Linked by Thom Holwerda on Mon 6th Mar 2006 21:59 UTC, submitted by crispoe
Mac OS X "In response to the woefully misleading ZDnet article, 'Mac OS X hacked under 30 minutes', the academic Mac OS X Security Challenge has been launched. The ZDnet article, and almost all of the coverage of it, failed to mention a very critical point: anyone who wished it was given a local account on the machine (which could be accessed via ssh). The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open."
Thread beginning with comment 101965
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: local account
by Deviate_X on Mon 6th Mar 2006 23:29 UTC in reply to "local account"
Deviate_X
Member since:
2005-07-11

"Why are so many people quick to defend Apple, when there's a good amount of evidence security researchers are picking OSX"

I remember the first editions of OSX where one could take ‘root’ and take down the kernel with simple commands (http://www.google.co.uk/search?hl=en&safe=off&q=osx+privilege+escal...).

Despite this there are many in the apple community continually promoting the idea that OS X is practically invulnerable.

Edited 2006-03-06 23:31

Reply Parent Score: 4

RE[2]: local account
by Windows Sucks on Mon 6th Mar 2006 23:34 in reply to "RE: local account"
Windows Sucks Member since:
2005-11-10

Wow, I remember when there were viruses in Dos? LOL!

Question is, can you do that now? You for sure can do that in Windows. There is no question about it. Almost ALL windows worstations run with the "root" admin account as the current user. No work there.

You can rootkit the heck out of Windows machines and 99% people out there would not even know and would never find out.

Show me where someone can take root and take the Kernel down with a simple command. Shoot I will put my own Mac up for that challenge!

Reply Parent Score: 1

RE[3]: local account
by anduril on Tue 7th Mar 2006 00:58 in reply to "RE[2]: local account"
anduril Member since:
2005-11-11

You truely are dillusional. Rootkits exist for Unix/Linux/OSX just as well as they exist for Windows. If you're in the right circles, you'll have easy access to them.

Also, the point of a rootkit is to make detection difficult if not impossible in some situations. The same, suprise suprise, can happen in Unix. In fact, rootkits existed on Unix before Windows. Hmm.

So to your final point, if Im in user mode in Windows XP (which I am) show me the simple command to take root and take down the kernel. Other than Ctrl+Alt+Del which doesn't give you root access.

Reply Parent Score: 4

RE[3]: local account
by iain.dalton on Tue 7th Mar 2006 05:36 in reply to "RE[2]: local account"
iain.dalton Member since:
2006-02-28

I agree with you that one cannot take down the kernel with "a simple command," but if you say that you will put your mac up for hacking attempts, you should do it. If you do, please tell us.

Reply Parent Score: 1