[Ti] Some one Hacked me!

Sambouka sambouka at mac.com
Wed Jan 19 12:47:45 PST 2005 

I found it funny that no one was up for the challenge :)


On Jan 13, 2005, at 5:08 AM, Chris Olson wrote:

> On Jan 12, 2005, at 1:46 PM, Robert Ameeti wrote:
>
>> And do please give a link showing me where the Mac was cracked in a 
>> cracking contest. All the ones that I've heard about were not 
>> cracked. And my opinion was in this case that Ray's computer was not 
>> attacked by the experts capable of winning contests worth $10K or 
>> more.
>
> I indeed agree that Ray's computer more than likely was not cracked.  
> But never make the mistake of thinking Mac OS X is infallible.  As 
> shipped in it's default configuration it is indeed secure, usually 
> more so than other Unices, but people use their computers for things.  
> The computer does little good sitting there with the ethernet plug 
> lying on the floor not plugged into the wall jack.  If it has ports 
> open and is running services on those ports, it can be cracked.  
> Period.  I don't care what it runs.
>
> In addition, I'm up for a challenge, and I'd like to prove it to you 
> first hand.
>
> Firstly, those of us who specialize in, and like to play with cracking 
> computers are *NOT* hackers, nor does your box get "hacked".  
> "Hacking" is writing software.
>
> Place a "secret" text file in your user directory someplace named 
> "secret.txt", the contents of which only you know.  I don't want to 
> know your user name (if the box has multiple users), nor where you put 
> the file as long as it's in your user directory.  Put your Mac on a 
> DSL or Cable modem with a static IP that won't change for 48 hours.  
> Connect it directly to the modem with the firewall on, with web 
> sharing (http port 80), remote login (SSH port 22), and FTP access 
> (FTP control port 21 and data port 20, plus non-privileged ports 
> 1024-65535) turned on.  Make certain Windows File Sharing and Personal 
> File Sharing are turned off, along with all other services on the box 
> except for the three mentioned above.  Email me the IP address of the 
> machine along with a waiver that gives express consent to me and an 
> undisclosed number my colleagues to attack the box.  We need the 
> waiver to state an understanding on your part that this is not a 
> criminal activity, that we may take root control of the target box 
> over remote connection, and that we may modify some critical system 
> utilities, including replacing the NetInfo database in the BSD 
> subsystem in order to do so.  We'll also need written consent from 
> your ISP giving us permission to attack an IP address on a subnet 
> owned by them.  An email signed with your PGP key is sufficient for 
> your written consent, the ISP will have to fax me their waiver.
>
> Give us a start time, and allow 48 hours continuous access to the box. 
>  To prove we broke in, one of us will email you the contents of your 
> secret text file before the 48 hour time period expires, with complete 
> step by step documentation of how we broke in.  And we'll do it for 
> fun.  We won't expect any big prize for breaking in.
> --
> Chris
>
> _______________________________________________
> Titanium mailing list
> Titanium at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/titanium
>

More information about the Titanium mailing list