Hacker gains access to Mac OS X in 30 mins

[Ermz]

I thought this might be relevant here because we have quite a few Mac users:

http://www.shoutwire.com/viewstory/6138/Hacker_Gains_Root_Access_to_Mac_OS_X_in_30_Minutes

 

[kev]

I thought this might be relevant here because we have quite a few Mac users:

http://www.shoutwire.com/viewstory/6138/Hacker_Gains_Root_Access_to_Mac_OS_X_in_30_Minutes

aha nice. Im sure he could do it with windows as well though, considering the amount of flaws with that os

 

[xmidihcx]

would you guys just cut it out with the mac vs. pc bullshit?

btw. . i dont really care but i'm just happy cus i get internet in my car on my laptop/DAW (PC by the way ) and my big fat mouth needed to post something!

edit: lemme just add that this is the first time realizing that i get free internet in my car over here in my spot so i hope it lasts, i'm so excited!

 

[Razorjack]

would you guys just cut it out with the mac vs. pc bullshit?

btw. . i dont really care but i'm just happy cus i get internet in my car on my laptop/DAW (PC by the way ) and my big fat mouth needed to post something!

edit: lemme just add that this is the first time realizing that i get free internet in my car over here in my spot so i hope it lasts, i'm so excited!

The Mac vs PC war has been raging for a long time on this forum and will continue to be fought by die hard users of both systems, I personally try and stay out of it all....Ok, aparts from starting a thread guaranteed to get an argument going but thats besides the point....

 

[kev]

i was gonna come in and say "muhhahaha" mac has been done, but anybody who knows what they're doing can hack any system to shreds. 192.168.2.1 anyone

 

[Ermz]

Heh. My intention really wasn't to jack up that argument again. If you actually bothered reading the article, a source at Symantec goes over what we pretty much already know. Windows has thousands more viruses geared towards it than OS X because it has the larger part of the market share.

The thing I was trying to bring to attention was that according to him, OS X has the same potential for vulnerabilities and exploits.. it's just a matter of when people decide to start finding them. If I were a Mac user, I'd find that relevant to me.

 

[006]

I have Wi-Fi internet access on my PowerBook G4 all across the U.S. Works quite like cellular phone service. Anywhere I go, I can open my G4 laptop and and I have a badass wireless signal ready to go. On the road, hotels, airplanes, at the coffee shop, here at the studio...it's good stuff. The catch? $120 a month subscription. Ouch.

There's nothing new about Wi-Fi, and anything with a wireless network card in it (Laptops, PC's, Mac's, Palm Pilot's, what have you) can have that service.

~006

 

[SPLASTiK]

I have Wi-Fi internet access on my PowerBook G4 all across the U.S. Works quite like cellular phone service. Anywhere I go, I can open my G4 laptop and and I have a badass wireless signal ready to go. On the road, hotels, airplanes, at the coffee shop, here at the studio...it's good stuff. The catch? $120 a month subscription. Ouch.

There's nothing new about Wi-Fi, and anything with a wireless network card in it (Laptops, PC's, Mac's, Palm Pilot's, what have you) can have that service.

~006

What does that have to do with anything? The article says nothing about wi-fi and no posts mentioned it...

 

[006]

SPLASTiK

btw. . i dont really care but i'm just happy cus i get internet in my car on my laptop/DAW (PC by the way)

That's the reason.

On to the point. The best parts about this whole thing are:

Although Gwerdna said that Mac OS X contains unpatched vulnerabilities that would permit a hacker to infiltrate Apple's operating system, he said that the relatively small number of Macs in use -- in contrast to the vast number of PCs running Windows -- is the reason more hackers do not try to exploit them.

Weafer also said that hackers are not capitalizing on vulnerabilities in Mac OS X to the same degree they are trying to exploit flaws in Windows. Weafer estimated that there are between 100,000 to 200,000 Windows viruses compared to 200 or so Mac viruses.

The part that sucks:

According to Weafer, the number of Mac vulnerabilities discovered and the possibility they will be exploited will gradually rise as a direct result of an increased interest in Mac OS X. Weafer urged Mac users to make sure they have installed antivirus and antispyware applications and are updating them regularly.

~006

 

[SPLASTiK]

SPLASTiK
That's the reason.
~006

Guess I missed that. I even did a quick find for wireless and wi-fi

 

[Kazrog]

This hack report is actually misleading/false, it's been debunked on several sites (including MacWorld, incidentally, a ZDNet publication):

http://www.vnunet.com/vnunet/news/2151455/false-hacking-report-prompts
http://www.macworld.com/news/2006/03/07/hacked/index.php

A second contest was held, where the mac was exposed to thousands of experienced attackers over the internet, and held up perfectly (with the exception of it being momentarily unavailable due to a massive Denial of Service attack, which can happen to any server

http://software.silicon.com/os/0,39024651,39157042,00.htm

Bear in mind that ZDNet often prints inaccurate, distorted stories to bring in hits from angry readers. Their main priority is advertising, so hits are all that matter in that game. Occasionally they get themselves under scrutiny and they have to retract their claims, as we've seen here.

Oh yeah, and all of the "200 Mac Viruses" run in Mac OS 9 and earlier. They can't infect a Mac OS X machine, as they are completely different operating systems from the ground up. The claim of "200 viruses" helps to sell antivirus software for the Mac - which has been shown to actually create more security problems than it solves. You're safer on a Mac, in other words, WITHOUT anti-virus software.

I'm not saying the Mac is unhackable, but the scope of the hacks will be limited to social engineering / trojan horse attacks (requiring the user to manually install a virus in the guise of an application, and enter their administrative password) rather than actual self-replicating worms like we see in the Windows universe. I will start playing guitar for Barry Manilow the day that somebody writes a Mac worm.

 

[SPLASTiK]

A second contest was held, where the mac was exposed to thousands of experienced attackers over the internet, and held up perfectly (with the exception of it being momentarily unavailable due to a massive Denial of Service attack, which can happen to any server

From what I read they shut down the contest shortly after it happened because the University of Madison wouldn't allow it from what I read.

I will start playing guitar for Barry Manilow the day that somebody writes a Mac worm.

What about...
http://www.ambrosiasw.com/forums/index.php?showtopic=102379 ? There's arguement whether it's a virus, trojan, worm, malware etc.

 

[Ermz]

Cool. Good to hear that straightened out, Kazrog. I hate it when articles don't give you the full story.

 

[LydonB]

This hack report is actually misleading/false, it's been debunked on several sites (including MacWorld, incidentally, a ZDNet publication):

http://www.vnunet.com/vnunet/news/2151455/false-hacking-report-prompts
http://www.macworld.com/news/2006/03/07/hacked/index.php

A second contest was held, where the mac was exposed to thousands of experienced attackers over the internet, and held up perfectly (with the exception of it being momentarily unavailable due to a massive Denial of Service attack, which can happen to any server

http://software.silicon.com/os/0,39024651,39157042,00.htm

Bear in mind that ZDNet often prints inaccurate, distorted stories to bring in hits from angry readers. Their main priority is advertising, so hits are all that matter in that game. Occasionally they get themselves under scrutiny and they have to retract their claims, as we've seen here.

Oh yeah, and all of the "200 Mac Viruses" run in Mac OS 9 and earlier. They can't infect a Mac OS X machine, as they are completely different operating systems from the ground up. The claim of "200 viruses" helps to sell antivirus software for the Mac - which has been shown to actually create more security problems than it solves. You're safer on a Mac, in other words, WITHOUT anti-virus software.

I'm not saying the Mac is unhackable, but the scope of the hacks will be limited to social engineering / trojan horse attacks (requiring the user to manually install a virus in the guise of an application, and enter their administrative password) rather than actual self-replicating worms like we see in the Windows universe. I will start playing guitar for Barry Manilow the day that somebody writes a Mac worm.

Excellent post.

 

[Kazrog]

From what I read they shut down the contest shortly after it happened because the University of Madison wouldn't allow it from what I read.

Yes, that is true, however it still ran long enough to get an impressive amount of hacks from all over the world. I would welcome a longer, more scientific test! However, the sheer quantity, depth and breadth of attacks used in this contest would have surely brought down a Windows server completely. Even the most seasoned Windows server admins with the tightest security policies have a great deal to be afraid of, which is why many companies are switching to Linux and Mac OS X.

What about...
http://www.ambrosiasw.com/forums/index.php?showtopic=102379 ? There's arguement whether it's a virus, trojan, worm, malware etc.

It's a Trojan Horse, because it depends upon user actions to execute. Just see the Wikipedia Definition of a Trojan Horse. Most of these people arguing over on Ambrosia's site don't have a clue about the terminology they're using.

Another aspect to consider (which journalists seem to be ignoring) is that the primary motive of virus authors is political. Most virus authors are Linux geeks, who hate Microsoft, and who usualy respect Apple and Mac OS X because it is another form of Unix. They're not going to be as motivated to write hacks and viruses for Macs in a malicious way. Thus far, all of the Mac hacks and viruses we're seeing are made in an ethical sense, to provide proofs-of-concept so that Apple can, in turn, pre-emptively anticipate potential virus and security threats.

 

[silverwulf]

I will start playing guitar for Barry Manilow the day that somebody writes a Mac worm.

http://www.macnewsworld.com/story/48948.html

There's your worm. Let us know when you're on tour... In regards to the test at the University of Madison, only a fool would attempt to hack into a network like that when such widespread attention was brought forth and the spotlight was shined on it. You basically had a bunch of hacks (pandon my pun) trying to get a bit of the limelight and giving it their best. Anyone who even has a decent clue of how to hack into a system like that wouldn't attempt it with media attention like that around. Those guys operate below the radar, not in the spotlight. It's also the reason why UM is fearful of it's networks at the moment, because they realize the attention brought forth may leave them a future target once the spotlight is gone.

 

[SPLASTiK]

It's a Trojan Horse, because it depends upon user actions to execute. Just see the Wikipedia Definition of a Trojan Horse. Most of these people arguing over on Ambrosia's site don't have a clue about the terminology they're using.

But it spreads, Trojans don't have the ability spread itself. (Which Wikipedia also mentions)

 

[Kazrog]

http://www.macnewsworld.com/story/48948.html

There's your worm. Let us know when you're on tour... In regards to the test at the University of Madison, only a fool would attempt to hack into a network like that when such widespread attention was brought forth and the spotlight was shined on it. You basically had a bunch of hacks (pandon my pun) trying to get a bit of the limelight and giving it their best. Anyone who even has a decent clue of how to hack into a system like that wouldn't attempt it with media attention like that around. Those guys operate below the radar, not in the spotlight. It's also the reason why UM is fearful of it's networks at the moment, because they realize the attention brought forth may leave them a future target once the spotlight is gone.

This was patched a while ago, and still requires more action from the user than most Windows worms. In any case, what I said was future-tense. I'm specifically referring to the type of worm that can spread to any computer that happens to be plugged into the internet. I don't think we'll ever see that in Mac OS X, because we haven't seen it in the Unix world in general.

We'll definitely see more some social engineering attacks like this iChat example on the Mac though, and everyone that runs a computer with any OS needs to beware of these types of attacks.

 

[Kazrog]

But it spreads, Trojans don't have the ability spread itself. (Which Wikipedia also mentions)

This is still a Trojan - it doesn't have the ability to spread itself. It requires the user to spread it by manually running it.

 

[silverwulf]

This was patched a while ago, and still requires more action from the user than most Windows worms.

Oh, I'm sure it was patched and all. You were just speaking in absolutes earlier in regards to worms, so I just wanted to point that one out.