Man, that's gotta be some kinda record
- Krom
- DBB Database Master
- Posts: 16137
- Joined: Sun Nov 29, 1998 3:01 am
- Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
- Contact:
Not really surprising, security through obscurity is no security at all. Anything as complex as a whole operating system is going to be full of holes, Microsoft gets all the attention but nobody else is really any better at it. Other operating systems might even be worse then Windows because they don't get the same level of attention. It wouldn't surprise me if Windows was harder to crack at default settings with only the latest patches installed then any other comsumer level OS, assuming you didn't do anything stupid like leave the admin account with no password.
I am surprised it took that long. We have some MAC OSX boxes at work and we found a bug at the login screen. While you are at the login screen the running user is system, so if you type in \" >command \" at the login screen for user name you get a shell with system privilages. Very close to the windows exploite useing the sticky key feature at the login screen. The sad part is MAC OSX is more or less Free BSD. These problems really should not exist.
- Lothar
- DBB Ghost Admin
- Posts: 12133
- Joined: Thu Nov 05, 1998 12:01 pm
- Location: I'm so glad to be home
- Contact:
Mac is not really that secure, despite what mac zealots often say.
Neither is Linux. Back when I handled security for my company servers, I saw just as many probes for Linux-based bugs as Windows-based bugs.
OpenBSD is pretty secure, though. For the most part, that's because it installs with everything turned off -- so even if some particular protocol is insecurely implemented, the only way it can be exploited is if you choose to turn it on.
Neither is Linux. Back when I handled security for my company servers, I saw just as many probes for Linux-based bugs as Windows-based bugs.
OpenBSD is pretty secure, though. For the most part, that's because it installs with everything turned off -- so even if some particular protocol is insecurely implemented, the only way it can be exploited is if you choose to turn it on.
OS X runs arbitrary code on boot
OS X isn't UNIX. It's got parts of some BSDs in there and some ported/cross-compiled userland stuff, but the kernel is Mach and a lot of other stuff is GNU. They also wrote their own init daemon which is the reason for the above exploit.
Cuda, the reason for that is so you can use the command line repair utils if your machine is screwed up. Kinda like the FIXME single-user root shell most *NIX distros use out of the box in case fsck finds an unrecovrable error on boot.
OS X isn't UNIX. It's got parts of some BSDs in there and some ported/cross-compiled userland stuff, but the kernel is Mach and a lot of other stuff is GNU. They also wrote their own init daemon which is the reason for the above exploit.
Cuda, the reason for that is so you can use the command line repair utils if your machine is screwed up. Kinda like the FIXME single-user root shell most *NIX distros use out of the box in case fsck finds an unrecovrable error on boot.
Privilege escalation = big problem. All the Mac addicts are vehemently (and wrongly) claiming that this isn't a true security breach. Apparently these people don't realize that one-step attacks are a thing of the distant past; modern attacks involve multiple stages, including but not limited to getting access to a local account (phishing, rainbow tables, holes in SSH server, etc) and privilege escalation. This guy did the most critical of those steps.