|
Posted on 03/06/2006 10:47:30 AM PST by ShadowAce
updateGaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .
According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users… There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.
"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.
Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.
"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.
Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.
"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.
An Apple Australia spokeswoman said today it was unable to comment at this stage.
|
Though it does spell "red wang".
Also "draweng."
Having said that, my example was that if you had a Windows machine, and gave people access to it like this Nutt did with his Mac, the Windows box would have been haxored to kingdom come in a matter of minutes.
Not that it's any of your business, but I have a solid B+ average going and have 18 credits this semester, plus I got accepted at a major state university to complete my degree. Not to mention I do about four hours of homework a night--on the average.
Sounds like the status quo works--I get my homework done (which results in good grades) and still have plenty of time to FReep.
Therefore, quit it with the ad hominems and my schooling.
heheheheheh... when Steve made that announcement, Apple had over $2 Billion in cash in the bank. The $100 Million (actually $150 million) was part of a settlement of a lawsuit against Microsoft that Apple WON! The $150 million was a purchase of secured stock made by Microsoft. MS also had to agree to continue producing Microsoft Office for Mac for an additional five years, while Apple agreed to extend some software and hardware patent licenses that MS had infringed for a similar period. The announcement was pure face saving hype for Microsoft's benefit, putting a benevolent light on it.
I hope you do well. You'll learn a lot more after you leave school. A whole lot more, in some cases.
LOL
Windows may be better than its earlier versions, but it's nowhere at the level of the Mac--or Unix, Linux, BSD, etc. for that matter.
Gee, what were those AIX and Solaris admins thinking when they gave all us users shell accounts? Come to think of it, they never did get hacked through the shell, so maybe it's a problem unique to OS X.
No, it's probably some buffer overrun exploit in one of the many user apps on the machine. The point is that, out of the box, the Mac doesn't come with telnet and ssh access enabled (AFAIK). The normal user is going to be using it as a personal computer and not as a server. Whatever exploit(s) employed by the gwerdna guy need to be fixed, but it's an unrealistic test.
This would be a lot more worrisome if they rooted a box that was sitting there in its default configuration with no servers running. It's an unrealistic test.
It's clear from your own reply that the vitriol goes both ways!
The more I read about this supposed hack/break-in ("hoax") -- the worse it gets and the more apparent that it was all rigged.
Now I read that the guy who set this up (a Windows developer -- funded by Microsoft?) -- modified the original Mac OS X operating system by rolling back some of Apple's patches to the original (and underlying) UNIX (by means of another program which changed these things) -- and thus (by his own modifications to programming) made the OS more insecure.
It just gets worse and worse, the more I read about it. An accurate test of the security is being done here. It's been *way past* 30 minutes and no one has hacked it. This example is what people would really be doing. People wouldn't be making their Mac OS X *less secure* -- like this guy did by removing those patches and protections in the operating system.
See this proper test that no one has hacked --
I haven't seen the technicals of the hack yet. But it looks like he gave SSH access with a shell account to any hacker who wanted it. With that account, the hacker was able to elevate his privileges.
This is interesting as a local exploit. But I'll believe this as a good server example when it becomes common practice to give shell accounts to hackers.
Every multi-user OS I know has had privilege elevation exploits. They are a common danger. Normally when running a server, all of the service accounts do not have logon privileges (meaning a hacker exploiting a service can't use it to log on), only the local admin accounts do. That restricts the abilities of someone who hacked a service. The hacker is left with trying to exploit the flaws in that service to perform a privilege elevation, which is harder than if they could just log on.
I'm a unix admin at a campus and had a case where I had a lab full of PCs a few years back. I had a spare hard drive in case I needed to do a quick drive swap on a boxthat had Win 2000SP4 on it, and the replacement drive had 2000SP1. In the time it took for the machine to BOOT, it got hacked, trojaned, and rebooted. I was very much impressed and disappointed, all at once. That was FAST!
Ah yes, the person responding should be treated equally to the trolls. So sad.
(1) How do you know they never got hacked?
(2) Were they giving shell access to skilled hackers?
(3) Were they telling the hjackers from 2 it was ok to hack the box?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
