[iBook] Mac OS X hacked in less than 30 minutes

Wegener Media sales at wegenermedia.com
Tue Mar 7 08:28:53 PST 2006 

This is a nice point, albeit not relevant to the issue at hand. IN 
addition, the miss-communication about this "hacking" incident is 
only furthering the miss-information and hype.

1.
IF you do not allow user access to your ports, have file sharing 
turned off, use a firewall at all, you have VERY VERY VERY LOW 
visibility to outside users.

2.
The key factor in the notable "hacking" was NOT a standard 
internet-based hack, to which most PC users are accustomed. Please 
understand that the Aministrator of the Mac Mini CREATED a USER NAME, 
published his IP#, and allowed strangers connectivity to his machine 
(ie., opened ports to the internet).  In other words, he 
INTENTIONALLY CREATED A HACKER'S ACCOUNT on his Mac. The goal was not 
for them to create an account for themselves; that had already been 
done. The goal for them was to go from ALREADY having been given 
access to that computer, to being aable to fully control the computer.

By default, NONE of this is set to happen with your standard mac. In 
fact, most folks never ever create extra user accounts, never mind 
allowing others to access their computer via a user account.

While this doesn't mean that Mac's are somehow impervious to hacking, 
the widely celebrated 'hack' had more to do with a controlled (and 
authorized) access issue than it did "hacking" of  a computer over 
the web.


>Now lets not get into the "why would anyone hack me, there is 
>nothing on here they would want" line of thought.  Lots of hacked 
>windoze machines are just drones for spam and other hacks, virus, or 
>exploits.  Someone gets into root on your box and get some evil 
>running that sends out spam or other viruses and our "Ivory tower" 
>macs are brought down a notch or 2.  Ever notice how the activity 
>monitor is getting as cluttered as the process viewer on the windoze 
>machines?
>I think Macs will lose a couple of points ontheir "market share 
>cloak" with all the intel hype (and discounted ppc machines) giving 
>some hacker a chance to make a name for themselves.
>
>-- Scott
>
>- Why does my firewall say "PC Load Letter"? -
>
>
>On Mar 6, 2006, at 10:09 PM, Jim Manley wrote:
>
>>There isn't any such as a perfect ivory tower.
>>
>>I do think that most of us don't have top secret data that some 
>>hacker would go through all the trouble to get at. I always have my 
>>firewall on as far as that goes. Also, if you have a router then 
>>you have a hardware firewall.
>>---
>>James Paul Manley
>>Albuquerque, New Mexico
>>
>>Jim Manley's Photoshop Elements Page
>>http://www.geocities.com/jim_p_manley/index.html
>>
>>
>>On Mar 6, 2006, at 8:47 PM, Jean-Paul Thuot wrote:
>>
>>>You mean our ivory tower isn't safe after all?
>>>
>>>I wonder if your basic end-user Mac connected to the net with it's
>>>firewall up and non-essential services turned off would be as
>>>vulnerable though.  This was a server that the crackers had local user
>>>access to, which I think is a bit different from what most of us are
>>>doing with our Macs.
>>
>>_______________________________________________
>>iBook mailing list
>>iBook at listserver.themacintoshguy.com
>>http://listserver.themacintoshguy.com/mailman/listinfo/ibook
>>
>>Listmom is trying to clean out his closets! Vintage Mac and random stuff:
>>         http://search.ebay.com/_W0QQsassZmacguy1984
>>
>
>_______________________________________________
>iBook mailing list
>iBook at listserver.themacintoshguy.com
>http://listserver.themacintoshguy.com/mailman/listinfo/ibook
>
>Listmom is trying to clean out his closets! Vintage Mac and random stuff:
>         http://search.ebay.com/_W0QQsassZmacguy1984

More information about the iBook mailing list