Re: AUGD: Mac hack in 30 minutes = bogus
Re: AUGD: Mac hack in 30 minutes = bogus
- Subject: Re: AUGD: Mac hack in 30 minutes = bogus
- From: Joel Heflin <email@hidden>
- Date: Tue, 7 Mar 2006 03:27:31 -0600
The hack was not real. Look all over the net. They go into great
detail showing that every door was opened for the guy and he had to
do little work. He was given access to the computer, he didn't earn it.
On Mar 7, 2006, at 3:17 AM, Jo 'Mangee' Booth wrote:
On 7/03/2006, at 19:27 , michael briney wrote:
"Mac OS Hacked in 30 minutes = Bogus"
...
machine was not hacked from the outside just by being on the
Internet. It was hacked from within, by someone who was allowed to
have a local account on the box. That is a huge distinction.
...this machine was not hacked from the outside just by being on
the Internet...
mmm. I was having a play around on the former box last night. all
good. no much of a hacker, am I.
<http://mangee.livejournal.com/79913.html>
The 30 minute hack was real, I chatted with the guy that did it.
It just wasn't a remote root exploit -- it was a local root
exploit. Once you have a local account (from the remote exploit)
then yeah, 20 mins or so they say. One of the simplest ways of
getting a 'local' account is to ask someone who uses the machine
what their password is... and you can't really protect against
social engineering.
I would say a root privilege escalation from the inside is more of
a test of "Mac OS X" than an external attack on apache and ssh
which are the same on most internet facing servers - it may as well
be a linux box ;)
-Jo.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden