The Forum Site - Join the conversation
Forums:
Politics

Mac hacking competition winner mocks Apple security

Reply to Topic
AuthorMessage
shaggyjebus On August 26, 2008

Deleted



Goodlettsville, Tennessee
#1New Post! Mar 07, 2006 @ 21:09:22
Are you sure you want a Mac?

https://news.zdnet.co.uk/software/mac/0,39020393,39256036,00.htm

It took the winner of the 'rm-my-mac' competition 30 minutes to gain root control of a Mac Mini using an unpatched OSX exploit

Gaining root access to a Mac is "easy pickings", according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On 22 February, the Sweden-based Mac enthusiast set up his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Participants were given local client access to the target computer and invited to try their luck.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later, this poor little Mac was owned, and this page got defaced."

The hacker who won the challenge, who asked ZDNet UK sister site ZDNet Australia to identify him only as Gwerdna, said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits ? of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.

According to Gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

"The rm-my-mac challenge was set up similar to how you would have a Mac acting as a server ? with various remote services running and local access to users... There are various Mac OS X-hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access. There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches ? good examples for Linux are the PaX patch and the Grsecurity patches. They provide numerous hardening options on the system and implement nonexecutable memory, which prevent memory-based corruption exploits," Gwerdna said.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," Gwerdna added.

OS X has come under fire in recent weeks with the appearance of two pieces of malware and a number of serious security flaws, which have since been patched by the Mac maker.

In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common Unix platforms... If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," Archibald said at the time.

An Apple Australia representative said on Monday that the company was unable to comment at this stage. Representatives at Apple's Cupertino, California, headquarters could not be reached for comment.
jonnythan On August 02, 2014
Bringer of rad mirth


Deleted



Here and there,
#2New Post! Mar 07, 2006 @ 21:16:04
I posted this in the "big question" thread because that's where the topic of OS X security came up.

It's important to note that the cracker had local user access, but he was still able to elevate himself to root and modify files he did not previously have access to.

Looks like it's the perfect validation for everything I was saying in that thread that the 15 year old contingent accused me of being a liar over
nothinsnew On September 15, 2009

Deleted



The Coast, Australia
#3New Post! Mar 07, 2006 @ 21:22:37
@jonnythan Said
I posted this in the "big question" thread because that's where the topic of OS X security came up.

It's important to note that the cracker had local user access, but he was still able to elevate himself to root and modify files he did not previously have access to.

Looks like it's the perfect validation for everything I was saying in that thread that the 15 year old contingent accused me of being a liar over


I'd like to read these threads you speak of. Care to put some links in here?
jonnythan On August 02, 2014
Bringer of rad mirth


Deleted



Here and there,
#4New Post! Mar 07, 2006 @ 22:16:25
https://www.theforumsite.com/forum.php?t=20083&nh=0
plasmicblast On October 04, 2007




Suburb of Rochester, New York
#5New Post! Mar 08, 2006 @ 22:01:02
HAHAHAHA shows how much are school is cheap. Are school is always cold, cancelled are field trips and WE HAVE MACS. But, we are swirching to IBM's next year!YAY!I hate my school, but i love my friends...
jonnythan On August 02, 2014
Bringer of rad mirth


Deleted



Here and there,
#6New Post! Mar 08, 2006 @ 22:08:04
Um... Macs are more expensive than PC's and, in general, offer a far superior and more consistent user experience. They are also significantly more secure and safer.

IBM doesn't even make machines anymore.. the Chinese company Lenovo makes all IBM branded PC's in China and they are farily middle of the road quality.
Reply to Topic<< Previous Topic | Next Topic >>

1 browsing (0 members - 1 guest)

Quick Reply
Politics Forum - Some Rudeness Allowed

      
Subscribe to topic prefs

Similar Topics
    Forum Topic Last Post Replies Views
New posts   Technology & Internet
Tue Jun 15, 2010 @ 10:04
1 527
New posts   PCs
Wed Jun 03, 2009 @ 08:10
44 3906
New posts   Photography
Sun Jan 04, 2009 @ 06:36
1 520
New posts   Apple Computers
Mon Nov 03, 2008 @ 16:08
4 1398
New posts   Technology & Internet
Thu Nov 15, 2007 @ 12:02
6 452