Man, that's gotta be some kinda record

Pyro Pilots Lounge. For all topics *not* covered in other DBB forums.

Moderators: fliptw, roid

Post Reply
User avatar
Ferno
DBB Commie Anarchist Thug
DBB Commie Anarchist Thug
Posts: 15163
Joined: Fri Nov 20, 1998 3:01 am

Man, that's gotta be some kinda record

Post by Ferno »

heooge link

a mac hacked in less than thirty minutes. oof.
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16137
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

Not really surprising, security through obscurity is no security at all. Anything as complex as a whole operating system is going to be full of holes, Microsoft gets all the attention but nobody else is really any better at it. Other operating systems might even be worse then Windows because they don't get the same level of attention. It wouldn't surprise me if Windows was harder to crack at default settings with only the latest patches installed then any other comsumer level OS, assuming you didn't do anything stupid like leave the admin account with no password. :P
User avatar
Ferno
DBB Commie Anarchist Thug
DBB Commie Anarchist Thug
Posts: 15163
Joined: Fri Nov 20, 1998 3:01 am

Post by Ferno »

lol

this just blows the 'macs are more secure' argument right out of the water.
User avatar
DCrazy
DBB Alumni
DBB Alumni
Posts: 8826
Joined: Wed Mar 15, 2000 3:01 am
Location: Seattle

Post by DCrazy »

The machine (a Mac Mini) probably wasn't running OS X Server. So Apple will hide behind \"servers should run OS X Server\" to try and dodge this quite frankly lethal bullet. Quite a shame that the Mac-thumpers won't see this as an exposure of their brainwashing and hypocrisy.
User avatar
Stryker
DBB Admiral
DBB Admiral
Posts: 1103
Joined: Sat Jun 12, 2004 7:58 am
Contact:

Post by Stryker »

Thanks for that link--the comments made my day!
Cuda68
DBB Captain
DBB Captain
Posts: 745
Joined: Mon Jul 09, 2001 2:01 am
Location: Denver, CO USA
Contact:

Post by Cuda68 »

I am surprised it took that long. We have some MAC OSX boxes at work and we found a bug at the login screen. While you are at the login screen the running user is system, so if you type in \" >command \" at the login screen for user name you get a shell with system privilages. Very close to the windows exploite useing the sticky key feature at the login screen. The sad part is MAC OSX is more or less Free BSD. These problems really should not exist.
User avatar
Money!
DBB Captain
DBB Captain
Posts: 679
Joined: Sun Sep 11, 2005 10:15 pm

Post by Money! »

Is the link gone? Or is my comp fukked up? Either way, this sounds interesting and the link didn't work.
Birdseye wrote:It's never over
User avatar
Lothar
DBB Ghost Admin
DBB Ghost Admin
Posts: 12133
Joined: Thu Nov 05, 1998 12:01 pm
Location: I'm so glad to be home
Contact:

Post by Lothar »

Mac is not really that secure, despite what mac zealots often say.

Neither is Linux. Back when I handled security for my company servers, I saw just as many probes for Linux-based bugs as Windows-based bugs.

OpenBSD is pretty secure, though. For the most part, that's because it installs with everything turned off -- so even if some particular protocol is insecurely implemented, the only way it can be exploited is if you choose to turn it on.
User avatar
Isaac
DBB Artist
DBB Artist
Posts: 7737
Joined: Mon Aug 01, 2005 8:47 am
Location: 🍕

Post by Isaac »

It's going to be fun when your brain and computer are meshed...
User avatar
DCrazy
DBB Alumni
DBB Alumni
Posts: 8826
Joined: Wed Mar 15, 2000 3:01 am
Location: Seattle

Post by DCrazy »

OS X runs arbitrary code on boot

OS X isn't UNIX. It's got parts of some BSDs in there and some ported/cross-compiled userland stuff, but the kernel is Mach and a lot of other stuff is GNU. They also wrote their own init daemon which is the reason for the above exploit.

Cuda, the reason for that is so you can use the command line repair utils if your machine is screwed up. Kinda like the FIXME single-user root shell most *NIX distros use out of the box in case fsck finds an unrecovrable error on boot.
User avatar
Paul
DBB Ace
DBB Ace
Posts: 73
Joined: Tue Jan 10, 2006 5:15 pm
Location: Ann Arbor, MI, USA
Contact:

Post by Paul »

One thing to note, though, is that everyone was given local access... it wasn't a remote exploit.
Differentiation is an integral part of calculus.
User avatar
Topher
DBB Alumni
DBB Alumni
Posts: 3545
Joined: Thu Nov 05, 1998 12:01 pm
Location: New York
Contact:

Post by Topher »

How does that make a difference? If it's meant to be a server then there are going to be lots of people with local access. It's a security hole no matter which way you look at it.
User avatar
DCrazy
DBB Alumni
DBB Alumni
Posts: 8826
Joined: Wed Mar 15, 2000 3:01 am
Location: Seattle

Post by DCrazy »

Privilege escalation = big problem. All the Mac addicts are vehemently (and wrongly) claiming that this isn't a true security breach. Apparently these people don't realize that one-step attacks are a thing of the distant past; modern attacks involve multiple stages, including but not limited to getting access to a local account (phishing, rainbow tables, holes in SSH server, etc) and privilege escalation. This guy did the most critical of those steps.
User avatar
Pandora
DBB Admiral
DBB Admiral
Posts: 1715
Joined: Thu Feb 10, 2000 3:01 am
Location: Bangor, Wales, UK.

Post by Pandora »

Although i am probably a 'Mac Zealot' i agree with DCrazy. My problem with this report is - at the moment - that i just don't know if is true. Details about the hack and confirmational information from other sources is missing as of yet ... so let's wait and see...
Post Reply