thewetbeaversmileswhentickled.com

1 0WNZ0R UR M4C

Posted 3 weeks, 6 days ago on March 8, 2006 by yerma Apple

ZDnet were reporting about a competition that was held to break into a mac. How can they hype this up to be as bad as some of the windows flaws??? You never give an account to someone you don't know and trust - this applies to windows/osx/skyos/linux etc etc. IMHO most people would be able to find a way to elevate their privileges once they get access. MJ offers a great checklist of items to keep the average user safe and secure. Another link stolen from that article goes to a site setup with a more solid security test, try and break into a mac with only ssh and http ports open without a user account. The results were published yesterday:

The response has been very strong, and the test has illustrated its point.
Traffic to the host spiked at over 30 Mbps.
Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
There were no successful access attempts during the 38 hour duration of the test period.

Point proven.........

The trackback URL for this post is http://www.thewetbeaversmileswhentickled.com/bblog/trackback.php/49/

Comments

	Re: 1 0WNZ0R UR M4C - update by yerma Reply trackback url Posted 3 weeks, 5 days ago
	Site is currently down - wonder if it got owned.

Add Comment	( to reply to a comment, click the reply link next to the comment )
Your Name		Remember Me!
Email Address		Make public
Website		Make public
Comment Title
Comment
Submit Comment