Jon_HansonMountain Dew RulesPremium
join:2001-07-09
Gilbert, AZ | Article is misleading Let's be clear about some things here. This was not a remote exploit of the OS. They guy was giving shell accounts to access via SSH to anyone who requested them via this webpage: »rm-my-mac.wideopenbsd.org.nyud.net:8090/ssh. This hack was via a local exploit. While this is still a problem it is not a way to gain root access to the machine remotely and is not nearly as critical as a remote exploit. You never give out shell access to a machine to people you don't know or trust.
SSH is off by default in OS X.
This does not impress me nor does it warrant all of the attention it has been getting. |
|
 kamm
join:2001-02-14
Brooklyn, NY | said by Jon_Hanson:Let's be clear about some things here. This was not a remote exploit of the OS. They guy was giving shell accounts to access via SSH to anyone who requested them via this webpage: » rm-my-mac.wideopenbsd.org.nyud.net:8090/ssh. This hack was via a local exploit. While this is still a problem it is not a way to gain root access to the machine remotely and is not nearly as critical as a remote exploit. You never give out shell access to a machine to people you don't know or trust. SSH is off by default in OS X. This does not impress me nor does it warrant all of the attention it has been getting. Most likely because you don't get the story, can't understand how serious is this.
FYI: when a simple user account can be elevated to root level, that means *anything (ie apps) that runs under simple user credentials* might can do the same. That's pretty serious threat. |
|
 sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
1 edit | said by kamm:FYI: when a simple user account can be elevated to root level, that means *anything (ie apps) that runs under simple user credentials* might can do the same. That's pretty serious threat. Then that should really be the news story, shouldn't it?
I might also mention that one random cracker on the internet saying "there's lots of holes that I can't tell you about" does not make it true. |
|
kamm
join:2001-02-14
Brooklyn, NY
1 edit | said by sporkme:said by kamm:FYI: when a simple user account can be elevated to root level, that means *anything (ie apps) that runs under simple user credentials* might can do the same. That's pretty serious threat. Then that should really be the news story, shouldn't it? I might also mention that one random cracker on the internet saying "there's lots of holes that I can't tell you about" does not make it true. How about actually reading the article before posting stupid silly comments?
Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.
"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.
Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.
"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.… If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.
|
|
sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ Reviews:
·Optimum Online
| said by kamm:said by sporkme:said by kamm:FYI: when a simple user account can be elevated to root level, that means *anything (ie apps) that runs under simple user credentials* might can do the same. That's pretty serious threat. Then that should really be the news story, shouldn't it? I might also mention that one random cracker on the internet saying "there's lots of holes that I can't tell you about" does not make it true. How about actually reading the article before posting stupid silly comments? Um, so basically if I say I have 18 super-secret windows holes that I'm not telling anyone about, you'll believe me? Cool deal.
OK, big news item coming:
Spork Research, LLC has recently discovered that there are VERY SERIOUS security flaws in the Windows Operating system. Microsoft had no comment.
Spork Research found these holes after logging in to a remote windows machine via an RDP account that the machine owner gave him.
--
Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity |
|
|
|
kamm
join:2001-02-14
Brooklyn, NY | said by sporkme:Um, so basically if I say I have 18 super-secret windows holes that I'm not telling anyone about, you'll believe me? Cool deal. OK, big news item coming: Spork Research, LLC has recently discovered that there are VERY SERIOUS security flaws in the Windows Operating system. Microsoft had no comment. Spork Research found these holes after logging in to a remote windows machine via an RDP account that the machine owner gave him. I told you stop posting stupid comments when you have zero knowledge on the subject...
»www.oreillynet.com/cs/catalog/view/au/2163
»felinemenace.org/~nemo/
And in case you couldn't follow, no, it's not the hacker - it's another person, a professional with a track record on OS X issues. |
|
