| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 66828 | 2006-03-08 05:10:00 | Hack-A-Mac-A-Tack | SurferJoe46 (51) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 436747 | 2006-03-08 05:10:00 | Gaining root access to a Mac isn't nearly as difficult as Apple would have us believe . In late February, a hacker participating in an "rm-my-mac" competition gained root control of the target machine in less than 30 minutes by exploiting an unpatched vulnerability in OS X . "It probably took about 20 or 30 minutes to get root on the box," the hacker who goes by the handle "gwerdna" told ZDNet Australia . "Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X . The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users . … There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access . . . . Mac OS X is easy pickings for bug finders . That said, it doesn't have the market share to really interest most serious bug finders . " |
SurferJoe46 (51) | ||
| 436748 | 2006-03-08 05:28:00 | I like youR thread title Joe but I think you needed to be up 9 hours ago to be first with the topic : www.pressf1.co.nz Andrew :) |
andrew93 (249) | ||
| 436749 | 2006-03-08 05:50:00 | come on surferjoe, you really need to keep up to date with things. That article has already been discredited by the people running the competition. :groan: | plod (107) | ||
| 436750 | 2006-03-08 20:21:00 | Ah.. no it hasn't plod.. it just spawned a new competition with harder rules | qyiet (6730) | ||
| 436751 | 2006-03-08 21:07:00 | (There were no successful access attempts of any kind, including during the 38 hour duration of the test period, nor have their been any claims of success. The host is still the same host and configuration used for the test.)from my original link (http://test.doit.wisc.edu/) | plod (107) | ||
| 436752 | 2006-03-08 22:33:00 | (There were no successful access attempts of any kind, including during the 38 hour duration of the test period, nor have their been any claims of success . The host is still the same host and configuration used for the test . )from my original link (http://test . doit . wisc . edu/)The site you linked to has now gone plod, but it was not the Competition referred to by Cnet . The page you linked to was someone who setup a second competition as a response to the cnet article . They changed rules a bit by not allowing the hacker to start with a local account . What cnet said was all true . . if over hyped, and somewhat misleading . -Qyiet |
qyiet (6730) | ||
| 436753 | 2006-03-09 00:07:00 | What cnet said was all true.. if over hyped, and somewhat misleading.So it was all true lies? | Graham L (2) | ||
| 1 | |||||