Mac OS X: Hacked Root In Less Than 30 Minutes - Apple, Microsoft, Mods / Hacks, Software
Advertisement
Advertisement
© Gear Live Inc. {year} – User-posted content, unless source is quoted, is licensed under a Creative Commons Public Domain License. Gear Live graphics, logos, designs, page headers, button icons, videos, articles, blogs, forums, scripts and other service names are the trademarks of Gear Live Inc.
Comments
<a href=“http://www.tuaw.com/2006/03/07/another-look-at-mac-os-x-security/”>Damien Barrett</a> over at TUAW has a good explanation about Mac OS X security as it relates to the article and contest in question.
<blockquote>This violates the very first and most important rule of securing a computer, by giving external access to users who shouldn’t have it and don’t need it. I certainly don’t go around enabling SSH for my Mac users, do you? For the record, SSH (called Remote Access in FileSharing System Preference) is disabled by default on Mac OS X workstations, and on Mac OS X Tiger Server, there’s even a GUI for allowing or disabling SSH access to different users. Mac OS X workstation users can modify the sshd_config file in /etc.</blockquote>
As pointed out by bob, a real academic <a href=“http://test.doit.wisc.edu/”>Mac OS X Security Test</a> is being held and will conclude tonight.
Any exploits will then be reported to be fixed and no SSH access is given to would be attackers.
Security, no matter which system, should be taken lightly so by no means is all this an attempt to claim Mac OS X is completely secure so everyone that runs Mac OS X should take <a href=“http://www.macgeekery.com/tips/security/basic_mac_os_x_security”>measures to secure it</a>. Both from outside attackers and against someone trying to access your computer physically.
posted by: Oscar M. Cantu · 3/7/06
Not sure how this article shows a lack of integrity - it’s not like we were trying to lie. That is why Oscar (the commenter above you) left his informational comment - he is one of our editors, chiming in to add the information that the original author didn’t have.
If we lacked integrity, I would think we would be deleting all these comments so that our story wouldn’t be questioned. We aren’t like that though.
posted by: Andru Edwards · 3/9/06
I’d also like to point out that reference was made to the fact that we weren’t sure of the exact configuration of the machine when it was hacked.
There was no attempt made to mislead the reader into believing that the machine was fully secure, no open ports, all patched up, etc.
posted by: John Goulden · 3/9/06
Done 😉
posted by: Andru Edwards · 3/9/06