+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: I will scream at the next person who tells me Macs are secure! (/Thread-I-will-scream-at-the-next-person-who-tells-me-Macs-are-secure)
I will scream at the next person who tells me Macs are secure! - Adorapuff - 11-17-2013
(11-17-2013, 03:06 AM)Jolly Wrote: It's kinda good that they're well off put i'm not really sure if a Mac is suitable for common school work... that kinda seems like flashing away the money on something pointless...
It's my graphic design class.
RE: I will scream at the next person who tells me Macs are secure! - Eclipse - 11-17-2013
(10-31-2013, 10:13 PM)Shad0w Wrote: An operating system is just as secure as how cautious the user of it is.
So true.
RE: I will scream at the next person who tells me Macs are secure! - Dyme - 11-17-2013
According to the Author's site:
Quote:The original flaw was a bug in Unix and sudo and allows the execution of changing the date and time to escalate to root permissions from a normal user.
This being said, this exploit really proves nothing as it can be replicated on almost all other unix boxes with the same version of sudo. Not a "Mac" vulnerability, but a sudo one.
I will scream at the next person who tells me Macs are secure! - Adorapuff - 11-17-2013
If I run a forum and install a vuln plugin, it my fault if my forum gets hacked. This is a very basic exploit, and should have been found.
RE: I will scream at the next person who tells me Macs are secure! - Dyme - 11-17-2013
(11-17-2013, 04:30 PM)Putin Wrote: Changing date to 0 grants root priv.
Yes I looked at the original post and saw that.
I would read the edit to my last post, I still stand by the fact that this isn't anything to "prove those mac people wrong".
I will scream at the next person who tells me Macs are secure! - Adorapuff - 11-17-2013
(11-17-2013, 04:32 PM)Pens Wrote: Yes I looked at the original post and saw that.
I would read the edit to my last post, I still stand by the fact that this isn't anything to "prove those mac people wrong".
I edited my reply, and I have no problem with Macs. I have my own. I just don't think people without security knowledge can run around saying their box is unhackable.
RE: I will scream at the next person who tells me Macs are secure! - Jay - 11-17-2013
But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?
RE: I will scream at the next person who tells me Macs are secure! - Adorapuff - 11-17-2013
(11-17-2013, 07:32 PM)Jay Wrote: But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?You don't need physical access for the exploit.
RE: I will scream at the next person who tells me Macs are secure! - Reiko - 11-17-2013
Rel1k overcomplicated this greatly.
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo -i
???
PROFIT
(11-17-2013, 04:20 PM)Pens Wrote: According to the Author's site:
This being said, this exploit really proves nothing as it can be replicated on almost all other unix boxes with the same version of sudo. Not a "Mac" vulnerability, but a sudo one.
Actually, it can only be replicated when the attacker has the privilege to set the date.
(11-17-2013, 07:32 PM)Jay Wrote: But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?
You're stupid.
Also, Macs can be as secure as anything else with a competent administrator.
I'd be more than happy to prove this if anyone would like to question it.
RE: I will scream at the next person who tells me Macs are secure! - Silky - 11-18-2013
Okay, I think we all understand that Mac's suck and can be hacked just as easy as Linux and Windows. Let's move on to the next topic lol.