This article contradicts itself right out of the gate.
(well, near the bottom, but still)
It claims that pc and mac vulnerabilities are comperable. It then
(in the very next sentence) states that with over 1 hundred thousand
viruses for the pc, and 2 hundred for the mac are out. I'm puzzled
how this equates to equivalent vulnerabilities. Also, my guess on
how the hacker got access is the practice of most mac users to assume
they're safe, and never assign a root password. (mac calls it a
system wide password) W/o a root password, it's trivially easy to
gain root access to the os. And if that's the quote exploit unquote
this hacker used, then he's a worse hacker than you thought. If it
took him 30 minutes to gain root access on a box that doesn't have a
root password, then he shouldn't be hacking, considering this is a 30
second exploit (if that) Of course, allowing for typing time, and
perhaps network access lagtimes, I'll allow a full minute, but still,
if he has physical access to the mac, then even a minute is too long
for this kind of exploit (if it can be called that)
It's possible there's other exploits for the mac that haven't been
published (as he claims) but my guess is that he gave no specifics,
because he had none. It's easy to get in through an open window,
then claim you're an excellent thief and have a knack for getting
into locked places. And once again, I point out that the
vulnerabilities mentioned in the article that try to make it seem osx
is unsecure are things that are simple to block, and are things that
some folks do anyhow, without even realizing it makes the machines
more secure. That does not constitute a a vulnerability in my
opinion. How many windows users can accidentally block a security
flaw, just by turning off something they don't use? Sure, it can be
done, and sometimes it does happen, but percentage wise, I'd wager
there's a *lot* more mac users that stumble into this than windows
users do.
Anyhow, I'm done, this article made me mad (as most articles written
by uninformed people do) so I'll cut out now before I really get going.
On Mar 7, 2006, at 6:14 AM, BlindTech of BlindTechs.Net wrote:
You got to be kidding me write, watch The BlindTechs Network blog
for our comment to this horribly funny article.
by the way, it would take only about three minutes not 30, and that
is with only local access, meaning staning in front of the computer
with direct kb access. no computer in the world in not vonerable to
this kind of "hacking" and by the way, how long does it take to
hack windows? 45 seconds???
So what i want to know right now is,
1. what the hell took you so long if it was easy pickings,
and 2. the mac has 200 viruses? where???
Read below!
Hacker Gains Root Access to Mac OS X in 30 Minutes
Walaika K. Haskins, newsfactor.com Mon Mar 6, 4:40 PM ET
It took a hacker less than 30 minutes to gain root-level access to
Mac OS X, according to a report from ZDNet. The hacker who
penetrated the system called the Mac "easy pickings."
The security breach took place on February 22 after a Swedish
devotee of the Mac set up a Mac Mini as a server and invited all
takers to try to compromise the system's security to gain root-
level control. Once a hacker has gained root access to a computer
system, the attacker can install applications, delete files and
folders, and use the computer for any nefarious purpose.
The competition was over in a matter of hours after a hacker, who
asked to be identified only as "Gwerdna," gained access to the
server in question and defaced the Web site with a message that
read, "This sucks. Six hours later this poor little Mac was owned
and this page got defaced."
Gwerdna told ZDNet that it took him a mere 30 minutes or less to
gain root control of the Mac. "It probably took about 20 or 30
minutes to get root on the box," Gwerdna said. "Initially, I tried
looking around the box for certain misconfigurations and other
obvious things but then I decided to use some unpublished exploits
-- of which there are a lot for the Mac OS X."
Taking Aim at Macs
Although Gwerdna said that the Mac Mini could have been protected
more effectively, he also said that, even had the machine been
configured for better security, it would not have stopped him
because the vulnerability he exploited has yet to be published and
Apple has not released a patch for it.
The winner of the hacking contest went on to say that there is a
limitation on what hackers can do with unknown and unpublished
vulnerabilities because there are countermeasures that systems
administrators can employ to tighten security -- even for
unpublished software flaws.
Although Gwerdna said that Mac OS X contains unpatched
vulnerabilities that would permit a hacker to infiltrate Apple's
operating system, he said that the relatively small number of Macs
in use -- in contrast to the vast number of PCs running Windows --
is the reason more hackers do not try to exploit them.
"Mac OS X is easy pickings for bug finders," he told ZDNet. "That
said, it doesn't have the market share to really interest most
serious bug finders."
Flawed Apples
News of this contest comes on the heels of Macs being hit by two
viruses and a critical security flaw. Security experts called the
Leap and Inqtana viruses relatively harmless because of their
limited scope, but rated the security flaw in Apple's Safari Web
browser as critical.
Discovered by Michael Lehn, a graduate student and research
assistant at the University of Ulm in southern Germany, the Safari
vulnerability could have allowed attackers to disable a Mac
computer after tricking the user into accessing a phony Internet
site that contained malicious code.
Up until the point that Apple patched the flaw, the Safari
browser's default configuration was set to open and run compressed
files automatically. Attackers could exploit the flaw when Mac
users downloaded files in which malicious software had been
disguised to appear as safe.
Apple issued a security update last Wednesday to fix 20 Mac OS X
vulnerabilities, including the Web-browser problem and a similar
flaw in Apple's Mail client. The update also patched iChat, Apple's
instant-messaging application, which now relies on an Apple
technology called "download validation" to warn users of unknown or
unsafe file types during transfers.
Lessons Learned
"The lesson here is that if we look at Mac OS X and compare it to,
say, Windows XP, we find that, in terms of the number of
vulnerabilities, they are actually quite comparable," said Vincent
Weafer, senior director at Symantec Security Response.
What might surprise many is that both Apple's Mac OS X and
Microsoft's Windows have roughly the same type of vulnerabilities
in a similar volume, said Weafer.
But he did say that direct comparisons are not possible because
both companies report vulnerabilities and security updates
differently -- and Apple ships more applications with Mac OS X than
Microsoft does with Windows.
Weafer also said that hackers are not capitalizing on
vulnerabilities in Mac OS X to the same degree they are trying to
exploit flaws in Windows. Weafer estimated that there are between
100,000 to 200,000 Windows viruses compared to 200 or so Mac viruses.
According to Weafer, the number of Mac vulnerabilities discovered
and the possibility they will be exploited will gradually rise as a
direct result of an increased interest in Mac OS X. Weafer urged
Mac users to make sure they have installed antiviurs and
antispyware applications and are updating them regularly.
BlindTech of BlindTechs.Net
[EMAIL PROTECTED]
website: http://blindtechs.net
Visit our website where we offer free email, shell accoiunts,
shoutcast radio service, online games and more!
Powered by Unix not Microsoft
