Re: AUGD: Mac hack in 30 minutes = bogus
Re: AUGD: Mac hack in 30 minutes = bogus
- Subject: Re: AUGD: Mac hack in 30 minutes = bogus
- From: "Jo 'Mangee' Booth" <email@hidden>
- Date: Tue, 7 Mar 2006 22:17:15 +1300
On 7/03/2006, at 19:27 , michael briney wrote:
"Mac OS Hacked in 30 minutes = Bogus"
...
machine was not hacked from the outside just by being on the
Internet. It was hacked from within, by someone who was allowed to
have a local account on the box. That is a huge distinction.
...this machine was not hacked from the outside just by being on
the Internet...
mmm. I was having a play around on the former box last night. all
good. no much of a hacker, am I.
<http://mangee.livejournal.com/79913.html>
The 30 minute hack was real, I chatted with the guy that did it. It
just wasn't a remote root exploit -- it was a local root exploit.
Once you have a local account (from the remote exploit) then yeah, 20
mins or so they say. One of the simplest ways of getting a 'local'
account is to ask someone who uses the machine what their password
is... and you can't really protect against social engineering.
I would say a root privilege escalation from the inside is more of a
test of "Mac OS X" than an external attack on apache and ssh which
are the same on most internet facing servers - it may as well be a
linux box ;)
-Jo.
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden