More good news
zara ZERO
zara ZERO
By Macworld staff
A hacker is claiming to have hacked a Mac OS X server system in under
30 minutes.
The hacker won a Swedish competition last month in which hackers were
invited to break into a system. He managed to take root control of the
machine - allowing him to delete files and folders and install
applications - within six hours of the competition launching.
The hacker calls himself "gwerdna". He told ZDNet Australia: "It
probably took about 20 or 30 minutes to get root on the box. Initially I
tried looking around the box for certain mis-configurations and other
obvious things but then I decided to use some unpublished exploits -- of
which there are a lot for Mac OS X."
He said the hacked Mac could have been better protected, but he would
still have been able to achieve the result as he used a vulnerability that
hasn't yet been recognised or repaired.
He conceded that Apple's best protection against hackers comes from
its relatively low market share.
"zara ZERO" <zsp...@aol.com> wrote in message
news:zDXOf.39253$Ly6....@bignews5.bellsouth.net...
> Mac Hacked is minutes
>
> http://www.macworld.co.uk/
>
>
"zara ZERO" <zsp...@aol.com> wrote in message
news:zDXOf.39253$Ly6....@bignews5.bellsouth.net...
Homey
"zara ZERO" <zsp...@aol.com> wrote in message
news:zDXOf.39253$Ly6....@bignews5.bellsouth.net...
Kirby
wrote:
You're 100,000+ times happier since that's how many security problems
Windows has had.
--
Best,
Kirby
Tom Bates
"zara ZERO" <zsp...@aol.com> wrote:
NO PROOF was provided. Is it real or is it Memorex comes to mind.
Without proof, even Apple can't fix it if it is true.
Another piece of doubtful importance from zara-ZERO, the most worthless
poster in the group.
--
Yours,
Tom
George Graves
wrote:
> Thank GOD I run Windows XP Pro.
Yeah. It gets hacked in SECONDS.
--
George Graves
The health of our society is a direct result of the men
and women we choose to admire.
Lefty Bigfoot
(in article
<gmgraves-B04F44...@newsclstr02.news.prodigy.com>):
> In article <kfYOf.245$oQ2...@fe09.lga>, "Homey" <Nos...@nospam.com>
> wrote:
>
>> Thank GOD I run Windows XP Pro.
>
> Yeah. It gets hacked in SECONDS.
I had occasion to boot up Windows XP Pro today on a system that
has been used for Linux (but still has the old XP Pro partition
on it) while looking for an old spreadsheet file.
As such, it had not been booted into XP for about 4 months.
Immediately after login, my virus program went out and grabbed
updates, and the Windows auto-update thing kicked off
downloading as well. Same thing for Zonealarm. I let all this
go ahead, and ate the mandatory reboots, reminding me why I left
XP in the first place.
After I boot back around, I fire up Ad-Aware Pro and download
the latest data for it. I run an Ad-Aware scan, it finds a few
minor items, which I let it clean off. Then I fire up Spybot,
and download the latest updates for it.
Keep in mind at this point, the only thing I have used a web
browser for in the last 160 days or so is to download the
updates in the last 10 minutes or so. I have visited ZERO other
sites. I have up-to-date Windows security patches, zonealarm,
ad-aware and now Spybot. I immunize all, then run a spybot
scan. It finds 87 items!
Not 3 or 4, but 87. 87 items *AFTER* Ad-Aware has declared it
golden. With no web browsing since the last time spybot said I
was golden. What this means is that the items had been there
all along, but the spyware data for both Ad-Aware and Spybot 4
months ago didn't know about them yet, and that even as of today
Ad-Aware STILL does not know about them. SPybot did, but no
telling how many neither of them know about.
The underlying problem here is that you never really know that
you are free of the crap, only that you are free of all those
that are detectable by the tools you are using.
Disgusting.
--
Lefty
All of God's creatures have a place..........
.........right next to the potatoes and gravy.
See also: http://www.gizmodo.com/gadgets/images/iProduct.gif
ed
Lefty Bigfoot <nu...@busyness.info> typed:
<snip>
> Not 3 or 4, but 87. 87 items *AFTER* Ad-Aware has declared it
> golden. With no web browsing since the last time spybot said I
> was golden. What this means is that the items had been there
> all along, but the spyware data for both Ad-Aware and Spybot 4
> months ago didn't know about them yet, and that even as of today
> Ad-Aware STILL does not know about them. SPybot did, but no
> telling how many neither of them know about.
>
> The underlying problem here is that you never really know that
> you are free of the crap, only that you are free of all those
> that are detectable by the tools you are using.
>
> Disgusting.
but what were those 87 items? most likely cookies. which would be there on
os x as well.
Michelle Ronn
> Mac Hacked is minutes
>
> http://www.macworld.co.uk/
As all of these stories go, when you read the complete story, the
situation changes a bit:
(ZD Net .au)
http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_minutes/0,2000061744,39241748,00.htm
"Participants
were given local client access to the target computer and invited to
try their luck."
The link to the site that was hacked
http://rm-my-mac.wideopenbsd.org.nyud.net:8090/
Quick synopsys:
Ten seconds on this site will tell you that the person who kicked off
the contest is not exactly a security expert, not even close. He would
have had a much more secure system had he just left the defaults in
place.
Lefty Bigfoot
(in article <5G9Pf.45251$H71....@newssvr13.news.prodigy.com>):
Sorry, no not cookies. A bunch of "adclick", "webclick", don't
remember the exact details, and I didn't write them down. The
MRU lists caught cleaned off by Ad-Aware, even though they
aren't really a problem, but MRUs for a machine that hasn't been
booted in 4 months aren't really worth worrying about anyway, so
I went ahead and wiped them.
C Lund
In article <zDXOf.39253$Ly6....@bignews5.bellsouth.net>,
"zara ZERO" <zsp...@aol.com> wrote:
> Mac Hacked is minutes
>
> http://www.macworld.co.uk/
Might as well post this again:
"The ZDnet article, and almost all of the coverage of it, failed to
mention a very critical point: anyone who wished it was given a local
account on the machine (which could be accessed via ssh). Yes, there
are local privilege escalation vulnerabilities; likely some that are
"unpublished". But this machine was not hacked from the outside just
by being on the Internet. It was hacked from within, by someone who
was allowed to have a local account on the box. That is a huge
distinction."
--
C Lund, www.notam02.no/~clund
Joey Jojo Junior Shabadoo
Michelle Ronn <mic...@invalid.net> wrote:
"Oops Zero did it again,
He posted a flame, without using his brain, oooooh
His obsession's so sad, he's got it real baaaaad
He's not that intelligent!"
--
making Usenet safer - one troll at a time!
ed
what the heck is a "webclick" or "adclick"?
Tim Murray
> Might as well post this again:
>
> "The ZDnet article, and almost all of the coverage of it, failed to
> mention a very critical point: anyone who wished it was given a local
> account on the machine (which could be accessed via ssh). Yes, there
> are local privilege escalation vulnerabilities; likely some that are
> "unpublished". But this machine was not hacked from the outside just
> by being on the Internet. It was hacked from within, by someone who
> was allowed to have a local account on the box. That is a huge
> distinction."
>
> http://test.doit.wisc.edu/
>
Why bother? Z and company cannot read past a headline nor follow up with any
due diligence.
Edwin
> In article <kfYOf.245$oQ2...@fe09.lga>, "Homey" <Nos...@nospam.com>
> wrote:
>
>> Thank GOD I run Windows XP Pro.
>
> Yeah. It gets hacked in SECONDS.
Says the guy who hasn't used Windows in years... but wait, what am I
thinking... current experience is only required to criticize the Mac...
C Lund
In article <LaJPf.57364$dW3....@newssvr21.news.prodigy.com>,
Are you not able to learn from the experience of others, edwin?
Well, your post shows you're at least able to learn cheap rhetoric
from others...
--
C Lund, www.notam02.no/~clund