/2006 12:04:16 PM PST by SengirV
[ Post Reply | Private Reply | To 16 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-64 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson