Techlines Today
Mac OS X hacked in less than 30 minutes
Tags: “Gaining root access to a Mac is ‘easy pickings,’ according to an individual who in less than 30 minutes won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.”
I’m sure this is going to spread like wildfire across the Internets today, but let me take a minute to debunk this. As best I see, the website in question allows users to create their own UNIX-style accounts through a LDAP interface. From this remote access shell, the said hacker was able to use a vulnerability to escalate his privileges to root-level. Sure, its a succesful hack, but I’m not aware of any “secure” machines configured to allow users to create their own shell access. Furthermore, I do not believe SSH is even enabled by default on OS X (though to be fair, most admins will turn this on).
What’s the significance? It’s not that OS X isn’t hackable, or that this sysadmin gave far more remote access than is normal; no, it’s that no one operating system is more or less secure than another. Security is an ongoing project, completed one day, only to begin the next.
If you want to be notified the next time I write something please subscribe to my RSS feed. Thanks for reading!
Related Posts
Recent Posts
Random How in the TECH
Tag Cloud
about:config apple bugs command prompt drm firefox firefox addons firefox extensions firefox tips games gmail google government gta iphone ipod itunes laws lawsuit linux math microsoft mp3 music nintendo patches privacy registry editor review robots search service pack sysadmin uac ubuntu unix video games vista vista tips vista tweaks wii windows freebies windows tips yahoo youtube
Discussion
No comments for “Mac OS X hacked in less than 30 minutes”
Post a comment