|
OS X hacked in under 30 minutes
03-06-2006, 11:54 AM
|
#1
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
|
OS X hacked in under 30 minutes
http://www.zdnet.com.au/news/securit...9241748,00.htm
Interesting article. I wasnt aware that OS X was that swiss cheese holey...
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
Re: OS X hacked in under 30 minutes
03-06-2006, 12:01 PM
|
#2
|
Thinks s/he gets paid by the post
Join Date: Jun 2005
Posts: 4,005
|
Re: OS X hacked in under 30 minutes
OS X = POS ?
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 12:06 PM
|
#3
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
|
Re: OS X hacked in under 30 minutes
Well, from what i understand one of the biggest problems with it is that it was derived from some older version of unix that didnt get all the good and more recent security fixes.
I was surprised a couple of times yesterday while doing some googling for baby toys to hit some goofy sites that try to invent their content based on your search, that my virus scanner picked up and stopped trojan/exploits that appeared on the pages. Havent had that sort of thing too much over the years, usually just stuff when I'm downloading 'questionable' applications and other executable content.
I wish they'd just make doing this stuff a basic felony and make it easy for people to report it for prosecution.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 03:28 PM
|
#4
|
Full time employment: Posting here.
Join Date: Feb 2006
Posts: 784
|
Re: OS X hacked in under 30 minutes
I don't know why they don't just make Apple a bunch of skins and some extra apps and stuff for Linux... the whole thing would be a helluva lot easier for them...
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 06:45 PM
|
#5
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2005
Location: Northern IL
Posts: 26,891
|
Re: OS X hacked in under 30 minutes
http://tinyurl.com/ovwc5
Turns out there were some non-default setups on that Mac OSX server. And remember, these were attacks on a server, not a client (like most of us are when we are on the web):
The web site author had enabled SSH, the Unix "Secure Shell" tool .... so that visitors to the site could add their own shell accounts to the system.
Needless to say, most web servers are not set up with the ability to give out free shell accounts to anyone who wants one. SSH is not even enabled by default on OS X, although server administrators can choose to do so if they wish. So the "hacking" contest was not very indicative of the security of an OS X computer, even a web server, that is set up open to the Internet.
... the real lesson from this contest should be this: security is a non-trivial problem, and simply choosing one operating system or platform over another does not automatically solve the problem with no further thinking required.
So, I'll keep my ears open for reports of actual attacks on users. Until then, I'm feeling pretty safe by just using common sense on the web.
-ERD50
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 06:50 PM
|
#6
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
|
Re: OS X hacked in under 30 minutes
Thats a good PR story, but the 'hacker' used a not well known hole in OSX to get his access. The SSH availability and the fact that it was a server werent relevant. He also said he had several other plausible approaches to get access if that one was closed.
I hope this isnt taken as some anti-mac attack. I just still keep hearing mac folks saying they dont need firewalls, virus scanners or spyware protection. Read the materials, follow the links, and act prudently.
Plus I havent had a good argument with ladelfina lately.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 07:07 PM
|
#7
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2005
Location: Northern IL
Posts: 26,891
|
Re: OS X hacked in under 30 minutes
Quote:
Originally Posted by Cute n' Fuzzy Bunny
I just still keep hearing mac folks saying they dont need firewalls, virus scanners or spyware protection. Read the materials, follow the links, and act prudently.
|
Well, I have enabled the firewall in OSX, I have a wireless router (which I understand provides some protection in and of itself), but currently, I don't feel any need for virus scanners or spyware protection on OSX. The only people that I know on OSX that do are the ones that are trying to avoid passing Windows viruses to other Windows users.
That could change in an instant though
Act prudently is a requirement indeed - phishing is something that can catch someone regardless of OS - heck, the bad guys can pull that one off over the telephone. No computer required. "Hello, this is your bank calling, and we noticed a problem in your account...."
-ERD50
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 07:33 PM
|
#8
|
Recycles dryer sheets
Join Date: Jan 2005
Posts: 60
|
Re: OS X hacked in under 30 minutes
While this story doesn't really affect me as I'm still using Windows 98 on an old Dell computer, I wonder about the reliability of the source(s) of this story. CFB has often warned us to look at who has a financial interest in whatever research or study is being touted. I'm not saying that it's not true or that Apple might not have security issues (as I'm the guy that still uses a rotary dial phone I realize technology matters are a bit out of my league ), but the article about this on Yahoo has a lot of quotes from a senior director with Symantec. And I think Symantec has stuff that they'd like to sell to Apple owners.
|
|
|
Re: OS X hacked in under 30 minutes
03-06-2006, 08:35 PM
|
#9
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
|
Re: OS X hacked in under 30 minutes
Its easy. Every complex machine, especially computers...have exploits and problems.
To think that because you paid extra or that the product is bulletproof or that security through obscurity is a good way to go...do so at your own peril.
In particular with the boatload of press lately on the macs relative obscurity and the low market share not drawing a lot of attention from hackers and whatnot, I would sense a great opportunity for some 15 year old to 'rise above the masses' and be the hacker who 'wiped out the mac community' overnight...
As far as the virus people having a financial angle...yep, you're right...but on the other hand I've never paid for a virus product and given that the virus companies offer essentially free upgrades every year...nobody needs to really buy it more than once.
And it is true that sometimes the virus s/w or firewall s/w itself can be a problem, and sometimes moreso than an errant virus itself. I'd rather my damage be self inflicted most of the time.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|