there are actually a few reasons why you'd have SSH turned on. Mostly I would say you'd have it turned on if, like me, you have administer UNIX servers and therefore like to scp files around (it seems, as far as I can tell, on a mac you need to have ssh turned on for scp to work. um. I may be wrong there.).

I can't honestly see why joe user would have ssh turned on. Unless you want to use command lines, it's utterly pointless. And on a single user system, you'd just use terminal.

>>So much for reputable Mac sites.

What? MacNN reputable? nahhhhhh...

Dude, it's not about having ssh turned on. That's fine.

*He gave people local accounts on the machine, which they could log into via ssh.*

That's a lot different than just turning ssh on.

Admittedly very misleading article with the fact that console access was granted through SSH.

Having said that, it does emphasize the importance of having strong passwords on your admin and non-admin accounts and especially on shared machines as a first line of defense for preventing mischief on your machine.

Next up; elite technoMage "gwerdna" (ANDREW Gardener, aged 14) pwns my mobile phone with access to just all its numbers but the last.

Sheesh MacNN get a grip.

http://en.wikipedia.org/wiki/Herd_behavior

Hold on, I got a call............

Does the Mac OS remain unexploited only because there is not enough market share for some dweeb to get his rocks off over or because the Mac OS remains very tough to hack?

It seems more likely that there are PLENTY of hackers out there working their little fingertips to the bone trying to score the first sucessful public hack of the Mac OS in order to anoint themselves king of the hackers and make headlines around the world...

common MacNN, add an update to the main story about the SSH being turned on, and setup to allow people to add a user account, this is not a normal config setup on any machine!

..."OS X is proven non secure..." "...the sky is falling..."

But, oddly, none of these 'news' ever contain any details... an anonymous 'hacker', using an unpublished exploit, and upon reading further, who was given local user access to the machine, as part of the setup.

There I went thinking this was some sort of news ... just waiting to hear the reveal that this was all 'sponsored' by Symantec, or some other purveyor of FUD.

That's great. I can gain control of my own Mac that I'm sitting in front of in about 3 seconds.

Once again, these pathetic attempts to make it appear that Mac OS X is not secure makes me feel safer than ever on Mac OS X. If the "hackers" can't do any better than this, now with all this media attention, that means they can't do any better than this...

Someone from within the company physically at the machine modified the website. It wasn't cracked remotely or over the itnernet. The Contest is back up again.

Wow, Microsoft must be running a little scared lately to have one of their propaganda organs running lame stuff like this. The way of all bullies.

Egad, I didn't type any of the above; someone's taken over my Powerbook! Run for you life to Windows!

That's great. I can gain control of my own Mac that I'm sitting in front of in about 3 seconds.

That's great, did you deface your own website? Hey, even better you can use it to set-up a web scam that involves putting a p*** server on your computer...

Instead of repeating the zdnet FUD you could have pointed out why this happened and what it means. The guy running the mini allowed you to create a shell account using a wab page. You could then SSH into the mini and had local access.

MacNN staff need to investigate these things instead of repeating it wholesale.

How come no one mentions one large piece of security question here? What is this undisclosed security hole? And I just love how people say things like "Well, no one should mention a security hole in public until a patch can be made" which is funny when dealing with Apple, who seems to never fix holes unless they're made public.

Plus, then the only people who know about them are the hackers themselves, and those of us who could potentially workaround the issues are stuck wondering who's breaking in this day.

Oh, right, you all claim OS X is rock solid, no holes in sight. Or the one who said it could be due to PHP, apache, etc, not the OS. Well, technically, most of OS X's underpinnings are based on FreeBSD, so I'm sure even if some hole was found, we'd blame it on them, not Apple....

Guys. Tell ZNET not Macnn!



tips@zdnet.com.au

Apple has responded to every one of my security flaw bug reports within a day or two. Fixes got pushed out fairly fast thereafter.

Perhaps the exploits are not being reported through the channels that reach Apple?

(And yes, I do claim that MacOS X is quite solid. Perfect, no, but very solid, based on the hours my clients have had to spend to keep MacOS X, Linux, and Windows servers alive and secure. Those costs are known, and can be tracked. A smart company does.)

Apple has responded to every one of my security flaw bug reports within a day or two. Fixes got pushed out fairly fast thereafter.

Too bad you didn't report that whole Safari/Mail auto open script thing. Maybe it would've gotten fixed sooner.

Then again, with the time it took them to even admit there was a problem, you'd think they could've come up with a better solution then the muddled "Let's verify with the user everytime they do something" way now.

ZDNet was woefully dishonest in reporting this incident, in that they failed to or purposely hide the details, namely, that the hack was done locally. See http://test.doit.wisc.edu/ for details.

It is fairly obvious to me that someone is orchastrating these reports and exploiting lax jounalism standards to sully Apple. Hopefully their lawyers are investigating and can bring a tort case against whomever is responsible.

Try heading over to Ars Technica, where they actually DISCUSS the issue and actually make a real response to the situation. You can get to the article here: http://arstechnica.com/news.ars/post/20060306-6321.html

The reality is that the contest wasn't indicative of reality, which doesn't say that Mac OS X is perfect, but also says the contest was practically rigged in favor of the hackers.

This guy is not a hacker if he already had an account on the machine and full physical access to it. What a bunch of FUD!

the contest was set up very much like a server environment: many unprivileged users doing their own thing on a single machine. with that said, shouldn't it be reasonable to expect that none of the users can perform a privilege escalation attack and gain root access to deface the site?

what this test really proves is that privilege escalation attacks are possible with Macs (a true bug). the really interesting thing here is how the attack was performed, and how should we protect against it until Apple releases a patch.

nevertheless, i still love my PowerBook 12" and the two PowerMacs. =)

since Apple started producing Intel Macs the FUD about Apple has increased 100 fold. I think it's nuts. The stupidity and the craziness of the FUD is amazing, but it's working. Basically XP is a piece of c*** OS and the FUD is coming out that MAC OSX is not as secure as Windows XP. All the FUDsters are out and pumping out stupid articles right and left. ZD Net and CNET are the worst but it's even spread to some major news sources. At first I thought it was me, but it's not. Microsoft must be running scared or they are mounting a head on FUD attack and it was planned since the Intel Mac announcement. It seems that the ferocity of the attack is worse than any the Mac community has seen since they all but assasinated the Mac in the 90s. Apple was better then and is better now. I guess they are afraid.

what kind of people run security audits in Redmond. This kind of omission is exactly why MS can't be trusted.

http://news.yahoo.com/s/pcworld/20060306/tc_pcworld/124978

BTW. This article replaced the one referencing the OS X 'hack'.

The devil is in the details, folks. Honestly MacNN, you call this news?... it almost seems like you have an agenda, or at least, are being pawns to others' agendas against the Mac.

FUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUD

What you see as FUD is seen as a healthy dose of reality by others.

Please stop using FUD as a scapegoat.