[Helpdesk] OS X Security (non)Issues
Brett, Computer Medics
SFMUG at TheComputerMedics.info
Tue Mar 7 09:27:26 MST 2006
For those who read the following article, I wish to explain a few
things about the methodology that underminded the integrity of the
test, as well as mislead the reader. Each hacker was given a local
account on the machine and physical access to the machine and they
were given network access to SSH. Apple does not ship their machines
with this service enabled by default and most people would not (and
should not) enable it.
The difference that should be noted here is that over a network or,
more specifically, the internet, OS X has not been breached. There is
another hacker challenge on a similar Mac mini hosted by the
University of Wisconsin, Madison. They have enabled web sharing and
SSH, but have not given accounts to the hackers or publicized the
user names. This is how a Mac configured for web sharing would be
setup by a novice. <http://test.doit.wisc.edu/>. For the record, if
someone had physical access to a computer, I think changing your data
would be the least of their concerns. And, as some of you have done,
it is quite easy to reset your password if you do not remember it in
OS X. Apple did this so the systems could be sold to consumers who
would be more likely to misplace or forget a password. They have kept
an eye on network security and have as of yet to be proven wrong.
The article from ZDnet: <http://news.zdnet.com/
2100-1009_22-6046197.html?tag=nl.e589>
Gaining root access to a Mac is "easy pickings," according to an
individual who won an OS X hacking challenge last month by gaining
root control of a machine using an unpublished security vulnerability.
On Feb. 22, the Sweden-based Mac enthusiast set up his Mac Mini as a
server and invited hackers to break through the computer's security
and gain root control, which would allow the attacker to take charge
of the computer and delete files and folders or install applications.
Participants were given local client access to the target computer
and invited to try their luck.
Within hours of going live, the "rm-my-mac" competition was over. The
challenger posted this message on his Web site: "This sucks. Six
hours later, this poor little Mac was owned, and this page got defaced."
The hacker who won the challenge, who asked ZDNet Australia to
identify him only as "Gwerdna," said he gained root control of the
Mac in less than 30 minutes.
"It probably took about 20 or 30 minutes to get root on the box.
Initially, I tried looking around the box for certain
misconfigurations and other obvious things, but then I decided to use
some unpublished exploits--of which there are a lot for Mac OS X,"
Gwerdna told ZDNet Australia.
According to Gwerdna, the hacked Mac could have been better
protected, but it would not have stopped him because he exploited a
vulnerability that has not yet been made public or patched by Apple
Computer.
"The rm-my-mac challenge was set up similar to how you would have a
Mac acting as a server--with various remote services running and
local access to users...There are various Mac OS X-hardening guides
out there that could have been used to harden the machine, however,
it wouldn't have stopped the vulnerability I used to gain access.
There are only limited things you can do with unknown and unpublished
vulnerabilities. One is to use additional hardening patches--good
examples for Linux are the PaX patch and the Grsecurity patches. They
provide numerous hardening options on the system and implement
nonexecutable memory, which prevent memory-based corruption
exploits," Gwerdna said.
Gwerdna concluded that OS X contains "easy pickings" when it comes to
vulnerabilities that could allow hackers to break into Apple's
operating system.
"Mac OS X is easy pickings for bug finders. That said, it doesn't
have the market share to really interest most serious bug finders,"
Gwerdna added.
Apple's OS X has come under fire in recent weeks with the appearance
of two viruses and a number of serious security flaws, which have
since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been
credited with finding numerous vulnerabilities in OS X, told ZDNet
Australia that he knows of numerous security vulnerabilities in
Apple's operating system that could be exploited by attackers.
"The only thing which has kept Mac OS X relatively safe up until now
is the fact that the market share is significantly lower than that of
Microsoft Windows or the more common Unix platforms...If this
situation was to change, in my opinion, things could be a lot worse
on Mac OS X than they currently are on other operating systems,"
Archibald said at the time.
An Apple Australia representative said on Monday that the company was
unable to comment at this stage. Representatives at Apple's
Cupertino, Calif., headquarters could not be reached for comment.
Munir Kotadia of ZDNet Australia reported from Sydney.
Clarification: The story has been updated to clarify that
participants were given local client access to the target computer.
Brett Goldberg
Head of Emergency Computer Medicine
ð Apple Authorized Service Provider
ð Apple Certified Desktop Technician (ACDT)
ð Apple Certified Portable Technician (ACPT)
ð Apple Product Professional 2002 & 2003 & 2004 & 2005
ð Member, Apple Consultants Network
Computer
Medics LLC
Medic at ComputerMedicsLLC.com
Triage: 505/577-2265 (office) "911":
505/577-2557 (cellular)
http://
www.ComputerMedics.info fax : 505/983-0021
Staff of Apple Authorized and PC ÒA+Ó
Certified Technicians.
On site... On time...
Just in time
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cvnm.org/pipermail/helpdesk/attachments/20060307/b1e24f49/attachment-0001.htm
More information about the Helpdesk
mailing list