A Swedish Mac daddy threw down the gauntlet for hackers to come after his Mac Mini set up as a server on February 22nd. They promptly picked up the gauntlet and smacked him with it. The hacked happened inside of 30 minutes. Yep, the Mac is definitely safer than Windows.
|Hackers Go After Mac Mini|
In a post entitled, “rm-my-mac”
This is my workstation, the one I play oldschool tunes I’ve ripped from Nectarine and browse the web on. Go ahead and rm it, if you can. Har har!
It runs a default install of Mac OS X Tiger, plus fink and some decent versions of Apache, MySQL and PHP. Software Update recently updated it to Mac OS X 10.4.5 and fixed some security issues.
Yup, I should be pretty secure, shouldn’t I? <--- BZZZZT, WRONG Kinda like OpenBSD <--- NO, NOT REALLY., with the exception that this particular operating system was actually designed to be useful. That's why I set up an LDAP server and linked it to the Macs naming and authentication services, to let people add their own account to this machine. That way, they will all be able to enjoy the beauty of Mac OS X Tiger. And, of course, get a better chance of rm'ing it! Because I'm quite confident this poor Mac will get rm'd at some point in time.
ZDNet Australia talked Gwerda, the hacker who did the deed. They quoted him, saying, “It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits — of which there are a lot for Mac OS X.”
Gwerda also noted the “The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server — with various remote services running and local access to users There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn’t have stopped the vulnerability I used to gain access.
“There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches — good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits,” said Gwerdna in his ZDNet interview.
This says a lot about the state of affairs for the Mac world. It says they really do have security through obscurity. It’s not that the systems inherently safer that Windows, it’s that their market is so small, there’s not really been a good reason to crack them. Gwerdna finished by calling OS X “easy pickings” regarding vulnerabilities but then said the market share wasn’t high enough for serious bug finders.
Despite what many Mac aficionados might say, OS X is a vulnerable system. The ONLY thing that saves Mac from the all out onslaught seen by Windows is that Macs aren’t really worth their time.
Tag: Mac Hacks