I will scream at the next person who tells me Macs are secure!

Adorapuff · 11-17-2013, 05:57 AM

(11-17-2013, 03:06 AM)Jolly Wrote: It's kinda good that they're well off put i'm not really sure if a Mac is suitable for common school work... that kinda seems like flashing away the money on something pointless...

It's my graphic design class.

Eclipse · 11-17-2013, 10:29 AM

(10-31-2013, 10:13 PM)Shad0w Wrote: An operating system is just as secure as how cautious the user of it is.

So true.

Dyme · 11-17-2013, 04:20 PM

According to the Author's site:

Quote:The original flaw was a bug in Unix and sudo and allows the execution of changing the date and time to escalate to root permissions from a normal user.

This being said, this exploit really proves nothing as it can be replicated on almost all other unix boxes with the same version of sudo. Not a "Mac" vulnerability, but a sudo one.

Adorapuff · 11-17-2013, 04:30 PM

If I run a forum and install a vuln plugin, it my fault if my forum gets hacked. This is a very basic exploit, and should have been found.

Dyme · 11-17-2013, 04:32 PM

(11-17-2013, 04:30 PM)Putin Wrote: Changing date to 0 grants root priv.

Yes I looked at the original post and saw that.

I would read the edit to my last post, I still stand by the fact that this isn't anything to "prove those mac people wrong".

Adorapuff · 11-17-2013, 04:34 PM

(11-17-2013, 04:32 PM)Pens Wrote: Yes I looked at the original post and saw that.

I would read the edit to my last post, I still stand by the fact that this isn't anything to "prove those mac people wrong".

I edited my reply, and I have no problem with Macs. I have my own. I just don't think people without security knowledge can run around saying their box is unhackable.

Jay · 11-17-2013, 07:32 PM

But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?

Adorapuff · 11-17-2013, 08:05 PM

(11-17-2013, 07:32 PM)Jay Wrote: But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?

You don't need physical access for the exploit.

Reiko · 11-17-2013, 10:06 PM

Rel1k overcomplicated this greatly.

systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo -i
???
PROFIT

(11-17-2013, 04:20 PM)Pens Wrote: According to the Author's site:

This being said, this exploit really proves nothing as it can be replicated on almost all other unix boxes with the same version of sudo. Not a "Mac" vulnerability, but a sudo one.

Actually, it can only be replicated when the attacker has the privilege to set the date.

(11-17-2013, 07:32 PM)Jay Wrote: But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?

You're stupid.

Also, Macs can be as secure as anything else with a competent administrator.
I'd be more than happy to prove this if anyone would like to question it.

Silky · 11-18-2013, 01:46 AM

Okay, I think we all understand that Mac's suck and can be hacked just as easy as Linux and Windows. Let's move on to the next topic lol.