Forums | MacLife

phreaqe wrote:

resedit wrote:

MacBoy4139 wrote:

You're right.  It's 9 minutes.  I apologize.

http://www.tweakhound.com/xp/security/page_1.htm

In fact, the current "survival time" (the average time for an unprotected system to be attacked and compromised) is only 9 minutes. This means that a newly installed unprotected operating system connecting to the Internet for the first time will, on average, be attacked within 9 minutes and compromised in some way.

I'd like to see where that stat comes from.
Really.

I'm guessing that by "compromised in some way" they mean either the windows messenger spam (which is not a virus) - or that users are pretty quick to install software of questionable origin.

i will agree with resedit and call bs on that.  i want to know what they are doing to have their system compromised that quickly.  i know that from my own experiences it takes a heck of a lot longer then that, and even then the user has to go out a vist a few sites and download some crap.  as bad as the security on windows is most of the viruses and spyware that get intalled are becuase the user is stupid and decides to install some free AIM smily icons or a free screensaver or something like that and it comes with spyware in it.  and the virues they get are from emails and whatnot.  i have been working as a restech at my college for the als 3 years fixing student comptuers and from my experiences, most problems are caused by the users.  now that is not saying that all problems are caused that way but just most.

It has been reported on numerous sites.  The issue was, the person behind the box isn't doing anything.  That is why there are so many "instructions" for setting up a brand new WinXP box.

Most users won't look for the "right way" to do things though.

Call it bs if you want, but do a google search - I'm not going to do the work for everyone else all the time.

University of Wisconsin - Madison Department of Information Technology issues a Mac OS hack challenge.    http://test.doit.wisc.edu/

"The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac Mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open. Email das@doit.wisc.edu if you feel you have met the requirements, along with the mechanism used. The mechanism will then be reported to Apple and/or the entities responsible for the component(s). There is no prize but recognition (if desired). This is an academic effort."

Last edited by treehouse (2006-03-06 2:54 pm)

treehouse wrote:

University of Wisconsin - Madison Department of Information Technology issues a Mac OS hack challenge.    http://test.doit.wisc.edu/

"The challenge is as follows: simply alter the web page on this machine, test.doit.wisc.edu. The machine is a Mac Mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, has two local accounts, and has ssh and http open - a lot more than most Mac OS X machines will ever have open. Email das@doit.wisc.edu if you feel you have met the requirements, along with the mechanism used. The mechanism will then be reported to Apple and/or the entities responsible for the component(s). There is no prize but recognition (if desired). This is an academic effort."

ResEdit beat you to it.

DevoDoc wrote:

resedit wrote:

I'd like to see where that stat comes from.
Really.

I'm guessing that by "compromised in some way" they mean either the windows messenger spam (which is not a virus) - or that users are pretty quick to install software of questionable origin.

The average windows user visits mulitple pr0n sites wihtin nine minutes of connecting to the internet.

That is why I only visit pROn site using my Mac.

Daily

Anyone else noticed that the second test at http://test.doit.wisc.edu/ is offline or is it just me?

Miles wrote:

test.doit.wisc.edu wrote:

Tue 7 March 2006 5:00 PM CST

The testing period will be closed at 11:59 PM CST on 7 March 2006 (0559 GMT 8 March 2006). The response has been strong. Test results and information will be published at a future date.

I would guess they took it offline themselves.

The university pulled the plug.
Apparently some people were trying to hack other uni machines in an attempt to get the username/passwd that the guy uses elsewhere on campus.

digisane wrote:

Oh, I didnt notice the date. Anyway - that's terrible, just because they wanted to break into that machine they hacked into other ones attempting to get in

Yup - but it demonstrates something.

Assuming the guy was dumb enough to use the same password, and someone gained access by stealing his password on another machine - the claim that would be made would be a remote exploit.

System crackers like to tell fish stories to make themselves sound better than they are - which is why I don't believe for a second that the first story is real. There are any number of ways the original box could have been hacked - from the two people planning this from the start, to improper configuration of the mini, to software installed by fink.

The claim is that he got in through an "unpublished" Apple exploit. That is a FUD tactic. Until he specifies exactly how he got in and it can be verified, absolutely nothing he says can be trusted as accurate.

resedit wrote:

Miles wrote:

test.doit.wisc.edu wrote:

Tue 7 March 2006 5:00 PM CST

The testing period will be closed at 11:59 PM CST on 7 March 2006 (0559 GMT 8 March 2006). The response has been strong. Test results and information will be published at a future date.

I would guess they took it offline themselves.

The university pulled the plug.
Apparently some people were trying to hack other uni machines in an attempt to get the username/passwd that the guy uses elsewhere on campus.

actually,

We discovered yesterday that the Mac OSX "challenge" was not an activity authorized by the UW-Madison. Once the test came to the attention of our CIO, she ended it.

Our primary concern is for security and network access for UW services. We are sorry for any inconvenience this has caused to the community.

Division of Information Technology
UW-Madison

http://test.doit.wisc.edu/  wrote:

Mac OS X Security Test Tue 7 March 2006 11:59 PM CST (8 March 2006 0559 GMT) The testing period is now closed. The response has been very strong, and the test has illustrated its point. Traffic to the host spiked at over 30 Mbps. Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus. The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up. The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations. There were no successful access attempts of any kind, including during the 38 hour duration of the test period, nor have their been any claims of success. The host is still the same host and configuration used for the test. Some snippets from 7 March 2006: The site received almost a half a million requests via the web. There were over 4000 login attempts via ssh. The ipfw log grew at 40MB/hour and contains 6 million events logged. Several social engineering attempts were received, including one purporting to be from the government of Sweden, which apparently uses GMail. ;-) More test results and information will be published here at a future date.

Last edited by Freezer mac (2006-03-09 10:47 pm)

resedit wrote:

Note this part:

Our primary concern is for security and network access for UW services.

Well, duh.  If a hacker was successful, what would stop them from trying to gain further access?

Also, a DoS attack would potentially affect other services.

Besides, you can't just pop up a server on someone else's network and say to the world "Come hack me."

I hope you have his permission to post his name like that.