[iBook] Mac OS X hacked in less than 30 minutes

Jay Hill jayh at jalehill.com
Wed Mar 8 01:04:55 PST 2006


Turns out the Ivory Tower is pretty safe after all...In response to the
ZDNet OSX hacking article, the University of Wisconsin launched a 38 hour
competition in which hackers were invited to break into an Mac Mini
connected to the internet.

News of the competition showed up on Slashdot and Digg and traffic to the
Mini was very heavy-- almost 1/2 million hits in 38 hours!

There were NO successful access attempts during the test even thought the
Mini was under constant attack from web exploit scripts, ssh dictionary
attacks, Denial of Service Attacks and being scanned by hacking tools.

Turns out the original story that was published by ZDNet Australia is
totally bogus..

Check out the full story at http://test.doit.wisc.edu/

Jay


On 3/7/06 10:28 AM, "Wegener Media" <sales at wegenermedia.com> wrote:

> This is a nice point, albeit not relevant to the issue at hand. IN
> addition, the miss-communication about this "hacking" incident is
> only furthering the miss-information and hype.
> 
> 1.
> IF you do not allow user access to your ports, have file sharing
> turned off, use a firewall at all, you have VERY VERY VERY LOW
> visibility to outside users.
> 
> 2.
> The key factor in the notable "hacking" was NOT a standard
> internet-based hack, to which most PC users are accustomed. Please
> understand that the Aministrator of the Mac Mini CREATED a USER NAME,
> published his IP#, and allowed strangers connectivity to his machine
> (ie., opened ports to the internet).  In other words, he
> INTENTIONALLY CREATED A HACKER'S ACCOUNT on his Mac. The goal was not
> for them to create an account for themselves; that had already been
> done. The goal for them was to go from ALREADY having been given
> access to that computer, to being aable to fully control the computer.
> 
> By default, NONE of this is set to happen with your standard mac. In
> fact, most folks never ever create extra user accounts, never mind
> allowing others to access their computer via a user account.
> 
> While this doesn't mean that Mac's are somehow impervious to hacking,
> the widely celebrated 'hack' had more to do with a controlled (and
> authorized) access issue than it did "hacking" of  a computer over
> the web.
> 
> 
>> Now lets not get into the "why would anyone hack me, there is
>> nothing on here they would want" line of thought.  Lots of hacked
>> windoze machines are just drones for spam and other hacks, virus, or
>> exploits.  Someone gets into root on your box and get some evil
>> running that sends out spam or other viruses and our "Ivory tower"
>> macs are brought down a notch or 2.  Ever notice how the activity
>> monitor is getting as cluttered as the process viewer on the windoze
>> machines?
>> I think Macs will lose a couple of points ontheir "market share
>> cloak" with all the intel hype (and discounted ppc machines) giving
>> some hacker a chance to make a name for themselves.
>> 
>> -- Scott
>> 
>> - Why does my firewall say "PC Load Letter"? -
>> 
>> 
>> On Mar 6, 2006, at 10:09 PM, Jim Manley wrote:
>> 
>>> There isn't any such as a perfect ivory tower.
>>> 
>>> I do think that most of us don't have top secret data that some
>>> hacker would go through all the trouble to get at. I always have my
>>> firewall on as far as that goes. Also, if you have a router then
>>> you have a hardware firewall.
>>> ---
>>> James Paul Manley
>>> Albuquerque, New Mexico
>>> 
>>> Jim Manley's Photoshop Elements Page
>>> http://www.geocities.com/jim_p_manley/index.html
>>> 
>>> 
>>> On Mar 6, 2006, at 8:47 PM, Jean-Paul Thuot wrote:
>>> 
>>>> You mean our ivory tower isn't safe after all?
>>>> 
>>>> I wonder if your basic end-user Mac connected to the net with it's
>>>> firewall up and non-essential services turned off would be as
>>>> vulnerable though.  This was a server that the crackers had local user
>>>> access to, which I think is a bit different from what most of us are
>>>> doing with our Macs.
>>> 
>>> _______________________________________________
>>> iBook mailing list
>>> iBook at listserver.themacintoshguy.com
>>> http://listserver.themacintoshguy.com/mailman/listinfo/ibook
>>> 
>>> Listmom is trying to clean out his closets! Vintage Mac and random stuff:
>>>         http://search.ebay.com/_W0QQsassZmacguy1984
>>> 
>> 
>> _______________________________________________
>> iBook mailing list
>> iBook at listserver.themacintoshguy.com
>> http://listserver.themacintoshguy.com/mailman/listinfo/ibook
>> 
>> Listmom is trying to clean out his closets! Vintage Mac and random stuff:
>>         http://search.ebay.com/_W0QQsassZmacguy1984
> 
> _______________________________________________
> iBook mailing list
> iBook at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/ibook
> 
> Listmom is trying to clean out his closets! Vintage Mac and random stuff:
>          http://search.ebay.com/_W0QQsassZmacguy1984




More information about the iBook mailing list