Most Popular
| Top Stories | Commented | Featured |
ATI Radeon HD 5570 Review featured
Intel Core i5-based MacBook Pros coming soon?
AMD's six-core Thuban to have feature like Turbo Boost?
Google to launch Twitter-like service for Gmail
Intel unveils Itanium 9300 series enterprise processors
Netflix to roll out 1080p streaming later this year
TS Community
| User Gallery | Recent Discussion |
 My temperature reading by remdiablo |  Computer Setup by TimeParadoX |
 my desktop by Technochicken |  Tomb Raider legend Max Settings by Tha General |
TechSpot RSSIndustry News
Contest rm-my-mac brought down in less than six hours
If you follow Apple, you'll remember that various security demonstrations they've had for OS X and Macs in general. The most recent one, in which a contest to break the security of a machine was held, won. And in under 30 minutes at that. In this particular demonstration, all the users were given local accounts on the machine, which typically makes system compromise much easier, but the speed at which it was brought down and had the web page for the contest deface is most definitely humbling. The contest didn't even last a day, and was defeated by and as of yet unpublished security vulnerability.
"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.
Though this might seem a bit embarassing, this is probably one of the best ideas the IT industry as a whole can use - allow anyone access to a particular machine with the goal of bringing it down, for reward. What a way to use the collective mind power of thousands of people to help "bug test" a system. Enterprise companies have used a similar tactic for many years, hiring someone on the outside to probe them externally, looking for exploits. Sort of like a security audit.
"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.
Though this might seem a bit embarassing, this is probably one of the best ideas the IT industry as a whole can use - allow anyone access to a particular machine with the goal of bringing it down, for reward. What a way to use the collective mind power of thousands of people to help "bug test" a system. Enterprise companies have used a similar tactic for many years, hiring someone on the outside to probe them externally, looking for exploits. Sort of like a security audit.
Related Stories
User Comments (5)
Post a comment| sngx1275 on March 6, 2006 3:19 PM | While it definately doesn't look good, its not near as bad
for the average OS X user as it initially
seems. It runs a default install of Mac OS X
Tiger, plus fink and some decent versions of Apache, MySQL
and PHP Average
users don't have that stuff installed or turned on, ssh is
disabled by default. One thing that I imagine will be
"fixed" in 10.5 Leopard is that the software firewall will
probably be turned on by default. There is a firewall now,
but its disabled by default.
... I set up an LDAP server and linked it to the Macs naming and authentication services, to let people add their own account to this machine. That way, they will all be able to enjoy the beauty of Mac OS X Tiger. And, of course, get a better chance of rm'ing it!
|
| DragonMaster on March 6, 2006 5:42 PM | ROFLMAO Congrats Apple! There is
a firewall now, but its disabled by default. Wow! How
safe!
|
| sngx1275 on March 6, 2006 7:19 PM | New challenge issued in response to the sensationalistic
journalism as the first one has been
reported. http://test.doit.wisc.edu/ Also DragonMaster, it wasn't until SP2 was avaiable for WindowsXP that the firewall was enabled by default. Also no ports are open on a default install of OSX Tiger.
|
| DragonMaster on March 7, 2006 3:07 PM | Also DragonMaster, it wasn't until SP2 was avaiable
for WindowsXP that the firewall was enabled by default.
I never told Windows was safe also. If you compare
them to some popular Linux distros I used, it's nothing.
(The Linux installations practically force you to use the
highest security level. They say that almost every other
levels are a bad choice.
|
| Mictlantecuhtli on March 8, 2006 6:09 AM | Originally posted by DragonMaster: The
Linux installations practically force you to use the highest
security level. They say that almost every other levels are
a bad choice. Many Linux distributions I've seen have
had a default firewall configuration allowing all output
access. Fortunately, unlikely with Windows' builtin
firewall, there's a way to block that.
|
