What is Digg?222 Comments
- inactive, on 10/12/2007, -3/+147Not sure about hacking it, but if we all digg it I'm sure it'll fail that :)
- BladeMelbourne, on 11/02/2007, -20/+128Server: Apache/1.3.33 (Darwin) DAV/1.0.3 mod_ssl/2.8.24 OpenSSL/0.9.7l
Apache is currently at 1.3.37 - there are a few security fixes since 1.3.33 - http://www.apache.org/dist/httpd/CHANGES_1.3
I hope this server gets pwnd. Some Mac users need to be put in their place (I use a Mac at home). - inactive, on 10/12/2007, -4/+96Does a DoS attack by Digg count as a successful hack?
- euphemizeme, on 10/12/2007, -1/+82Wouldn't want to be the poor sap who ends up with that IP address after this guy gets a new one.
- Urusai, on 10/12/2007, -4/+85I've already hacked the server and put up an Apache test page.
- unlimitedorb, on 10/12/2007, -20/+96This is a ridiculous ploy, you could do the same for Windows or most any other operating system and still not have a soul able to compromise the machine. When remote attacks are made, they target vulnerable applications and NOT the operating system itself. This is in NO WAY a plausible test to see if the MAC operating system itself is secure. This is just testing to see if there are any blatant vulnerabilities in the services he left open for the public. Someone needs to trace this guys IP and go to his home with a hammer and hack his machine the old fashioned way...
- Trebis, on 10/12/2007, -6/+78"Apache is currently at 1.3.37"
...lol... - jawdog, on 10/12/2007, -3/+75Someone responded already.....
Hacking your server
Reader post by: CJLake
Posted on: April 21, 2007, 8:20 AM PDT
Story: Apple plugs 25 Mac OS X flaws
Our IT team has several experts that would like to try to crack your OS X Server box. However, we already determined that this is actually OS X client running the Apache web server, and not an actual OS X Server installation.
At any rate, in order to be legal on this challenge, we need a waiver signed that absolves us from liability and prosecution for cracking this box. How may we contact you so we can fax you the waiver, which we need signed and returned to us? - digitalarcanum, on 10/12/2007, -7/+60Im in ur serverz brewt forzing ur passwordz
- clesch, on 10/12/2007, -2/+47Could be faked with a selfcompiled version of apache.
But then again, judging by his posting, that's highly unlikely in this case... - bluelu, on 10/12/2007, -13/+54So what does that prove?
Microsoft.com hasn't been hacked ever (or at least for years) and it most certainly doesn't run linux or mac os x. - inactive, on 10/12/2007, -5/+46Oh also, apparently his server is listening for SSH connections. :)
$ nmap -A 24.8.244.176
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-22 17:18 EDT
Interesting ports on c-24-8-244-176.hsd1.co.comcast.net (24.8.244.176):
Not shown: 1692 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.5 (protocol 2.0)
80/tcp open http Apache httpd 1.3.33 ((Darwin) DAV/1.0.3 mod_ssl/2.8.24 OpenSSL/0.9.7l)
139/tcp closed netbios-ssn
311/tcp open ssl/http Apple Server Monitor http interface
445/tcp closed microsoft-ds
Service Info: OS: Mac OS X
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 210.927 seconds - Tourney3p0, on 10/12/2007, -14/+53It's not. Not at all.. I recommend taking that screenshot down before everyone realizes you got tricked into installing Vista.
- jomom, on 10/12/2007, -17/+51K Something very important to understand here .... your not HACKING OSX!!!
Your hacking BSD!
So Good Luck :P - inactive, on 10/12/2007, -0/+32Ok, here you all go, ive managed to get further in :
http://24.8.244.176/////////////////////////////////////////////////////////////////////////////////////////////////////////data/fax.rtf
I'm sure with a little more effort I can crack this. This is NOT a secure server.
Regards, - Flashman, on 10/12/2007, -3/+29"Apache is currently at 1.3.37"
that's leet - wilf, on 11/02/2007, -3/+28so this is really more a test of apache than it was is os x?
- lowbot, on 10/12/2007, -6/+30This is pretty silly. This can be ANYONE's IP. Think about that.
Secondly, this is a test of apache running no dynamic content, not whatever OS hosts it. Websites are usually compromised through dynamic applications, not the server software itself. - wonderchemist, on 11/02/2007, -5/+29@wilf: Yup, but people like to oversimplify. Like yesterdays Java flaw == Safari Flaw == Apple Sux.
- atomic16, on 10/12/2007, -0/+21the computer has ssh enabled! now all you have to do is crack the password...
- nayr, on 10/12/2007, -2/+22OpenBSD out of the box with apache/ssh might be. That's a real challenge!
- drlha, on 10/12/2007, -2/+22A normal user wouldn't be running Mac OS X Server either, but this box is.
- Cybersqu, on 10/12/2007, -0/+20"Apache isn't at 1.3.37 ....it's at 2.2.4"
Both versions 1.x and 2.x are both still under development by apache. The guy in this story is running the 1.3.x series of the server. - Beatmiser, on 10/12/2007, -12/+30Sounds like someone can only afford a four year old P2 Compaq Presario. Sorry about that hoss.
- lordgilman, on 10/12/2007, -0/+18http://24.8.244.176/~admin/
one of the user accts is named admin. doesn't give a 404. - bradspry, on 10/12/2007, -2/+18Version numbers for open source software distributed by commercial vendors can be very misleading.
Some vendors "backport", which is the process of applying a new patch or fix, to a previous version.
This process can be faster for vendors to get patches out, without having to force customers to an entirely new version.
I doubt very seriously Apple is running stock Apache binaries. - kris33, on 10/12/2007, -8/+23Heh. I wish you were right..
http://arstechnica.com/wankerdesk/03q2/ms-hack-image.html - inactive, on 10/12/2007, -6/+21I will stop saying its secure when exploits start showing up in the wild.
- sewalsh, on 10/12/2007, -1/+16amazed the server hasn't been dugg to death yet.
- parax, on 10/12/2007, -2/+16@GMorgan
I doubt installing backported patches would be enough to disqualify you from using the name Apache. That doesn't register as a "significant" modification to me. - SuperSunny, on 10/12/2007, -9/+23I don't like your ignorant comments. OSX is an operating system in which people store content on. It can be of value, or not, depending on the user. Full form movies in production that haven't been released yet, yea, I think they are KINDA of value (millions in revenue)
- nayr, on 10/12/2007, -5/+18bluelu: do a whois on microsoft.com. It's fun :)
- nayr, on 10/12/2007, -1/+14He's challenging them to hack it as a server, not as a regular machine.
- troelsbay, on 10/12/2007, -6/+18First, for a security company wanting to take up the challenge that's kind of a pussy attitude, isn't it?
Second, this is most likely Mac OS X Server, not client - check http://24.8.244.176/~test - RichMan, on 10/12/2007, -4/+16I worry. Just because his Mac is immune to malware doesn't mean that the Apache software itself has the same iron-clad protection.
- Hamsterpotpies, on 10/12/2007, -3/+15http://24.8.244.176/~root
Root works. - clemsontiger, on 10/12/2007, -0/+12Im not sure about comcast, but if they are anything like charter, it will be over year before his IP changes. I had the same one for over a year and im supposed to have a dynamic IP.
- diggreader1963, on 10/12/2007, -2/+13This hacking test is meaningless to the typical Mac user. As a web surfer and Mac user, I don't care if Apache running on Mac OS X Server is secure. I care if Mac OS X is secure for the user.
- kingyubba, on 10/12/2007, -3/+14give me an axe, i'll hack it to bits!
- troelsbay, on 10/12/2007, -1/+12Fame only lasts 15 minutes. Or in this case, perhaps a day. I wouldn't be too worried about that.
- jkc120, on 10/12/2007, -5/+16% host 24.8.244.176
176.244.8.24.in-addr.arpa domain name pointer c-24-8-244-176.hsd1.co.comcast.net.
I wonder how Comcast feels about this? Especially if he is on a dynamic IP and his IP changes. ;) - calgone, on 10/12/2007, -4/+15I tried to go to http://24.8.244.176/index.php which prompts with a Mac OS X Server "Page Not Found" page.
- danny951, on 10/12/2007, -2/+1223:44 EST and still not hacked? you guys are disappointing me. Maybe I will go buy that Mac Pro I was eyeing the other day.
- danny951, on 10/12/2007, -0/+10define "allot" please
- crazzyeddie, on 10/12/2007, -3/+12I think I'm going to block you just for being such a homophobic, trash-talking, *****.
Most people who use PCs have absolutely nothing of "value" on them either, except for their family pictures and music. And guess what? Most spyware is meant for the home PC user, not the corporate office. So how is running a Mac in that case fundamentally different from running a PC? Exactly. - x0nIMIn0x, on 10/12/2007, -2/+10"Pride goes before destruction, a haughty spirit before a fall" - proverbs 16:18
On a side note, I'm always puzzled by people who claim to be knowledgeable about computers, but don't know the difference between a MAC and a Mac. - Savanger, on 10/12/2007, -5/+13It's gonna happen, nothing is unhackable.
- blup3ace, on 10/12/2007, -3/+10@klawz
you sir, are a nub - GMorgan, on 10/12/2007, -5/+12The Apache License stops them from calling it Apache if significantly modified.
-
Show 51 - 100 of 220 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is