"Mac OS X hacked in half an hour"
- Thread starter editor
- Start date
fractionMan
Custom Title
what has that got to do with the price of fish?lobster said:
The point about the original test and the news story was that it misrepresented what had actually happened. The implication was than an ordinary Mac OSX computer was put on the web in the ordinary way and was then "hacked".
Well, that was not true. People were able to log-in as a local user, and what happened then was a local escalation of privileges. The vast majority of of Macs will be sitting behind hadware or software firewalls and will have most ports blocked. My NAT firewall will not even let though an SSH request.
How many of you give user log-in accounts to anybody and everybody to your desktop computer? How many servers give user log-in accounts to anybody and everybody?
So, this was not simply someone hacking into a Mac which happend to be connected to the internet. The only thing it proved was the slack standards of journalism at zdnet.
Well, that was not true. People were able to log-in as a local user, and what happened then was a local escalation of privileges. The vast majority of of Macs will be sitting behind hadware or software firewalls and will have most ports blocked. My NAT firewall will not even let though an SSH request.
How many of you give user log-in accounts to anybody and everybody to your desktop computer? How many servers give user log-in accounts to anybody and everybody?
So, this was not simply someone hacking into a Mac which happend to be connected to the internet. The only thing it proved was the slack standards of journalism at zdnet.
Bernie Gunther
Fundamentalist Druid
The aspect of OSX that makes me wonder is the BSD core of the OS.
Specifically all that 30 yr old network code that nobody understands anymore.
That's a double-edged sword though.
Specifically all that 30 yr old network code that nobody understands anymore.
That's a double-edged sword though.
lobster
Well-Known Member
>>The aspect of OSX that makes me wonder is the BSD core of the OS.
Specifically all that 30 yr old network code that nobody understands anymore.
That's a double-edged sword though.<<
I am sure the BSD core of the os gets audited faily regulary.
I would not say nobody understands the 30 yr old network code, it would be brave to say it.
Specifically all that 30 yr old network code that nobody understands anymore.
That's a double-edged sword though.<<
I am sure the BSD core of the os gets audited faily regulary.
I would not say nobody understands the 30 yr old network code, it would be brave to say it.
Bernie Gunther
Fundamentalist Druid
It's pretty obscure stuff and the level of community understanding compared to say the Linux network code is relatively low. I agree that some people probably have deep understanding of it, but I bet the numbers are very low.
That means exploits are relatively hard to find, due to maturity and obscurity, but they're also hard to fix, due to a lack of qualified experts.
That means exploits are relatively hard to find, due to maturity and obscurity, but they're also hard to fix, due to a lack of qualified experts.
lobster
Well-Known Member
You could say the same for algorithms for performing encryption, throughout the modern maths based encryption algorithms there are not 100s, the reason being that they take several years before there actually used in applications due to frequent testing, academic papers etc..
Bernie Gunther
Fundamentalist Druid
I think in a case like this the size of the community doing QA is a significant factor. I'm sure people like Andre Opperman understand it, but the mass of people who are actively involved in QA really matters in a case like this.
Similar threads
