 scavioPremium
join:2001-07-14
Melmac | SSH They gave him local access over SSH... it is not enabled by default. The competition has little to no value for the home user, but those who look to use a Mac as a server might get a wake up call. I'd really like to see if anyone would have any luck via default config. |
|
 ThirdShifterPremium
join:2002-03-16
Vernon Rockville, CT
kudos:1 | Shit happens.. also mc osx got hacked.. so its a good thing to know you can never be to careful. It'll keep apple on their toes.
--
Saya anak malaysia |
|
| reply to scavio
SSH was NOT used to get root. Read the articles on the pages. |
|
 sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| said by BosstonesOwn:SSH was NOT used to get root. Read the articles on the pages. SSH was used to get a shell on the machine. From there the attacker elevated his privs. At the point that someone has interactive access, you're basically f*cked. If ssh was not enabled, or if the user turned off password auth, or only allowed known administrative IPs to connect, there would be no front-page news story.
This would be like putting an XP box on the net with a telnet/ssh daemon installed and then saying "oh look! someone broke in!".
--
Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity |
|
scavioPremium
join:2001-07-14
Melmac | reply to BosstonesOwn
I've followed this quite closely, thank you.
Funny thing is I used to hate the term Sheeple, but each day it is harder the ignore the truth in it. |
|
