the Mac mini is one tuff cookie

Posted:
in General Discussion edited January 2014
I was super relieved to hear that the supposed OSX Hack was missleading and even more so when I read this.



Pass this on to those who think we, the Mac users, are only safe due to small market share.



the TRUE Hacker test

edit:

link to original "30 min hack"



have a great day team.

flick.

Comments

  • Reply 1 of 5
    MarvinMarvin Posts: 14,803moderator
    Quote:

    Originally posted by Flick Justice

    I was super relieved to hear that the supposed OSX Hack was missleading and even more so when I read this.



    Pass this on to those who think we, the Mac users, are only safe due to small market share.



    the TRUE Hacker test

    edit:

    link to original "30 min hack"



    have a great day team.

    flick.




    How do you mean misleading? That it was just a student who put the Mac up for a test?



    Unless the actual story is false, it looks to me like some average user set up his Mini for a web server and it was hacked in half an hour.



    Irrespective of how it was configured, the hacker had said that he gained access by a vulnerability in OS X.



    Not that I'd take anything solid from such a test, I just want to establish whether or not OS X has known and dangerous vulnerabilities.
  • Reply 2 of 5
    iposteriposter Posts: 1,560member
    Quote:

    Participants were given local client access to the target computer



    Note, this is the key line in the article! The supposed hacker already had initial access to the Mini through a user account.



    Move along folks, nothing to see here....



  • Reply 3 of 5
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by Marvin

    Unless the actual story is false, it looks to me like some average user set up his Mini for a web server and it was hacked in half an hour.



    Bzzzt.



    The guy who set up the server gave anyone who asked their own account on it. The hacker *had an account* on the server. What he did was an internal escalation of user privileges, not a cracking of the server from outside.



    Very, very different.



    It's not *good* to have such holes, obviously, but it's a whole other class of problem than "30 minutes on the web and it was [email protected]!"



    Which it wasn't.
  • Reply 4 of 5
    MarvinMarvin Posts: 14,803moderator
    Quote:

    Originally posted by Kickaha

    Bzzzt.



    The guy who set up the server gave anyone who asked their own account on it. The hacker *had an account* on the server. What he did was an internal escalation of user privileges, not a cracking of the server from outside.



    Very, very different.




    Ah, I see. That's what the original poster should have said. Maybe that link explained it before it went down.
  • Reply 5 of 5
    robin hoodrobin hood Posts: 513member
    Not only did the supposed hacker have an account on the server, it was never actually revealed *how* it was allegedly hacked? Without being able to reproduce this alleged hack, it's hard to believe the story at face value.



    Look at me! My Mac got hacked, but I am not going to tell anybody how it was done! Come on, anybody could claim that. With no proof of any kind being provided, the odds are this is a hoax.
Sign In or Register to comment.