Sunday, March 12, 2006

OS X Easy Pickings?

A few years ago it was a pretty established understanding that sticking a Microsoft Windows box unprotected on the Internet would be a bad idea as it would be owned in minutes. It seems Apple's OS X platform could well be the next to gain that dubious crown.

A Swedish Mac enthusiast set his Mac Mini up as a server on the Internet and invited people to attack and compromise it. Within a few hours the competition was over, the challenger posted the message on his site "This sucks. Six hours later this poor little Mac was owned and this page got defaced".The attacker known as 'gwerdna' said she gained root access to the Mac in less than 30 minutes.

After initially having a look around the box for potential miss-configurations and other obvious issues the attacker then used an unpublished 0day on the system to gain control.The Mac was setup in an average OS X server setup, with several remote services enabled and local access for users.

However, according to gwerdna the various OS X hardening guides that are out there would not have helped even if they had been used to harden the system.Something that is becoming very apparent about the Mac is there is an increasing interest by all sides of the security community in finding holes in the OS.

More and more researchers are grabbing a Mac to pull apart the operating system to find holes. As OS X increases market share it will become more and more of a target for attackers, the new Intel based Mac systems may be the push that OS X needs to make it more and more popular.


Post a Comment

<< Home