[fc-discuss] Financial Cryptography Update: ThreatWatch - the Mac gets hacked
iang@iang.org
iang@iang.org
Tue, 7 Mar 2006 19:49:11 +0000 (GMT)
((( Financial Cryptography Update: ThreatWatch - the Mac gets hacked )))
March 07, 2006
------------------------------------------------------------------------
https://www.financialcryptography.com/mt/archives/000674.html
------------------------------------------------------------------------
More substantial evidence that Mac OS X has a real problem with
security has surfaced. In the interests of fairness and seeing my own
predictions bite the dust, here's the news:
http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_under_30_minu
tes/0,2000061744,39241748,00.htm
========8<===========8<=======
On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a
server and invited hackers to break through the computer's security and
gain root control, which would allow the attacker to take charge of the
computer and delete files and folders or install applications.
Participants were given local client access to the target computer and
invited to try their luck.
Within hours of going live, the "rm-my-mac" competition was over. The
challenger posted this message on his Web site: "This sucks. Six hours
later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked ZDNet Australia to
identify him only as "gwerdna", said he gained root control of the Mac
in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box.
Initially I tried looking around the box for certain mis-configurations
and other obvious things but then I decided to use some unpublished
exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet
Australia .
==========>8===========>8=====
Yowsa! Some work to do, guys! Maybe we're all back to OpenBSD
again...
--
Powered by Movable Type
Version 2.64
http://www.movabletype.org/