OS X security: hacked in 30 minutes..
Ok, just cam across this, and it is pretty disturbing:
Mac OS X hacked under 30 minutes...
I am hoping this is not as bad as it sounds, but right now I feel like going back to some old windows instincts: installing firewalls and perform virus checks. Please convince me to feel safe again, cause I hate this feeling
Mac OS X hacked under 30 minutes...
I am hoping this is not as bad as it sounds, but right now I feel like going back to some old windows instincts: installing firewalls and perform virus checks. Please convince me to feel safe again, cause I hate this feeling
Comments
Originally posted by Mr Beardsley
No need to worry unless you run your Mac as a server. According to the article they turned on all the remote access services, and took no steps to harden the machine. If you ran your machine as an internet facing server, you could easily up the security on the services you are running.
Not to mention the fact that they provided a web based interface for potential hackers to create USER ACCOUNTS on the box! All be it not 'admin accounts' but 'normal user accounts'. So let everyone learn this valuable lesson.
- Don't turn on all 'os x' services (even those you don't need)
**AND**
- At the same time allow total freakin strangers to add user accounts to the same machine.
Gee... I left most of my doors and windows unlocked (and a key under the front mat) and guess what... My house got robbed. Shock.. horror.. dismay... Hand-wringing galore!
Dave
next headline on zdnet 'anonymous hacker crashes mac 'remotely' by tripping over power cord'...
Originally posted by Mr Beardsley
According to the article they turned on all the remote access services, and took no steps to harden the machine. If you ran your machine as an internet facing server, you could easily up the security on the services you are running.
Originally posted by DaveGee
Not to mention the fact that they provided a web based interface for potential hackers to create USER ACCOUNTS on the box! All be it not 'admin accounts' but 'normal user accounts'. So let everyone learn this valuable lesson.
Dave
Ok, so that is what they did, no wonder then, it got hacked.
Starting to feel a little safer again, thanks!
So according to you, a normally configured Mac (factory safety settings, nothing additional) running the latest updates and connected constantly to the net through a broadband connection cannot be hacked/compromised in this way? Or is it just unlikely? Should i enable/install a firewall? Have you done this?
Originally posted by dutch pear
Ok, so that is what they did, no wonder then, it got hacked.
Starting to feel a little safer again, thanks!
So according to you, a normally configured Mac (factory safety settings, nothing additional) running the latest updates and connected constantly to the net through a broadband connection cannot be hacked/compromised in this way? Or is it just unlikely? Should i enable/install a firewall? Have you done this?
You could use Apple's firewall (Sytem prefs, Sharing, Firewall, On) and also run things through your AirPort which is a firewall itself. That should pretty much do you pretty well. You can even selkect Stealth Mode on the Advanced window.
Originally posted by dutch pear
Ok, so that is what they did, no wonder then, it got hacked.
Starting to feel a little safer again, thanks!
So according to you, a normally configured Mac (factory safety settings, nothing additional) running the latest updates and connected constantly to the net through a broadband connection cannot be hacked/compromised in this way? Or is it just unlikely? Should i enable/install a firewall? Have you done this?
A fair bit of prevention is always a good thing no matter how secure an OS is.
- A Firewall? Sure why not... you can always open ports as needed.
- NAT Addressing? As in having 10.0.0.x and/or 192.168.x.x type addresses yea that's good too - no way to get to those machines unless you activate some type of DMZ host - If you do have a DMZ host set then all bets are off and your network is far less than secure (firewall or not).
Dave
Originally posted by DaveGee
- NAT Addressing? As in having 10.0.0.x and/or 192.168.x.x type addresses yea that's good too - no way to get to those machines unless you activate some type of DMZ host - If you do have a DMZ host set then all bets are off and your network is far less than secure (firewall or not).
Dave
Thanks for your reply, but could you enlighten me (and other reading this) a little bit more on this last part, cause it sounds great, but I really have no clue whatsoever what NAT addressing or a DMZ host is and how I can enable this?
Originally posted by Bergermeister
You could use Apple's firewall (Sytem prefs, Sharing, Firewall, On) and also run things through your AirPort which is a firewall itself. That should pretty much do you pretty well. You can even selkect Stealth Mode on the Advanced window.
First, Thanks a lot for the info. So, is enabling the built in firewall enough protection? The reason I'm asking is i don't have a wireless modem, i just have an ethernet cable going from my DSL modem to my iMac.
Also I'm very curious to hear from long-time Mac users how they go about protecting there system?
-have you enabled a firewall?
-do you run as an administrator?
-any other good security tips apart from the obvious?
or am i really being overly paranoid as a recent switcher?
Originally posted by dutch pear
First, Thanks a lot for the info. So, is enabling the built in firewall enough protection? The reason I'm asking is i don't have a wireless modem, i just have an ethernet cable going from my DSL modem to my iMac.
Also I'm very curious to hear from long-time Mac users how they go about protecting there system?
-have you enabled a firewall?
-do you run as an administrator?
-any other good security tips apart from the obvious?
or am i really being overly paranoid as a recent switcher?
It may be a bit of paranoia reacting with everyone's general desire to keep their computer safe. Basically the hacking test showed that like someone said earlier ... if you yourself disable all of the OSes security features, then yes ... as with any OS, it is prone to a hacker. The guy said he used an unpublished bug. This may or may not be true and depending on how good he actually is, this could have been something he was working for some time and just now had the opportunity to exploit it. I could go on, but I don't want to turn the thread in a different direction...
I'm on a college campus network, before that I ran off a DSL line at my house and I can say all the way up from my PowerMac 6500 (which was purchased 8 years ago and retired just a month ago) to iMac G3's G4's and now the G5, I've never encountered any problems, running as either admin or another user.
It's probably a good idea to enable your firewall, and enable the advanced options that go with it. Then use safe internet practices by not downloading random stuff from people you don't know, etc. OS X will let you know what's its doing so don't get worried about the computer installing things in ther background without you knowing about them.
Relax, breathe easy and don't worry! It didn't take Apple long after the two worms earlier this year to release a security update for them and my guess is in the future Apple will continue to release security update as they become available. (They released a lot of them last year ... like one a month or something like that) Apple tries hard to plug the dam before it breaks, and while no OS will ever be impervious to those with ill intent, I feel a lot better looking at my Mac then having to buy Adware, Malware and Antivirus software for a Windows machine...
Oh, and welcome to the Mac experience
http://news.yahoo.com/s/nf/20060306/tc_nf/41948
http://www.symantec.com/avcenter/hom...ice/index.html
Down at the bottom of the page there is a scanner... Macs pass fine with the built-in software.
The most common way to escalate privileges is to cause a buffer overflow in a process that is itself running with the "setUID" bit on, and running as root. By carefully constructing the string passed in, the hacker can get his code to execute on the stack in the context of the setUID process, and get a root shell. At that point you are history.
Mac OS X has many of these setUID processes. The good thing about OS X is that it is not a mishmash of decades of different code, but a consistent framework, and if hackers are able to overflow setUID processes, then the open-source community and Apple know exactly where to look to close many of these holes. A lot, if not most, of the processes that run setUID are in Darwin or BSD, so the open-source folks should be all over this, and they have 100 times the resources of some proprietary product like Windows.
http://test.doit.wisc.edu/
And here's a more informed version of the original aricle:
http://apple.slashdot.org/article.pl.../03/06/1446207
Originally posted by dutch pear
Thanks for your reply, but could you enlighten me (and other reading this) a little bit more on this last part, cause it sounds great, but I really have no clue whatsoever what NAT addressing or a DMZ host is and how I can enable this?
Check here http://en.wikipedia.org/wiki/Network...ss_translation for information on Network Address Translation (NAT). And here http://en.wikipedia.org/wiki/Demilit...28computing%29 for DMZ.