Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

This suks!!

Anybody have some insight?

Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

This suks!!

Anybody have some insight?

Check your settings in the Sharing Preferences. This doesn't seem right.

Apple Remote Desktop? If that's turned on in Sharing it would allow easy control over your entire desktop. Good security practice says you should only have the services you need turned on.

Your firewall might be configured to allow SSH connections. He could have guessed your username/password and logged in that way.

he didnt hack anything :)

Update everything to the latest versions by Software Update too.

AppleMatt

he didnt hack anything :)

Justt because it is Apple doesn't mean it can't be done. :) Actually with the guy's description of what he did, this vulnerability applies:

http://ciac.llnl.gov/ciac/bulletins/o-138.shtml

However, a fix was issued back in May, so if you are up to date this theoretically shouldn't work. You have updated right?

Otherwise, I can't find a known exploit unless you are running some *nix service that isn't supported out of the box by Apple.

Buffer overflows are very common when using languages like C and C++ (I think OSX is Obj-C so overflows probably still exist). As a result there are typically many of these vulnerabilities inherent in any moderately complex piece of software, and they are easy to exploit if you know they exist. Most people just rely on scripts posted to security sites and don't go looking for the vulnerabilities themselves.

Jim

Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

This suks!!

Anybody have some insight?

Many guys like this are very cocky, and will tell you they 'hacked' your computer when all they did was some very simple stuff:

If you had SSH on, then he probably guessed your password, and was able to issue terminal commands over the network.

If he had access to your computer (did you ever leave your door unlocked?) then he could easily have gotten your password, removed your password, or put software (like ARD or VNC) on your computer that would allow him to control your computer.

If you ever used his computer, or a computer lab computer, it would have been very easy for him to get your password.

Sounds like he doesn't really have a life - tell him to **** off, update all your software, change your password, keep your door locked when you aren't around, and turn off sharing, then move on. :)

He said it was a buffer overrun vulnerability.

Anybody have some insight?

This part tells me that you have a jeolous Windows user trying to tick you off. Buffer overruns are usually the number 1 exploit in WinXP... I'd guess he did some sort of Remote Desktop setup... He's being a jerk for now telling you how he did it. That's the second clue that he's scamming you.

I'm not sure either way. Windows Sharing was on and so was Apple Sharing but remote login was off and the firewall was on. That being said, he did it twice, each time while I was out of my office for a minute, and very well may just be an a$$hole who wanted to piss me off. The personality stereotype fits well. I just want to be certain that he did not have remote access to my machine. I can fix the other kind of access no problem.

So uh, you say you left the office and he hacked you?

How do you know he hacked you? Just cause some programs were open that hadnt been? or what?

Sounds like he just walked into your office and opened some apps to me :p

Sounds like he just walked into your office and opened some apps to me :p
He's very old school. :D

He was able to start and appparently control applications Did you actually see him to this on your screen? Or is he telling you he did?

Many guys like this are very cocky, and will tell you they 'hacked' your computer when all they did was some very simple stuff:

If you had SSH on, then he probably guessed your password, and was able to issue terminal commands over the network.

If he had access to your computer (did you ever leave your door unlocked?) then he could easily have gotten your password, removed your password, or put software (like ARD or VNC) on your computer that would allow him to control your computer.

If you ever used his computer, or a computer lab computer, it would have been very easy for him to get your password.

Sounds like he doesn't really have a life - tell him to **** off, update all your software, change your password, keep your door locked when you aren't around, and turn off sharing, then move on. :)
I quite agreed with OutThere761. I have encountered "hackers" before with my clients' sites and most of them turns out to use simple tricks that every tom, dick or harry knows. They are just like kids who wanted to show off. Real hackers does more damage and never visit the scene of crime twice and it is even tougher to track what they did.

If he had skill, it sounds like from the description that he used an ssh nuke. this was fixed with a patch.

http://www.securityfocus.com/bid/2347

report your friend to the authorities :p

I'm going to call ********, too. If there WAS a 'buffer overrun' exploit in OS X someone besides your 'friend' would have discovered it, and it would be big news. If you left the office there's a good chance that he slipped in, turned on remote desktop or a VNC server, added a user to your account or got your password, and just did that.

That said, I would change my passwords, check my running processes to be sure that there isn't a keylogger or VNC server running. I would then sign his email address up for every spam site I could find and then see how he likes every security vurnerability in his XP system exposed. :eek:

Rob

report your friend to the authorities :p

HAHAHA whos laughing now!!! :D

That said, I would change my passwords, check my running processes to be sure that there isn't a keylogger or VNC server running. I would then sign his email address up for every spam site I could find and then see how he likes every security vurnerability in his XP system exposed. :eek:

Rob

Nice! Spam, pr0n, and even Apple newsletters just to tick him off..

hacked my "secure" powerbook over the network

what do you mean by secure?

Why do I get the feeling that he installed VNC while you weren't looking and just controlled your mac remotely through that.

Is this a friend of yours? Does/Did he have physical access to your machine? He may have setup an account for himself on your mac while it was logged in or he knows your password. Check the accounts that exist using Netinfo manager - see if any look fishy.

This is common for "hackers" to create their own user account and then ***** with the owners. I know i have done it in the past and enjoyed it quite a bit.

Also, change your password.

Why do I get the feeling that he installed VNC while you weren't looking and just controlled your mac remotely through that.


VNC sounds like it could very well be the cause here. Look in your download folder for any things you have not downloaded yourself and post the names here.

john the ripper and SSH or telnet?


give me yoru ip and i'll start a Denial of service attack :eek:.



i have had my system admin try to hack into my ibook and he couldn't do it and he has a CS degree.

then again i have my firewall blocking everything.

i have had my system admin try to hack into my ibook and he couldn't do it and he has a CS degree.

So, having a CS degree automatically makes one a hacker? C'mon, people. There's no corelation.

if you learn CS you get to know such things, i'm just doing a cisco cource (ccna) and i know quite allot already.