troubleshooting/tutorials/security

03/06/2006, 9:50am, EST

Monday, March 6th

Mac OS X hacker gains control in 30 min

One hacker was able to gain control of a Mac OS X machine within 30 minutes, according to a new report. ZDNet Australia reports that Mac OS X was hacked within 30 minutes using an unpublished security vulnerability. The "gwerdna" hacker, who was able to quickly gain root access to the Mac, was responding to a "rm-my-mac" challenge issued in late February by a Sweden-based Mac enthusiast. While the hacker said that the Mac could have been better protected, he said that it would not have made a difference, as he exploited a vulnerability that has not yet been made public or patched by Apple, according to the report. "Gwerdna" said that Apple's OS--often touted as more secure than its Windows counterpart--is "easy pickings" when it comes to vulnerabilities and that relatively low marketshare leaves most hackers uninterested in the platform. Although Apple has quickly responded to new virus and security threats published in the past month, other researchers still believe that old flaws in Mac OS X leave the OS vulnerable to attacks.


Filed under: troubleshooting

, , 35comments, del.icio.us, slashdot, digg, buzz


35 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
jhorvatic
What Mac did he gain cont
0
03/06, 10:07am, EST
What Mac did he gain control of? His own? Big deal! Let's see him break into any Mac out in the real world and not in his own house and see how far he gets. The first problem he has is to find you. The second problem is he has to get through your router firewall. The third problem is he has to get through the Macs firewall. The fourth problem is he has to gain access to your password. I seriously doubt he gained control of anything but his own. This story is missing so much detail that it really sounds phoney. And ZDNET has been pushing all of these stories that have no facts behind them and were really not the big security problems as hardly even one person got attacked.
Fresh-Faced Recruit
Joined Apr 2005
User is offline
Foe Hammer
You're Not Saying ...
0
03/06, 10:22am, EST
... that Zero Data Net is engaging in it usual MS-sponsored brand of FUD again, are you?
Fresh-Faced Recruit
Joined Feb 2005
User is offline
das
Article VERY misleading
0
03/06, 10:27am, EST
The article fails to mention that anyone on the globe who wished it was given *local access* to the machine via ssh! Yes, there are local privilege escalation vulnerabilities; likely some that are "unpublished". But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.
Fresh-Faced Recruit
Joined Jan 2001
User is offline
Icarust
cool hack
0
03/06, 10:30am, EST
I believe the hack is true: this "hacker" probably forgot the password to their system, so they used an install disc to reset it. Good work, I hope Apple does patch this one either.
Fresh-Faced Recruit
Joined Mar 2006
User is offline
davin8or
bogus
0
03/06, 10:41am, EST
Any hacker sophisticated enough to hack MacOSX would probably come up with a better handle than his name and last name initial spelled backwards. (AndrewG). I have been suspicious by the FUD published by CNET for some time - this "article" seals it for me.
Fresh-Faced Recruit
Joined Oct 2003
User is offline
I.P. Freely
what the hell?
0
03/06, 10:52am, EST
If you read the Znet article it make sit sound like they took over the machine... but if you read the rm-my-mac site. there is no mention of this punkass remotely controlling this machine.

Defacing someone's website, does not equal controlling the machine.

This could be fault of php, apche, mysql... or some other product. but nothing about OS x being hacked. this article is bullshit.

Feb 22, 2006 This sucks. Six hours later this poor little Mac was owned and this page got defaced. Good thing is it didn't get rm'd! Way to go PTP.
Fresh-Faced Recruit
Joined May 2003
User is offline
beeble
cracker??
0
03/06, 10:52am, EST
Any "news" agency that calls a cracker a hacker tells me they don't know squat. This is basic terminology that very few seem to be able to get right. Probably because very few in the media these days have a clue.
Fresh-Faced Recruit
Joined Mar 2004
User is offline
Zaren
Not even close
0
03/06, 11:08am, EST
Thed "hacker" in question was given a LOCAL account on the Mac that he could access via SSH. This isn't even close to the sc@r33 h@x0r they're trying to make this out to be. To wit: check out test.doit.wisc.edu for a *real* "hack my Mini" contest.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
jarod
Is it April Fools already
0
03/06, 11:12am, EST
People's desperate attemp for attention is really becoming pathetic. What's worse; all sites rush to publish this bullshit. So much for reputable Mac sites.
Fresh-Faced Recruit
Joined Apr 2005
User is offline
aristotles
Does anyone turn on SSH?
0
03/06, 11:30am, EST
SSH is off by default. Why would he turn it on?
Senior User
Joined Jul 2004
User is offline
additional comments:..1..2..3..4..Next
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News

Convert PDF to Word: Easily Convert PDF to Word Doc, Excel, and More. Fast and Accurate. No Registration Trial

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

NewsGator Enterprise RSS: Improve Corporate Communication via Web 2.0, RSS, and Social Computing.

Get an IT Degree Online: Get solid credentials. Take your hobby to the next level. Adult Programs. Affordable.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.