Posted on 03/06/2006 10:47:30 AM PST by ShadowAce
updateGaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .
According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.
"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.
Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.
"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.
Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.
"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms. If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.
An Apple Australia spokeswoman said today it was unable to comment at this stage.
You argue like a democrat. You try to be as confrontational as possible, but as soon as someone calls you on it - you point your finger at them for being in error.
Sorry, not going to play your weak mind games.
I've had very little luck with PC editing software.
I can't recall the last application I've used that worked well. That's where the Mac really shines.
In any case, OSX is still more secure than Windows, Case in point to consider: if the same exact stunt was done to a Windows box, said Windows box would've been hacked in a few minutes without any problem.
Hot! Amazon - Apple iMac with Intel Duo Core and 17" LCD - $125 Rebate, Shipped Free, No Tax to Most States! (Posted by: Leon)
It`s definitely better to buy these from Amazon rather than Apple.com. The $125 rebate is pretty slick too!
- Apple iMac Desktop with 17" Display MA199LL/A (1.83 GHz Intel Core Duo, 512 MB RAM, 160 GB Hard Drive, SuperDrive) for $1299.99 - $125 Rebate = $1174.99 shipped free! APPLE IMAC DESKTOP 17" LCD 1.83GHZ SALE
- Apple iMac Desktop with 20" Display MA200LL/A (2.0 GHz Intel Core Duo, 512 MB RAM, 250 GB Hard Drive, SuperDrive) for $1699.99 - $150 Rebate = $1549.99 shipped free! APPLE IMAC DESKTOP 20" LCD 2.0GHZ SALE
Now who are all those that professed this couldn't happen on a MAC?
I dont know maybe you can link to someone who said the mac was impervious...
FWIW, I agree with you. Put a default install of an OS on the iNTeRNeT and you're begging to get owned.
Doohicky,
This was not the default setup. SSH was, on my mac at any rate, by default not allowed. And for sure there were no shell accounts that anyone new about when I first installed it..
He took the OS X client (not Server) and started running various server services. With OS X the default install is everything off, which wasn't this test case. You need to follow good procedure when you start turning things on. OS X makes that bit easy.
Oh, and don't give anonymous hackers shell access. That's always a good idea. :)
I'd also call BS on anyone who did this test with an XP machine instead of 2003 Server.
Well, that's a horse of a different color. Thanks for clearing that up.
What "case in point" are you referring to, or do you not understand the meaning of the phrase? Must not, since your claim is actually nothing more than wild speculation, without even a named hacker or unknown exploit to back it up.
Well, who is the named hacker and what is the exploit on that Mac? I haven't heard anything from that hacker and there is nothing on the exploit.
By the way, did you know that I just hacked into your computer with an unknown exploit (very, very few people know about this exploit). I bet that's a surprise to you, too -- huh?
Of course, it wouldn't be "responsible" for me to let anyone know what the exploit was. If I did that, then who knows who else might use it to compromise all those other computers.
Why don't we try a *real test* (instead of all this high-flying rhetoric)... See a real-world test here --
Regards,
Star Traveler
This was an idiotic test and totally unrealistic. How unsurprising that if you give hackers shell accounts, they can get root!
Of course, the Windows fanatics will latch onto this as "proof" that Macs are as insecure is Windows, which is absolutely false.
The hacker's name is "gwerdna", thought to possibly be a guy named Andrew G. (reverse) or similar. His exploit was unknown, and not compatible with Windows, but did obviously exist.
If you or reznikj are a hacker, or knows one that has a currently unknown exploit for Windows, you might have a "case in point" that a similar process could actually happen to Windows in a similar circumstance. But calling a hypothetical a "case in point" is clearly a misuse of the meaning and tense of the phrase. Sounds like reznikj should be more concentrating on his studies than making unbackable claims on the internet every night.
Of course business domains depend on this being impossible, or extremely difficult.
Well, you have just as much information with me, too -- as you do about that other guy. You've got my name and the statement that it's an unknown exploit that I'm using, too.
Is that enough proof for you?
Oh, could you contact that "gwerdna" and tell him to use that unkown exploit on this Mac...
You think about 45 minutes on that one?
Regards,
Star Traveler
Proof enough of what? That you have an unknown Windows exloit? Hardly! My guess is neither does reznikj, nor will you ever. So you've got the rest of your life to prove me wrong.
You said -- "So you've got the rest of your life to prove me wrong."
I don't have to. I've already done it -- the same way that "gwerdna" did with his unknown exploit on the Mac. We've both proved it -- one for the Mac and one for the Windows.
Regards,
Star Traveler
You haven't proven anything, and seem to be pretty high in the stars at this particular moment. Let me know if/when you return to earth.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.