DescentBB

heooge link

a mac hacked in less than thirty minutes. oof.

Not really surprising, security through obscurity is no security at all. Anything as complex as a whole operating system is going to be full of holes, Microsoft gets all the attention but nobody else is really any better at it. Other operating systems might even be worse then Windows because they don't get the same level of attention. It wouldn't surprise me if Windows was harder to crack at default settings with only the latest patches installed then any other comsumer level OS, assuming you didn't do anything stupid like leave the admin account with no password.

lol

this just blows the 'macs are more secure' argument right out of the water.

The machine (a Mac Mini) probably wasn't running OS X Server. So Apple will hide behind \"servers should run OS X Server\" to try and dodge this quite frankly lethal bullet. Quite a shame that the Mac-thumpers won't see this as an exposure of their brainwashing and hypocrisy.

Thanks for that link--the comments made my day!

I am surprised it took that long. We have some MAC OSX boxes at work and we found a bug at the login screen. While you are at the login screen the running user is system, so if you type in \" >command \" at the login screen for user name you get a shell with system privilages. Very close to the windows exploite useing the sticky key feature at the login screen. The sad part is MAC OSX is more or less Free BSD. These problems really should not exist.

Is the link gone? Or is my comp fukked up? Either way, this sounds interesting and the link didn't work.

Mac is not really that secure, despite what mac zealots often say.

Neither is Linux. Back when I handled security for my company servers, I saw just as many probes for Linux-based bugs as Windows-based bugs.

OpenBSD is pretty secure, though. For the most part, that's because it installs with everything turned off -- so even if some particular protocol is insecurely implemented, the only way it can be exploited is if you choose to turn it on.

It's going to be fun when your brain and computer are meshed...

OS X runs arbitrary code on boot

OS X isn't UNIX. It's got parts of some BSDs in there and some ported/cross-compiled userland stuff, but the kernel is Mach and a lot of other stuff is GNU. They also wrote their own init daemon which is the reason for the above exploit.

Cuda, the reason for that is so you can use the command line repair utils if your machine is screwed up. Kinda like the FIXME single-user root shell most *NIX distros use out of the box in case fsck finds an unrecovrable error on boot.

One thing to note, though, is that everyone was given local access... it wasn't a remote exploit.

How does that make a difference? If it's meant to be a server then there are going to be lots of people with local access. It's a security hole no matter which way you look at it.

Privilege escalation = big problem. All the Mac addicts are vehemently (and wrongly) claiming that this isn't a true security breach. Apparently these people don't realize that one-step attacks are a thing of the distant past; modern attacks involve multiple stages, including but not limited to getting access to a local account (phishing, rainbow tables, holes in SSH server, etc) and privilege escalation. This guy did the most critical of those steps.

Although i am probably a 'Mac Zealot' i agree with DCrazy. My problem with this report is - at the moment - that i just don't know if is true. Details about the hack and confirmational information from other sources is missing as of yet ... so let's wait and see...