[OT] [Ti] Intel Mac Mini? now Security

Chris Olson chris.olson at astcomm.net
Sun Feb 26 08:46:12 PST 2006 

On Feb 26, 2006, at 8:16 AM, Tarik Bilgin wrote:

> Chris I grant you that OS X is now seeing the kind of "battle  
> hardening" that Windows has seen over the last 10 years. But for me  
> at least, the discovery of some trojans and worms possible in OS X  
> does not mean the sky is falling, but that yes sadly there are bugs  
> in OS X.

I don't believe I said the sky is falling.  Just that Mac OS X is  
just as exploitable as Windows.

> When I do a default install of OS X, I am running as a user with  
> the potential to have administrator level privileges but my  
> password is validated before making any major change like  
> installing software.

This is a common misconception.  Your demo of our fully-developed  
exploit is on its way to you via private email, and I think some  
things should be pointed out, for the benefit of others running OS X  
as well:

1.)  If you're an admin user on OS X (meaning you can authenticate to  
install root-level software), you are at greater danger.  The reason  
is because you belong to the BSD admin group.  This means you have  
read/write access to root level directories, WITHOUT having to  
authenticate.

2.)  Mac OS X's software bundles are self-contained.  Inside the  
bundle they contain their own libraries, etc..  This means a hacker  
does NOT have to have root level access to run arbitrary code on your  
system because software on Mac OS X can be run directly from a Disk  
Image, or anywhere in your user account.

3.)  To fully realize the extend of what can be done, take a good  
look at the demo I sent you.  You'll see that you CAN NOT see the  
actual program that does the damage in Finder, aka the proof-of- 
concept demos on the web.  I dropped a trojan (a program) into your  
user account without you even knowing it.  I can set cron jobs to run  
it at arbitrary times, I can add it to your login items and keep it  
hidden, or any number of things.  And you'll never find it short of  
dropping to the Unix command line, and then you'll have to know what  
you're looking for.

4.)  In light of the above, I can install hidden key loggers, network  
sniffers, or any number of malicious programs into your user account,  
run them under your user privileges, have the program open a back  
door (from inside your firewall), and retrieve your administrator  
password.  Bingo - I got root on your computer.  The rest is history.
-- 
Chris

-------------------------
PGP Key:  http://astcomm.net/~chris/PGP_Public_Key/
-------------------------

More information about the Titanium mailing list