Mac OS X hacked under 30 minutes

Status
Not open for further replies.
i saw that on slashdot. i'm sure apple doesnt like the guy who put this contest up in the first place.
 
Now apple knows what MS has gone though - not so easy now is it Mr.Jobs - a little too confident in your precious OS.....

What is funny is was Job's offering like $10k for anyone that could hack into the O/S and everyone always said no one could do it, or had done it ever since he made that offer ? As some said, if someone was able to hack it, i am sure Jobs would not let it get known public.
 
It should be noted that everyone who wanted was given local access to the Mini itself... That makes hacking it considerably easier.

I'd like to see the test done again with a fully locked down machine. I'm not saying that it couldn't be done but it would make for a better real-world representation of OSX's security.
 
Uh, yeah, this is bullshit. A default install of OS X is about a hundred thousand times more secure than his setup. No need to cry wolf over this.
 
Black Morty Rackham said:
Uh, yeah, this is bullshit. A default install of OS X is about a hundred thousand times more secure than his setup. No need to cry wolf over this.

The guy was using vanilla OSX as a server and allowing people local access...

Try that trick with OSX Server and see if it works. I doubt it will.
 
As someone on the Mach Ach said:
Yeah, it's so easy to hack, didn't you know?

I mean, if you have a local account on a completely unsecured box.

You know.

That's really l33t. Local exploits ftw.
 
90% of people don't do what they should to secure their box though. That is the issue. If people kept their windows or mac computers updated and locked down like they should the majority of viruses wouldn't do much of anything.

The fact is that the people who said that osx was less vulnerable to virus and hacking were simply not right. osx has always been less of a target, and that is it.
 
MrGuvernment said:
Now apple knows what MS has gone though - not so easy now is it Mr.Jobs - a little too confident in your precious OS.....

What is funny is was Job's offering like $10k for anyone that could hack into the O/S and everyone always said no one could do it, or had done it ever since he made that offer ? As some said, if someone was able to hack it, i am sure Jobs would not let it get known public.


That sounds like something he said 10 or so years ago. A company did sponser a contest to hack a Mac server, and no one was able to do it. Thousands upon thousands of hits, and no one could get through.
 
Rocketpig said:
It should be noted that everyone who wanted was given local access to the Mini itself... That makes hacking it considerably easier.

I'd like to see the test done again with a fully locked down machine. I'm not saying that it couldn't be done but it would make for a better real-world representation of OSX's security.

And how many locked down Windows XP machines have been hacked? 99% of virius infections/exploits are due to ignorant users who don't perform updates, don't know what antivirus or a firewall is, and generally don't know jack about computers. I've found people still running on Windows XP vanilla or Service Pack 1. Its not like Service Pack 2 isn't in your face constantly, but most people don't understand the importance of these updates. Heck, one of my friends thought Windows Update was just, "Microsoft trying to sell me upgrades and stuff"

Look at most outbreaks that get advertised on the news. You'll find at least 60% of them involve a security hole Microsoft patched several months to a year ago, but everyone lags behind to patch. As Jobs will soon find out, getting the masses to update is a double edge sword. You can't rely on customers to do it manually, but you can't do it automatically, as the general user base is paranoid and tight on their policy, and any action taken on their computer without their permission will freak them out.

Edit: I see TheTMan already stated my point, but I've made additional ones.
 
BBowermaster said:
And how many locked down Windows XP machines have been hacked? 99% of virius infections/exploits are due to ignorant users who don't perform updates, don't know what antivirus or a firewall is, and generally don't know jack about computers. I've found people still running on Windows XP vanilla or Service Pack 1. Its not like Service Pack 2 isn't in your face constantly, but most people don't understand the importance of these updates. Heck, one of my friends thought Windows Update was just, "Microsoft trying to sell me upgrades and stuff"

Look at most outbreaks that get advertised on the news. You'll find at least 60% of them involve a security hole Microsoft patched several months to a year ago, but everyone lags behind to patch. As Jobs will soon find out, getting the masses to update is a double edge sword. You can't rely on customers to do it manually, but you can't do it automatically, as the general user base is paranoid and tight on their policy, and any action taken on their computer without their permission will freak them out.

Edit: I see TheTMan already stated my point, but I've made additional ones.

The guy actually went in and opened up several features that are natively turned off in OSX. It's hardly a fair comparison to default Windows setups getting hacked on a regular basis.

To be fair though, most Windows "hacks" involve a considerable amount of user stupidity. I never even run any anti-virus software on my XP machine. I just don't do stupid things with it (like run as admin, just one HUGE case of user stupidity).
 
TheTMan said:
90% of people don't do what they should to secure their box though. That is the issue. If people kept their windows or mac computers updated and locked down like they should the majority of viruses wouldn't do much of anything.

The fact is that the people who said that osx was less vulnerable to virus and hacking were simply not right. osx has always been less of a target, and that is it.
See, here's the thing: in order to make OS X unsecure, you have to manually do stuff yourself!
 
TheTMan said:
90% of people don't do what they should to secure their box though. That is the issue. If people kept their windows or mac computers updated and locked down like they should the majority of viruses wouldn't do much of anything.

The fact is that the people who said that osx was less vulnerable to virus and hacking were simply not right. osx has always been less of a target, and that is it.
Exactly it isnt like OSX is a major target like Windows is. The majority of attacks are written for MS products as, they are the most widely used OSes. That and, every hacker likes to piss in Bills Wheatties.
 
Anything that is too popular gets hacked up, like IE, and anything that isn't too popular typically doesn't, like Firefox. Just the way things are.
 
Leon2ky said:
Anything that is too popular gets hacked up, like IE, and anything that isn't too popular typically doesn't, like Firefox. Just the way things are.

If you think that's the reason Firefox doesn't get hacked whilst IE does, you're sadly, sadly mistaken.
 
I think that many hackers are anti-establishment so they target "the man" ie microsoft, and leave less popular things alone. Also, many hackers that make malicious viruses want attention, so they go after the thing that will make the biggest news. If they hack a macintosh, it will make news on slashdot,... if they find a big hole in an ms program, it can make huge news because of the widespread use of ms products.

To deny that popularity isn't a huge factor in target selection for hackers is ignorant.
 
It makes me absolutley LIVID when I see the words in this thread title. Mac OS X was NOT hacked in under 30 minutes. SSH was enabled on the server, and anyone could make a shell account. A "hacker" with half a brain could gain root easily in 30 minutes using the exploit that he did. It's a joke to claim that OS X was hacked. This was NOT a test of operating system vulerabilities. UGGHHHHHhhh.
 
The fact is that the people who said that osx was less vulnerable to virus and hacking were simply not right. osx has always been less of a target, and that is it.
i hate every macOS i've ever used, but you are completely wrong. it is less of a target, but nowhere near as vulnerable as a windows machine.
 
santaliqueur said:
i hate every macOS i've ever used, but you are completely wrong. it is less of a target, but nowhere near as vulnerable as a windows machine.

How do we know?
 
Rocketpig said:
If you think that's the reason Firefox doesn't get hacked whilst IE does, you're sadly, sadly mistaken.

It's one of the major reason, yes...
 
santaliqueur said:
i hate every macOS i've ever used, but you are completely wrong. it is less of a target, but nowhere near as vulnerable as a windows machine.
just kind of curious to hear which OSs you have used? I hated OS9 but love OSX...sort of like comparing DOS to XP

 
gigglebyte said:
just kind of curious to hear which OSs you have used? I hated OS9 but love OSX...sort of like comparing DOS to XP

For me it's the opposite. I was a big fan of OS9, but just can't get into using OSX...
 
Leon2ky said:
Anything that is too popular gets hacked up, like IE, and anything that isn't too popular typically doesn't, like Firefox. Just the way things are.

that's really unaccurate

and it just so happens that all this security stuff with IE6 and Firefox is all a load of imaginery bluff...you'll soon find out that Firefox isn't any more secure than IE6, and the reason people seemed to think it was was because of a popup blocker and unexpressed security (mainly, the rest was probably just rumors :p) (and at that time when Firefox caught up the security was when there were a few key problems with IE, security now patched though)

pretty much all browsers are on the same security page at this point, just depends which one blocks popups best and which one you like - I like Avant Browser and for teh old dell i use Opera (did use Firefox - good browser)

AppaYipYip said:
It makes me absolutley LIVID when I see the words in this thread title. Mac OS X was NOT hacked in under 30 minutes. SSH was enabled on the server, and anyone could make a shell account. A "hacker" with half a brain could gain root easily in 30 minutes using the exploit that he did. It's a joke to claim that OS X was hacked. This was NOT a test of operating system vulerabilities. UGGHHHHHhhh.

there'd we'd go'd

TheTMan said:
How do we know?

because people spend more time looking for exploits in MS, and people would rather hack MS, and MS computers have more viruses floating around....

but we know MS is more vunerable b/c we've seen it, maybe not the OS itself, but the way it is treated - your computer is more vunerable on MS then a mac...mostly because of the lack of viruses for macs

(but maybe not the OS itself, maybe if mac had twice as many users as MS does things would be different..for everything)
 
HopePoisoned said:
because people spend more time looking for exploits in MS, and people would rather hack MS, and MS computers have more viruses floating around....

but we know MS is more vunerable b/c we've seen it, maybe not the OS itself, but the way it is treated - your computer is more vunerable on MS then a mac...mostly because of the lack of viruses for macs

(but maybe not the OS itself, maybe if mac had twice as many users as MS does things would be different..for everything)

That has nothing to do with how *vulnerable* the OS is. That has to do with how big of a target it is.

Thats the same thing as saying that a person that lives in a nuclear reactor is more *vulnerable* to radiation than a person that lives on a farm, because he gets radiation poisoning.

The number of virus attacks doesn't necessarily have anything at all to do with system integrity.

Disclaimer: I am not anti-osx or anything like that, but good god, be fair and reasonable people. I am also not saying that the "hacking" that this thread was based on is legit.
 
TheTMan said:
That has nothing to do with how *vulnerable* the OS is. That has to do with how big of a target it is.

Thats the same thing as saying that a person that lives in a nuclear reactor is more *vulnerable* to radiation than a person that lives on a farm, because he gets radiation poisoning.

The number of virus attacks doesn't necessarily have anything at all to do with system integrity.

Disclaimer: I am not anti-osx or anything like that, but good god, be fair and reasonable people. I am also not saying that the "hacking" that this thread was based on is legit.

vul·ner·a·ble - Susceptible to attack:

your computer is more vulnerable if it has XP than if it were to have OSX. whether or not OSX is easier to hack or not, and I made very clear that I meant the computer and not the ability to be hacked

if you read what i said:

but maybe not the OS itself

referring to OSX's less "vulnerability"
 
i've actively used every version of windows since 3.1. i recently (a year ago) made the switch to linux, where i've used probably 5 distros, and i quickly settled on suse.

regarding mac's OSes, i took a few photoshop classes and was forced to use OSX, i absolutely hated it. also, the only lab on campus with mathematica is a mac lab, and i took a math class in there, where i was put through more mac hell. i just dont like the interface at all.

before i had any experience with linux, i figured the reason macs were less affected by worms and viruses were that they were less popular. only when i realized the OSes were based on unix is when i knew it was internally more secure. but the fact this guy "hacked" OSX means nothing to me. even freeBSD would be insecure if you open up ssh and give users accounts.

gigglebyte said:
just kind of curious to hear which OSs you have used? I hated OS9 but love OSX...sort of like comparing DOS to XP

 
HopePoisoned said:
vul·ner·a·ble - Susceptible to attack:

your computer is more vulnerable if it has XP than if it were to have OSX. whether or not OSX is easier to hack or not, and I made very clear that I meant the computer and not the ability to be hacked

if you read what i said:

referring to OSX's less "vulnerability"

If you would read what I said, you would realize that what you are saying is wrong. Sure, if your computer has XP on it is more *likely* to be attacked, because there are more viruses that attack xp. You are not necessarily more *vulnerable*.

As you said, vulnerable means susceptible to attack. Susceptible means that it is especially unable to defend against attack.

We know that XP is susceptible to attack, so it is vulnerable. OSX has never been attacked on a scale anywhere close to what XP has experienced, hence... we do not KNOW if OSC is *actually* less susceptible or vulnerable to virus attacks.

You may be right, but your logic and definitions are all wrong.
 
AppaYipYip said:
It makes me absolutley LIVID when I see the words in this thread title. Mac OS X was NOT hacked in under 30 minutes. SSH was enabled on the server, and anyone could make a shell account. A "hacker" with half a brain could gain root easily in 30 minutes using the exploit that he did. It's a joke to claim that OS X was hacked. This was NOT a test of operating system vulerabilities. UGGHHHHHhhh.
Granted, local access helps (and a good majority of system compromises happen due to privilege escalation exploits of common applications), but I'd be interested to know what exploit was used. If it was something that can be done remotely without a local account (which is what was hinted at in the article), then yes, OS X (or something packaged with it) was hacked. Heaven forbid you want to enable SSH...I mean, I like to be able to connect to my machines without RDP and the like...You know, to get work done.
 
Let's clarify: I said that IE gets hacked more than Firefox because it is more popular. Truth be told IE is more secure than Firefox, but that's because it's been ripped to shreds so many times it isn't even funny.

Lemme Reiterate:
Windows Popularity = High | Hack Rate = High
Macintosh Popularity = Mid-Low | Hack Rate = Mid to Low

Result: Windows has more security than mac but only because it's vulnerabilities have been made public on more than 100 occasions, while it isn't quite the same story for a mac.
 
Leon2ky said:
Let's clarify: I said that IE gets hacked more than Firefox because it is more popular. Truth be told IE is more secure than Firefox, but that's because it's been ripped to shreds so many times it isn't even funny.

Lemme Reiterate:
Windows Popularity = High | Hack Rate = High
Macintosh Popularity = Mid-Low | Hack Rate = Mid to Low

Result: Windows has more security than mac but only because it's vulnerabilities have been made public on more than 100 occasions, while it isn't quite the same story for a mac.
What does that have to do with anything?
 
Meanwhile, the new challenge has been going on for a day and several hours. Not so easy when you're not being handed the keys to the door, huh? :rolleyes:
 
Leon2ky said:
Let's clarify: I said that IE gets hacked more than Firefox because it is more popular. Truth be told IE is more secure than Firefox, but that's because it's been ripped to shreds so many times it isn't even funny.

Lemme Reiterate:
Windows Popularity = High | Hack Rate = High
Macintosh Popularity = Mid-Low | Hack Rate = Mid to Low

Result: Windows has more security than mac but only because it's vulnerabilities have been made public on more than 100 occasions, while it isn't quite the same story for a mac.

The truth is that no one really knows how secure osx is for exactly that reason. There is a good chance that XP is more secure now. I haven't heard of anything huge happening with an attach against xp like they did in the early days. Thats why people like xp as much as they do.
 
Status
Not open for further replies.
Back
Top