toggle

AAPL Stock: 562.29 ( -3.03 )

MacNN News

Mac OS X hacker gains control in 30 min

updated 09:50 am EST, Mon March 6, 2006

Mac OS X compromised

One hacker was able to gain control of a Mac OS X machine within 30 minutes, according to a new report. ZDNet Australia reports that Mac OS X was hacked within 30 minutes using an unpublished security vulnerability. The "gwerdna" hacker, who was able to quickly gain root access to the Mac, was responding to a "rm-my-mac" challenge issued in late February by a Sweden-based Mac enthusiast. While the hacker said that the Mac could have been better protected, he said that it would not have made a difference, as he exploited a vulnerability that has not yet been made public or patched by Apple, according to the report. "Gwerdna" said that Apple's OS--often touted as more secure than its Windows counterpart--is "easy pickings" when it comes to vulnerabilities and that relatively low marketshare leaves most hackers uninterested in the platform. Although Apple has quickly responded to new virus and security threats published in the past month, other researchers still believe that old flaws in Mac OS X leave the OS vulnerable to attacks.

by MacNN Staff

(35)

TAGS :

troubleshooting

Share the Article

Facebook Twitter Delious Slash Dot Digg

toggle

Comments

jhorvatic
Fresh-Faced Recruit

Joined: Apr 2005

0

03/06, 10:07am | report spam | close Reply |
What Mac did he gain cont

What Mac did he gain control of? His own? Big deal! Let's see him break into any Mac out in the real world and not in his own house and see how far he gets. The first problem he has is to find you. The second problem is he has to get through your router firewall. The third problem is he has to get through the Macs firewall. The fourth problem is he has to gain access to your password. I seriously doubt he gained control of anything but his own. This story is missing so much detail that it really sounds phoney. And ZDNET has been pushing all of these stories that have no facts behind them and were really not the big security problems as hardly even one person got attacked.

Foe Hammer
Fresh-Faced Recruit

Joined: Feb 2005

0

03/06, 10:22am | report spam | close Reply |
You're Not Saying ...

... that Zero Data Net is engaging in it usual MS-sponsored brand of FUD again, are you?

das
Fresh-Faced Recruit

Joined: Jan 2001

0

03/06, 10:27am | report spam | close Reply |
Article VERY misleading

The article fails to mention that anyone on the globe who wished it was given *local access* to the machine via ssh! Yes, there are local privilege escalation vulnerabilities; likely some that are "unpublished". But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.

Icarust
Fresh-Faced Recruit

Joined: Mar 2006

0

03/06, 10:30am | report spam | close Reply |
cool hack

I believe the hack is true: this "hacker" probably forgot the password to their system, so they used an install disc to reset it. Good work, I hope Apple does patch this one either.

davin8or
Fresh-Faced Recruit

Joined: Oct 2003

0

03/06, 10:41am | report spam | close Reply |
bogus

Any hacker sophisticated enough to hack MacOSX would probably come up with a better handle than his name and last name initial spelled backwards. (AndrewG). I have been suspicious by the FUD published by CNET for some time - this "article" seals it for me.

I.P. Freely
Fresh-Faced Recruit

Joined: May 2003

0

03/06, 10:52am | report spam | close Reply |
what the h***?

If you read the Znet article it make sit sound like they took over the machine... but if you read the rm-my-mac site. there is no mention of this punkass remotely controlling this machine.

Defacing someone's website, does not equal controlling the machine.

This could be fault of php, apche, mysql... or some other product. but nothing about OS x being hacked. this article is bullshit.

Feb 22, 2006 This sucks. Six hours later this poor little Mac was owned and this page got defaced. Good thing is it didn't get rm'd! Way to go PTP.

beeble
Fresh-Faced Recruit

Joined: Mar 2004

0

03/06, 10:52am | report spam | close Reply |
cracker??

Any "news" agency that calls a cracker a hacker tells me they don't know squat. This is basic terminology that very few seem to be able to get right. Probably because very few in the media these days have a clue.

Zaren
Fresh-Faced Recruit

Joined: Aug 2001

0

03/06, 11:08am | report spam | close Reply |
Not even close

Thed "hacker" in question was given a LOCAL account on the Mac that he could access via SSH. This isn't even close to the sc@r33 h@x0r they're trying to make this out to be. To wit: check out test.doit.wisc.edu for a *real* "hack my Mini" contest.

jarod
Fresh-Faced Recruit

Joined: Apr 2005

0

03/06, 11:12am | report spam | close Reply |
Is it April Fools already

People's desperate attemp for attention is really becoming pathetic. What's worse; all sites rush to publish this bullshit. So much for reputable Mac sites.

aristotles
Grizzled Veteran

Joined: Jul 2004

0

03/06, 11:30am | report spam | close Reply |
Does anyone turn on SSH?

SSH is off by default. Why would he turn it on?

jonbwfc1
Fresh-Faced Recruit

Joined: Nov 2003

0

03/06, 11:43am | report spam | close Reply |
SSH

there are actually a few reasons why you'd have SSH turned on. Mostly I would say you'd have it turned on if, like me, you have administer UNIX servers and therefore like to scp files around (it seems, as far as I can tell, on a mac you need to have ssh turned on for scp to work. um. I may be wrong there.).

I can't honestly see why joe user would have ssh turned on. Unless you want to use command lines, it's utterly pointless. And on a single user system, you'd just use terminal.

tomodachi
Fresh-Faced Recruit

Joined: Apr 2002

0

03/06, 11:45am | report spam | close Reply |
re:

>>So much for reputable Mac sites.

What? MacNN reputable? nahhhhhh...

das
Fresh-Faced Recruit

Joined: Jan 2001

0

03/06, 11:46am | report spam | close Reply |
re: ssh

Dude, it's not about having ssh turned on. That's fine.

*He gave people local accounts on the machine, which they could log into via ssh.*

That's a lot different than just turning ssh on.

legacyb4
Mac Elite

Joined: May 2001

0

03/06, 12:05pm | report spam | close Reply |
Strong Admin Password

Admittedly very misleading article with the fact that console access was granted through SSH.

Having said that, it does emphasize the importance of having strong passwords on your admin and non-admin accounts and especially on shared machines as a first line of defense for preventing mischief on your machine.

eeZbub
Fresh-Faced Recruit

Joined: Aug 2005

0

03/06, 12:21pm | report spam | close Reply |
It's the end I tells Ya

Next up; elite technoMage "gwerdna" (ANDREW Gardener, aged 14) pwns my mobile phone with access to just all its numbers but the last.

Sheesh MacNN get a grip.

http://en.wikipedia.org/wiki/Herd_behavior

Hold on, I got a call............

macbarry
Junior Member

Joined: Aug 2002

0

03/06, 12:27pm | report spam | close Reply |
It's BS

Does the Mac OS remain unexploited only because there is not enough market share for some dweeb to get his rocks off over or because the Mac OS remains very tough to hack?

It seems more likely that there are PLENTY of hackers out there working their little fingertips to the bone trying to score the first sucessful public hack of the Mac OS in order to anoint themselves king of the hackers and make headlines around the world...

bdmarsh
Fresh-Faced Recruit

Joined: Feb 2006

0

03/06, 12:33pm | report spam | close Reply |
Update the main story!

common MacNN, add an update to the main story about the SSH being turned on, and setup to allow people to add a user account, this is not a normal config setup on any machine!

ZinkDifferent
Fresh-Faced Recruit

Joined: Jan 2005

0

03/06, 12:38pm | report spam | close Reply |
More of the same...

..."OS X is proven non secure..." "...the sky is falling..."

But, oddly, none of these 'news' ever contain any details... an anonymous 'hacker', using an unpublished exploit, and upon reading further, who was given local user access to the machine, as part of the setup.

There I went thinking this was some sort of news ... just waiting to hear the reveal that this was all 'sponsored' by Symantec, or some other purveyor of FUD.

kw99
Fresh-Faced Recruit

Joined: Nov 2001

0

03/06, 12:47pm | report spam | close Reply |
gain control in 30 min.

That's great. I can gain control of my own Mac that I'm sitting in front of in about 3 seconds.

Once again, these pathetic attempts to make it appear that Mac OS X is not secure makes me feel safer than ever on Mac OS X. If the "hackers" can't do any better than this, now with all this media attention, that means they can't do any better than this...

olePigeon
Clinically Insane

Joined: Dec 1999

0

03/06, 01:22pm | report spam | close Reply |
Contest back up again.

Someone from within the company physically at the machine modified the website. It wasn't cracked remotely or over the itnernet. The Contest is back up again.

brainiac_7
Fresh-Faced Recruit

Joined: Jun 2005

0

03/06, 01:25pm | report spam | close Reply |
Scared!

Wow, Microsoft must be running a little scared lately to have one of their propaganda organs running lame stuff like this. The way of all bullies.

Egad, I didn't type any of the above; someone's taken over my Powerbook! Run for you life to Windows!

zulfikarn
Fresh-Faced Recruit

Joined: Sep 2000

0

03/06, 01:26pm | report spam | close Reply |
get a life in 30 min

That's great. I can gain control of my own Mac that I'm sitting in front of in about 3 seconds.

That's great, did you deface your own website? Hey, even better you can use it to set-up a web scam that involves putting a p*** server on your computer...

Deicide
Forum Regular

Joined: Mar 2001

0

03/06, 01:26pm | report spam | close Reply |
shame on Macnn

Instead of repeating the zdnet FUD you could have pointed out why this happened and what it means. The guy running the mini allowed you to create a shell account using a wab page. You could then SSH into the mini and had local access.

MacNN staff need to investigate these things instead of repeating it wholesale.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/06, 01:39pm | report spam | close Reply |
Missing a point

How come no one mentions one large piece of security question here? What is this undisclosed security hole? And I just love how people say things like "Well, no one should mention a security hole in public until a patch can be made" which is funny when dealing with Apple, who seems to never fix holes unless they're made public.

Plus, then the only people who know about them are the hackers themselves, and those of us who could potentially workaround the issues are stuck wondering who's breaking in this day.

Oh, right, you all claim OS X is rock solid, no holes in sight. Or the one who said it could be due to PHP, apache, etc, not the OS. Well, technically, most of OS X's underpinnings are based on FreeBSD, so I'm sure even if some hole was found, we'd blame it on them, not Apple....

piot
Forum Regular

Joined: Oct 2001

0

03/06, 02:11pm | report spam | close Reply |
Tell ZNET OZ

Guys. Tell ZNET not Macnn!

tips@zdnet.com.au

ScottEllsworth
Fresh-Faced Recruit

Joined: Sep 2001

0

03/06, 02:48pm | report spam | close Reply |
no points missed

Apple has responded to every one of my security flaw bug reports within a day or two. Fixes got pushed out fairly fast thereafter.

Perhaps the exploits are not being reported through the channels that reach Apple?

(And yes, I do claim that MacOS X is quite solid. Perfect, no, but very solid, based on the hours my clients have had to spend to keep MacOS X, Linux, and Windows servers alive and secure. Those costs are known, and can be tracked. A smart company does.)

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/06, 03:27pm | report spam | close Reply |
Re: no points missed

Apple has responded to every one of my security flaw bug reports within a day or two. Fixes got pushed out fairly fast thereafter.

Too bad you didn't report that whole Safari/Mail auto open script thing. Maybe it would've gotten fixed sooner.

Then again, with the time it took them to even admit there was a problem, you'd think they could've come up with a better solution then the muddled "Let's verify with the user everytime they do something" way now.

debohun
Fresh-Faced Recruit

Joined: Feb 1999

0

03/06, 03:40pm | report spam | close Reply |
Not the whole truth...

ZDNet was woefully dishonest in reporting this incident, in that they failed to or purposely hide the details, namely, that the hack was done locally. See http://test.doit.wisc.edu/ for details.

It is fairly obvious to me that someone is orchastrating these reports and exploiting lax jounalism standards to sully Apple. Hopefully their lawyers are investigating and can bring a tort case against whomever is responsible.

Rincewind
Fresh-Faced Recruit

Joined: May 2000

0

03/06, 06:35pm | report spam | close Reply |
How about a real analysis

Try heading over to Ars Technica, where they actually DISCUSS the issue and actually make a real response to the situation. You can get to the article here: http://arstechnica.com/news.ars/post/20060306-6321.html

The reality is that the contest wasn't indicative of reality, which doesn't say that Mac OS X is perfect, but also says the contest was practically rigged in favor of the hackers.

jhorvatic
Fresh-Faced Recruit

Joined: Apr 2005

0

03/06, 07:08pm | report spam | close Reply |
Not a hacker with local a

This guy is not a hacker if he already had an account on the machine and full physical access to it. What a bunch of FUD!

ideinit
Fresh-Faced Recruit

Joined: Mar 2006

0

03/06, 07:26pm | report spam | close Reply |
valid test, real bug...

the contest was set up very much like a server environment: many unprivileged users doing their own thing on a single machine. with that said, shouldn't it be reasonable to expect that none of the users can perform a privilege escalation attack and gain root access to deface the site?

what this test really proves is that privilege escalation attacks are possible with Macs (a true bug). the really interesting thing here is how the attack was performed, and how should we protect against it until Apple releases a patch.

nevertheless, i still love my PowerBook 12" and the two PowerMacs. =)

MacGeek50
Fresh-Faced Recruit

Joined: Mar 2006

0

03/06, 09:34pm | report spam | close Reply |
Has anybody noticed???

since Apple started producing Intel Macs the FUD about Apple has increased 100 fold. I think it's nuts. The stupidity and the craziness of the FUD is amazing, but it's working. Basically XP is a piece of c*** OS and the FUD is coming out that MAC OSX is not as secure as Windows XP. All the FUDsters are out and pumping out stupid articles right and left. ZD Net and CNET are the worst but it's even spread to some major news sources. At first I thought it was me, but it's not. Microsoft must be running scared or they are mounting a head on FUD attack and it was planned since the Intel Mac announcement. It seems that the ferocity of the attack is worse than any the Mac community has seen since they all but assasinated the Mac in the 90s. Apple was better then and is better now. I guess they are afraid.

mmmdoughnuts
Fresh-Faced Recruit

Joined: Feb 2006

0

03/06, 10:06pm | report spam | close Reply |
One has to wonder

what kind of people run security audits in Redmond. This kind of omission is exactly why MS can't be trusted.

http://news.yahoo.com/s/pcworld/20060306/tc_pcworld/124978

BTW. This article replaced the one referencing the OS X 'hack'.

Gabriel Morales

Joined:

0

03/07, 03:19am | report spam | close Reply | delete
Details, details, details

The devil is in the details, folks. Honestly MacNN, you call this news?... it almost seems like you have an agenda, or at least, are being pawns to others' agendas against the Mac.

JoeE
Fresh-Faced Recruit

Joined: Feb 2006

0

03/08, 01:02am | report spam | close Reply |
FUD

FUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUDFUD

What you see as FUD is seen as a healthy dose of reality by others.

Please stop using FUD as a scapegoat.

Show More Comments

Login Here

toggle

Network Headlines

05/28	Absinthe jailbreak downloaded 1.1 million...
05/26	Apple updates iOS 5.1.1 release for...
05/25	Sotheby to auction Jobs Atari memo,...
05/25	Apple hiring new chip engineers for...
05/25	Third-gen iPad coming to Philippines...

Show All

05/28	Absinthe jailbreak downloaded 1.1 million...
05/27	Manufacturing problems delay blue Samsung...
05/25	Sotheby to auction Jobs Atari memo,...
05/25	Apple to integrate Baidu search into...
05/25	Google picks up webOS Enyo team, Open...

Show All

05/25	Sotheby to auction Jobs Atari memo,...
05/23	Google launches redesigned Search app...
05/22	Leaked next-gen iPod touch part hints...
05/22	Hulu Plus updates with iPad Retina...
05/22	TiVo Stream to push TV to iPhones,...

Show All

03/02	Save $330 on refurb. 15.4-inch, 2.4GHz...
03/01	Pre-owned 8GB iPod touch 2G, drops...
02/29	$150 off Nikon Coolpix S80 Compact...
02/28	Plantronics BackBeat 903 Bluetooth...
02/27	Refurb. Seagate 1.5TB GoFlex Portable...

Show All

toggle

Mac OS X hacker gains control in 30 min

updated 09:50 am EST, Mon March 6, 2006

Mac OS X compromised

Related Articles

Recent Articles

What Mac did he gain cont

You're Not Saying ...

Article VERY misleading

cool hack

bogus

what the h***?

cracker??

Not even close

Is it April Fools already

Does anyone turn on SSH?

SSH

re:

re: ssh

Strong Admin Password

It's the end I tells Ya

It's BS

Update the main story!

More of the same...

gain control in 30 min.

Contest back up again.

Scared!

get a life in 30 min

shame on Macnn

Missing a point

Tell ZNET OZ

no points missed

Re: no points missed

Not the whole truth...

How about a real analysis

Not a hacker with local a

valid test, real bug...

Has anybody noticed???

One has to wonder

Details, details, details

FUD

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace