I’m sure this is going to spread like wildfire across the Internets today, but let me take a minute to debunk this. As best I see, the website in question allows users to create their own UNIX-style accounts through a LDAP interface. From this remote access shell, the said hacker was able to use a vulnerability to escalate his privileges to root-level. Sure, its a succesful hack, but I’m not aware of any “secure” machines configured to allow users to create their own shell access. Furthermore, I do not believe SSH is even enabled by default on OS X (though to be fair, most admins will turn this on).

What’s the significance? It’s not that OS X isn’t hackable, or that this sysadmin gave far more remote access than is normal; no, it’s that no one operating system is more or less secure than another. Security is an ongoing project, completed one day, only to begin the next.

read more | digg story