"SecurityFocus was acquired by Symantec Corporation in the fall of 2002"

what a lame story.. let me guess, the "researcher" works for microsoft and the "hardended" powerbook had a post-it note stuck on the monitor that said "pw: root" .. this is FUD

This story says more about self-described "security researchers" than it does about OS X. "I thought it was secure and (I think) it got hacked (somehow); since I consider myself an expert, it must be OS X's fault!"

Long story: When I worked for a major software firm twenty-something years ago, I was approached by someone who had taken over some dormant MS-DOS code I had once maintained, and was agitated because he had found a "virus" in the code. The virus turned out to be a tiny program, written by my predecessor and executed by the build script to play a short tune on the PC to signify that the build was done. On newer machines, the music "program" crashed because of hardward incompatibility. I laughed the guy out of my office.

A couple of months later, he had a new job title as the first "security engineer" in the software development organization.

If you don't want to have undesired remote acces to your mac, then control all ports with a firewall, and close the services which could allow undesired access to the machine: remote login, Apple Remote Desktop and Remote Apple Events - All of which are disabled by default (except remote login on os x server). Close these ports and you are sure that no one would ever activate filesharing through one of your services.. (how is it possible to enable filesharing through printer sharing??!)

So it comes down to 2 things: disconnect from the network (close your wifi link and disconnect your ethernet cable) and limit direct access to the machine.

the rest would depend on the user (the famous code 18 - 18 inches in front of the screen...)

cheers

sooooo let's ge this straight. an OS that I've had many windows users complain about "asking for a password all the time" was compromised. We are to believe that the "researcher" had done all "hardening" including not being logged in as administrator eh? Every OS X user knows that unless you specified otherwise, you can't start filesharing without root or admin privs. So the real question is how did the "hacker" get this information. We'll assume that the root password was set and then the root account disabled soooo the machine wasn't remotely "rooted." This leaves one other option. "researcher" was logged in as an admin AND at some point during the conference used that account to authorize something.

I find it convenient that the "forensic" evidence showed that in addition to everything else, not a single file had a changed date and the logs were completely wiped of activity.

No word if any rootkit had been installed by said researcher, therefore having opened his own machine to hacking.

FYI, the "story" first appeared on a site run by a company that sold out to $ymantec. They claim "journalistic independence" of course.

Let's see, $ymantec makes money with their protection racket and their "independent" rag runs this "story" with no verifiable sources or proof of any kind.

This is like someone poisoning Tylenol to short the stock.

MacNN this is sure sloppy. Or were you just trying to get more hits by running that unconfirmed, sensational, bullshit headline?

I just ended up wiping clean a fresh install of a company's Xserve because it had an IRCbot installed.

Most people don't think that OSX can be compromised. It can.

But not in the same way as you'd expect a Windows machine.

Regardless, the record for defaced websites belongs to Apache webservers and not IIS actually for the last year or so.

You can't crack an OS X box. Its impossible. So this must be false and we all know it. And if it was cracked, it must be because of some idiot user who didn't know what he was doing, left his computer running, let others touch it, etc.

Man, you guys will never believe that a mac can be cracked. Whatever happens, it'll be someone else's fault. Hey, Linux is cracked all the time. Why can't OS X?

Every OS X user knows that unless you specified otherwise, you can't start filesharing without root or admin privs.

Hmm, based on this garbage quote, you apparently have that "All mac users are really smart, and windows users are idiots" mentality. But just so that you know, not ALL mac users know this. Let's be truthful here. Most likely, like with Windows, most macs are used by sole users, are used as they're set up when you first turn the blasted thing on, which means most people run as an Admin, and thus don't realize they're 'admins'.

But more importantly, you missed an important point. It doesn't say that file sharing was turned on. It says "starting up a file server", not file sharing. There are all sorts of file servers out there, not just apple's built-in version.

So the real question is how did the "hacker" get this information. We'll assume that the root password was set and then the root account disabled soooo the machine wasn't remotely "rooted." This leaves one other option. "researcher" was logged in as an admin AND at some point during the conference used that account to authorize something.

Of course. Because we know its impossible to exploit anything on OS X. So it must have been incompetence! Oh, and disabling 'root' only means you can't log in as root. But it doesn't prevent a user from using the root account (and, since Apple nicely sets up your root password as your first admin password, if you have one, you can usually log in as root).

Or, of course I'm sure this guy just left his computer running and available to all those other strangers in a conference. Yeah, I'd do that too with a $2500 computer. Just leave it for anyone to take...

It's not the hardware you hack it's the OS. And when you have physical access to a machine is quite different then being half way around the world. What was the supposed hardening? Where's the details? I can say I hacked into a Mac and print it too. I've yet to hear of anyone getting into an OSX system since it has come out and I'm still waiting. Heck the screensavers did a test and no one got through even when the I.P. was given out.

Just like any other POSIX/*nix based system, BSD systems have BIND exploits, just as well as other user exploits.

http://www.dshield.org/pipermail/intrusions/2005-April/008920.html

This is pretty much the scenario I ran into a month ago. There was an IRCbot installed on a freshly delivered MacOSX machine - psybnc had been installed on the machine.

There's a lot to say about the machine - it was not hardened until after I did some work to it. It was exploited because the local admin has no experience, and had not installed anything. Just as Linux webservers get defaced, so can a Mac. I've done enough white hat work to know that certain versions of Apache allow mods and updates before checking who's doing the request(s).

MacOSX virus? h*** no.

MacOSX exploits? Better believe it. They're minor, but they exist.

Consider the possibility the user was running an Anti-Virus, as they seem to have created the biggest holes on OS X lately.

I would think if they were really a security researcher, they'd have diagnosed exactly what the vector of the exploit was and how it worked. Without any detail it sounds like the person is just a whiner.

54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 54gf 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1 123Bvr1