• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
AUGD: Mac hack in 30 minutes = bogus
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AUGD: Mac hack in 30 minutes = bogus


  • Subject: AUGD: Mac hack in 30 minutes = bogus
  • From: michael briney <email@hidden>
  • Date: Tue, 7 Mar 2006 00:27:19 -0600

"Mac OS Hacked in 30 minutes = Bogus"

In response to the woefully misleading ZDnet article, Mac OS X hacked under 30 minutes, the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). Yes, there are local privilege escalation vulnerabilities; likely some that are "unpublished". But this machine was not hacked from the outside just by being on the Internet. It was hacked from within, by someone who was allowed to have a local account on the box. That is a huge distinction.

...this machine was not hacked from the outside just by being on the Internet...


New Challenge issued!!!

The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac Mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open. Email email@hidden if you feel you have met the requirements, along with the mechanism used. The mechanism will then be reported to Apple and/or the entities responsible for the component(s). Mac OS X is not invulnerable. It, like any other operating system, has security deficiencies in various aspects of the software. Some are technical in nature, and others lend themselves to social engineering trickery. However, the general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: AUGD: Mac hack in 30 minutes = bogus
      • From: "Mr. David Stempnakowski" <email@hidden>
    • Re: AUGD: Mac hack in 30 minutes = bogus
      • From: "Jo 'Mangee' Booth" <email@hidden>
  • Prev by Date: AUGD: Mug InfoManager for Monday, March 6, 2006
  • Next by Date: Re: AUGD: Mac hack in 30 minutes = bogus
  • Previous by thread: AUGD: Mug InfoManager for Monday, March 6, 2006
  • Next by thread: Re: AUGD: Mac hack in 30 minutes = bogus
  • Index(es):
    • Date
    • Thread