digg

Facebook Connect Join Digg About

Cult of the Mac Blog response to 30min Hack of OSX

wiredblogs.tripod.com The games a foot on the 30min hack of OSX.

Who dugg this? Made popular Mar 7, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

82 Comments

show profanity settings
expand all
  • t3hX, on 10/12/2007, -10/+23Pretty unnecessary, but true.
    Dugg just for the ending. "Watch out though, I'm coming to get you with a whole book of undocumented exploits! Just create me an admin account on your machine first and close your eyes! "
  • ThinkBox, on 10/12/2007, -2/+14Honestly - you getting the truth is a delicate balance of whatever i say getting modded up or modded down by people who feel like my truth isnt their truth - whatever everyone has their own opinion how a idiot set up a flawed security test by leaving obvious holes open that can be cracked (even on *nix systems) - It isnt a pain to tighten them down too much more to make his "unknown exploits" unavailable. Yeah, you can crack part of the OS when it deals with shadow admin abilities that stemmed from user shell account hacking. It happens, but it shouldnt be that easy - except the idiot running the thing has trouble ***** because he doesnt know his ass from the hole in the ground he just dug to burry himself in.
  • foxsynergy, on 10/12/2007, -5/+14"Not to mention, the guy who set up this challenge in the first place doesn't seem to be the world's savviest sysadmin."

    This article strikes me as a bunch of friggin' whining. Big greging deal if one machine got rooted. And as to the above quote, is it expected that literally every Mac user on the planet *is* a "savvy sysadmin"? There are half a bajillion people who don't know their Athlon from a hole in the ground and are walking around with a Mac, feeling secure because they were arbitrarily told nothing would ever touch them. It's not like these folks are all 100% security conscious -- some of them just got a computer so they could get some work done. Any OS has its flaws, and any responsible person who wants to know how can work to prevent them from being exploited. Gee willakers.
  • jav1231, on 10/12/2007, -1/+8My problem is that if you posted a story of how someone hacked a Windows machine because someone left Remote Desktop open no one, and I mean, NO ONE would take it seriously. This guy logged in with a shell account. The shell account was left there for him. He didn't hack into the system, he LOGGED into the system. From there he gained root. BIG difference. You want to compare apples to apples? This is like someone having local logon rights to a server and gaining root in Windows.
  • systemghost, on 10/12/2007, -14/+20Excuses.

    Every OS is vulnerable -- why all the self-delusions?

    This story was thrown onto the main page just because people don't like to hear questionable material about Macs. Not dugg; reported. Get something more interesting on the front page, please. Not everyone wants to read buzzwords and Macpedaling all day.
  • inactive, on 10/12/2007, -8/+14Tonight Im going to park my car in the bad side of town with the keys in it and the engine running. When it gets stolen, Im going to start a BLOG to complain about how BMWs security sucks.

    Theres a difference between being a savy sysadmin, and opening your system up, giving account out to people - and then blaming Apple because you got "hacked".

    I wonder how many Apple user, or Windows users or Linux users, start an SSH daemon on their system, create accounts and then give people they dont know the passwords? He deserved to get hacked, if I'd gotten on his box, I'd have reformatted the drive.

    This whole OSX hacked in 30 minutes is just nice headline grabbing *****, and people jumping on looking for page hits.
  • jeffburg, on 10/12/2007, -6/+11no digg
    yes the article was misleading but there is no need to break it down into a bunch of maybe
    no one knows the entire situation of the hacking and no one knows what it means. Someone just wanted to say the mac is insecure. There is another digg that has to do with testing the security for real so lets watch that one. this should not be on the main page.
  • burritoKing, on 10/12/2007, -7/+12
    Cool...I never knew Steve Ballmer had a digg account.
  • wastern, on 10/12/2007, -0/+4while os x has a better core security design, nothing is perfect. I still don't feel at risk, as everything so far has involved social engineering or some set up.

    I would just like a lot of the newfound apple fans to get over it and realize that the small market share is an asset and if they'd keep their mouth shut and stop bragging then os x will be more secure. people are just trying harder now in an effort to shut mac fans up.....not a good situation

    that being said, i personally use security as a big selling point when converting people to os x and apple and don't think it should be played down. but i also don't feel it needs to be shouted from the mountain top so loud and so often that if cause the type of response its getting

    i maybe wrong but i'm guessing most of the people bragging have been with apple for < 2 years. after a while you just sit back and relax and know your system is secure and feel good about it without having to force feed it to people....i was there at one point in time. its best to move past it. it turns people off and makes people want to hack the ***** out of you, and as you've all seen, the smallest flaw is big news, and its big news because of all the bragging.

    i realize that was repetitive, sorry, i've been awake too long...
  • beendugg, on 10/12/2007, -2/+6I think the point in saying that he's no savvy sysadmin really is that the guy is holding a contest and posting information about something he shouldn't even be involved in, or at least "isn't trained to do". Granted not every Mac user is fundamentally savvy, but they're not allowing random people into their computers then posting results as if something unbelievably amazing (or terrible, depending on your perspective) just occurred either. Just my 2 cents.
  • dBLiSS, on 10/12/2007, -3/+7"Not to mention, the guy who set up this challenge in the first place doesn't seem to be the world's savviest sysadmin"

    That quote gets me, because i'd imagine the majority of Apple users aren't excellent sysadmins. *shrug* take it for what it's worth.
  • tehsuck, on 10/12/2007, -0/+3The thing that pissed me off the most about this article is that it doesn't offer any advice to computer users on how to better protect their systems. It would've been nice if the author said "The contest allowed users to create SSH accounts... this is what an SSH account is... if you are a Mac OS user, this is how to make sure SSH is disabled.... this is how to turn on your firewall... etc."
  • weareglass, on 10/12/2007, -3/+6Please do not perpetuate an 'us vs. them' mentality regarding Mac users. I probably have as much in common with you as I do with the average Mac user. The entire Mac-using world is not made up entirely of fanboys, and the fact that you suggest this leads me to suspect your blind criticism of an entire group of people as a single stereotyped entity is more of what most of us would call a 'fanboy.'

    FURTHERMORE, there is an excellent article posted on the Unofficial Apple Weblog at (http://www.tuaw.com/2006/03/07/another-look-at-mac-os-x-security/) which analyzes the supposed 'hack' from a sysadmin's standpoint and evaluates whether these are genuine things which should arouse concern in the Mac using community. It's a bit more technically astute than the Cult of Mac blog although it comes to a similar conclusion.
  • parker, on 10/12/2007, -1/+4uw called shenanigans on that. as a wisconsin grad i feel i gotta represent.

    challenge v2.0 is here. see if you can hack their website without being granted local account access.
    http://test.doit.wisc.edu/
  • ditangquan, on 10/12/2007, -1/+4when i saw this story (not the digg version) on Yahoo without any facts I knew it was BS. C'mon, we need journalists out there not just people that propogate BS.
  • newthread.org, on 10/12/2007, -2/+4I'm in Sacramento, and this made front page of the tech section in the paper, I'm no mac user but ever since i read this in the paper there has been 10 different aspects of it. whats the deal? true or not??
  • Chozabu, on 10/12/2007, -1/+3No one would take such a windows hack seriously, because everyone knows windows is low on security
    from a user accound you *should not* be able to gain root/admin access
    People expect Mac and Linux to be much more secure, and for the most part they are!

    I tihnk the real news is that, when a flaw is found in windows, no-one cares - 15 others have been reported in the last hour(i know, perhaps not that many are found =D) - its not news
    when a flaw is found in OSX or lin it is news - because theyre rare
  • deepsub, on 10/12/2007, -1/+3"I think that the most relevent factor for Macs perpetuating reputation for invulnerability has been its limited marketshare, and I think that's going to change quite quickly now as their marketshare continues to grow."

    There is NO basis for this argument. None at all. If this sort of thinking was valid, Darwin and Linux would be holier than the Sistine Chapel. The source code is easily available, yet there are very few exploits for any open source based core OS (including Darwin). The source code for Windows is NOT available, yet it's a hackfest... indicating extremely poor, buggy software design, which is the REAL root of security issues in Windows.
  • cathode, on 10/12/2007, -1/+3A lot of apple-flavored koolade drinkers in here...
  • blackax, on 10/12/2007, -4/+6why is everyone on apples side on this one. sure they did not give apple a "fair" test but it i could gain root from a non root account in windows then you would be yelling at Microsoft to fix it. so why is there this double standard? well all know both OSX and windows have unpatched holes.
  • vinny, on 10/12/2007, -0/+2It's not being taken seriously because it wasn't conducted in a serious fashion. We don't know all the details. We don't know how this person got root access. We don't know how the system was configured. To me this appears more like a case of someone setting up an experiement in order to get the results they wanted to get.
  • muikano, on 10/12/2007, -3/+5Oh come on. The best thing for you to do is go to a MAC store and try out the computer. If your too lazy to fact find, you shouldn't give out your opinion. Whether or not it's safe, it certainly is SAFER.

    1) OSX has better root permissions. 1) Windows XP sucks at this, this is truth.
    2) OSX has a nicer interface, a better start menu. 2) XP's contextual menus take up the whole screen.
    3) OSX has updates every 18 months with functionality. 3) XP is what 5-6 years old already?
    4) OSX is a modern OS with better indexing algorithms and 64bit support. 4)...

    Still, it would be nice to see a play by play of what was used to hack the Mac.
  • cblalock, on 10/12/2007, -8/+10"Not everyone wants to read buzzwords and Macpedaling all day."

    You're right. I'd really rather read 30 articles per day detailing the top 37.3 reasons why Vista is going to be the shiznit. /sarcasm

    Fanboys, on both sides, really piss me off.
  • vinny, on 10/12/2007, -0/+2"My post referrs to the sedated mentality of the average Mac user I come into contact with daily. Granted they are not on the high end of the technical spectrum, but there is a certain lack of caution among them that both make them dangerous to my network, as well as appealing to the malicious-minded."

    Couldn't you say the exact same thing about the average Windows user? Very few of the Windows users I know have any technical ability, which is usually what gets them in trouble.
  • achoi, on 10/12/2007, -0/+1I just find it hilarious that people have such black and white statements on the security of an OS. Why do I get the feeling that there are more and more astroturfers out there on a smear campaign?

    OS X. Okay, so it's not the absolute bastion of security that fanboys tout it to be. But, the security level is good enough to for Joe Sixpack user to generally not worry too much about whether someone is going to get total control over his machine simply by reading an email or surfing the web.

    Truth is, if anybody wanted to break in (any system) bad enough, they will. Anywhere from guessing correctly to having a gun pointed to your head can get results (although the success rate of being held hostage for your password is much higher than plain old guessing that password). But what makes this different from any other modern day OS? Seriously?

    Besides, if you want your OS X to be more secure, you're gonna have to learn how to harden it. It's the same exact thing with Linux, or Windows (YES, even windows. Well, newer builds anyway). Modern day OSes have mostly (I say MOSTLY) taken out the wrinkles in the design flaws that leave vulnerabilities in their systems up to the point where the biggest security flaw is no longer the system, but the *USER*.

    Have Joe Sixpack administer Win2003, or BSD, or a Cisco router or switch. Watch it get owned if he doesn't know what he's doing.
  • DharmaDog, on 10/12/2007, -0/+1Why did you post this twice?
  • boozedrinker, on 10/12/2007, -0/+1GOOD CALL!!!
  • vinny, on 10/12/2007, -1/+2I don't think anyone has claimed that Apple products, or Macs specifically, are perfect. I think you are a little overly sensitive for some reason.
  • xedeon, on 10/12/2007, -1/+2Update

    The ZDnet article has been updated to include the sentence, "Participants were given local client access to the target computer and invited to try their luck."

    Hmmm so i make a local account for hackers to exploit... wow that so called contest is misleading shame on ZDNET Aussie ..
  • vinny, on 10/12/2007, -0/+1That a funny comment which has almost no real meaning. Do you care to explain what that is supposed to mean? Just because people are questioning this "contest" does not mean that they blindly support Apple, which is what I suspect you are trying to imply. Just as I would hope you don't blindly accept attacks on Apple without merit. How about you give us a comment that contains some thought?
  • DharmaDog, on 10/12/2007, -0/+1Your argument is specious at best. I can say everything about users of any platform that you try to pin exclusively on Mac users. Most users, regardless of platform are at best unaware, and at worst completely clueless about security, vulnerabilities and exploits. It's more your job to be aware and to put in place limits that keep their cluelessness from harming your company. It's their job to use office suite and graphics software. If you want to involve the user in your security measures, great. But you cannot rely on them. Mac users are no different than Windows users. They are all users, not sysadmins or network admins.

    You do your job and let them do theirs. It doesn't matter what they think about your proactive attitude about security.
  • tensafefrogs, on 10/12/2007, -1/+2this post could have summed up the 'contest' in this line:

    "What the article spends a lot less time making note of is that the challenge, as it was set up, basically allowed anyone who wanted one to get an account on the machine, SSH in and start messing around"

    once you have a shell account you can just start uploading dictionary files and trying passwords until you crack it. you don't even need an exploit. this whole contest smells like crap.
  • wastern, on 10/12/2007, -0/+1your firewall is in your system prefs > sharing > firewall tab

    turn it on.

    other then that i wouldn't worry much, just stop and thing before you enter your admin password for anything and you're fine
  • DharmaDog, on 10/12/2007, -0/+1I guess all Windows users are "serous users" whatever the f*ck that means. Your us vs. them attitude only illustrates how bigoted you are about something as ridiculous as the computing platform someone uses. Before labeling anyone a fanboy you may want to check yourself out first.

    Moran.
  • r00kie, on 10/12/2007, -1/+2How is a 1 and 0 insecure by nature? Its not the nature of the beast its the nature of the development style.
    The way i see it is lets say you have two cars, right. One will explode if you put the key in the ignition, and the other will explode if you ram it into a gas station at 95 mph, which would you choose?

    Also the level of default permit on windows is ten fold what it is on Mac OSX. That alone is a good enough reason to go Mac.

    "Mac OS, not perfect, but its the closest.
  • cbreaker, on 10/12/2007, -1/+2I don't know why a priviledge escalation exploit like this isn't being taken more seriously. Sure, you need access to a valid account to exploit, but that doesn't make it any less severe.

    Escalation exploits are very serious and should be taken seriously, not brushed aside like many Apple fans are doing.
  • vinny, on 10/12/2007, -0/+1"Reality check children. Apple is far from secure. Stop letting the Apple marketing machine tell you that Apple is good, just look at your REAL options and evaluate them. Do you really want to associate with a product that inspires cult like responses when someone challenges the quality of the product?
    Personally I would NEVER buy ANYTHING from Apple."

    It certainly hasn't been shown that Macintosh Computers, which are manufactured by Apple, are far from secure. Many people who use Macs did look at their options and evaluated them and that is what they chose. You also seem to to display the same level of cult attitude that you are warning us about. Why wouldn't you ever buy something from Apple? If you took your own advice and fairly evaluated your options, you may find that Apple has the best product, if not now, maybe in the future.

    Why do you have such a negative attitude?
  • vinny, on 10/12/2007, -0/+1Stereotypes make it easier for you to attack others don't they? Not many people are going to take you seriously when you attack others based on stereotypes. I'm sure you don't like it when others do it to you based on your system choice. You really don't think there are any serious Mac users out there? I'd be happy to debate that if you can post a serious opinion on the subject.
  • theprez, on 10/12/2007, -3/+4I love it how people like to call each other fanboys (especially Windows to Mac users). Haven't you noticed that digg has no "Windows" or "Microsoft" category?

    If you don't like Apple, just ignore the goddamn stories. They will be news because they interest users or because Mac users simply support others. The stupid comments will be ignored because all you have to do is click on "digg it" so the story can make it to the front page.
    People call this article whining, haven't you noticed but there's nothing but whining in all the comments?
  • M3Parker, on 10/12/2007, -1/+2"Watch out though, I'm coming to get you with a whole book of undocumented exploits! Just create me an admin account on your machine first and close your eyes!"

    haha!! i love it!
  • weareglass, on 10/12/2007, -0/+1You know, I wish people would wake up and smell the freaking coffee. It's not Apple marketing. Steve Gibson has stated publicly that MacOS X is more secure than Windows. It's not zealots or fanboys, it's security experts too. No it's not perfect, but at present and for the last several years, it might as well have been. If and when genuine problems begin to crop up, it will be addressed, but if these so-called 'hacks' and exploits are inaccurate, I think people have a right to know.
  • DharmaDog, on 10/12/2007, -0/+1Real open minded comments from someone that implores us to "just look at your REAL options and evaluate them" and then almost immediately follows with "I would NEVER buy ANYTHING from Apple."

    Wow.....

    Did a Mac kill your first puppy?
  • desiv, on 10/12/2007, -36/+36>He probably just used a flaw in a network service that the admin left open. A firewall (which ships preinstalled on every Mac) would probably have prevented it.

    Wow.. He PROBABLY did. You should all feel better.
    We've gone from 'sky is falling' to 'head in sand'.

    Lame apologistic article with no facts.

    digg--
  • inactive, on 10/12/2007, -1/+1Oh, they will take it seriously, eventually. As more and more apples get sold, if possible, and more people desire to hack it.

    I do like all the moaning from apple fans though, cause they are the same people that make fun of windows security.
  • inactive, on 10/12/2007, -2/+2I believe the thing that is getting to the Mac people is the fact that this was done. Notice how they attack all everyone else (the guy who set up the test, the press, enven working MS into the blame game). This is typical of what they do. Serious users would want to see how the guy did it and improve the system, like the people in the PC world.

    But these are not serious users, they are fanboys who live off the myth of the Apple OS. To them, it is perfect and it is the "stupid", "clueless", and "fools" that caused it to get hacked.


    If they want to be sheep to their "cult" then they we soon get eaten by wolves.

    ...Oh and let me add that when Mac users read a post that doesnt give the salute to the Apple flag they mod it down in a heartbeat. Think diffrent indeed.
  • cbreaker, on 10/12/2007, -0/+0I agree that a lot of it takes social engineering, but that's what an aweful lot of Windows exploits require as well. You need to open an e-mail and run that attachment, or click yes to a web installer prompt, or something like that. While I am in no way defending Windows security, social engineering is the #1 way Windows boxes get compromized with viruses, spyware, trojans, whatever. Macs have no leg up when it comes to this; users will be users.
  • bonoes, on 10/12/2007, -0/+0So many negative diggs...

  • r3tex, on 10/12/2007, -1/+1with SELinux, SecureBSD or a good configuration of Solaris, you can give out SSH _and_ root accounts and people will still have a tough time messing stuff up. that's pretty cool imo. :)
  • boozedrinker, on 10/12/2007, -1/+1Let me reiterate -

    "He probably just used a flaw in a network service that the admin left open. A firewall (which ships preinstalled on every Mac) would probably have prevented it."

    >DOINK<

    Ummmmm, not scared.
  • trogdor282, on 10/12/2007, -1/+1no, he's clearly referring to a game of 'footsy', the only definitive way to resolve the mac vs pc flamewar once and for all.
  • Fetching more discussions...
    Show 51 - 82 of 82 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.