Anyone have a Mac get hacked?

Discussion in 'Mac OS X 10.3 (Panther) Discussion' started by Tom Light, Nov 20, 2003.

  1. Tom Light macrumors member

    Joined:
    Jul 17, 2002
    #1
    As a reformed Wintel server admin, I was curious how many Mac users have *ever* had their boxes get compromised by a worm, virus, etc...

    I patch my Mac desktops and servers like a good boy, but how much danger is there really out there?

    Any horror stories to share?

    Tom
     
  2. gwuMACaddict macrumors 68040

    gwuMACaddict

    Joined:
    Apr 21, 2003
    Location:
    washington dc
    #2
    nope. never. although... it is fun to get your friend's passwords and IP address and have a little ssh fun with the terminal once in a while... ;)
     
  3. revenuee macrumors 68020

    revenuee

    Joined:
    Sep 13, 2003
    Location:
    A place where i am supreme emporer
    #3
    Re: Anyone have a Mac get hacked?


    LOL .... half the people here probably don't even own Anti-Virus software

    Umm the only real threat that i've heard of are the Macro Viruses that exist in Microsoft Office Products.

    I've received tons of Emails that my friends told me not to open because it's a virus, and i've done just for fun to see what would happen - after a backed up everything off-course - and i just got a "does Not recognize file" response

    This was under OS 9 mind you... OS X is FreeBSD based so it could be different.

    www.securemac.com as you probably already know yourself has all the latest info on mac security issues
     
  4. Counterfit macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #4
    I've been using Apple computers since I was 4 or 5, (about 1989 or so when we got our Apple IIgs). I have NEVER had a virus worm or anything else. Unless there were some that my brother didn't tell me about. But I can say with absolute certainty that I haven't experienced a virus since at least 1998.
     
  5. Counterfit macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #5
    Hell yeah it is! :D I love ssh ;)
     
  6. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #6
    After 10 years, I've never had anything like that happen. I don't even have anti-virus software for Mac OS X. I imagine that I'll need it at some point, but that time is not now.

    I just check to see that the firewall is properly configured and running.
     
  7. Rower_CPU Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #7
    Heh, after a Win2K server getting "t@gged" here at work yesterday this is a relevant topic for me. ;)

    We had one Mac server get used as an open SMTP relay for a bit. That's all.

    PC/Linux servers have had several large compromises:
    PCs: tagged twice
    Linux: open FTP relay

    Not to mention the lovely Blaster and Nachi outbreak in August all over campus. :rolleyes:
     
  8. mklos macrumors 68000

    mklos

    Joined:
    Dec 4, 2002
    Location:
    My house!
    #8
    Someone please correct me if I'm wrong...but as far as I know there are NO...yes ZERO Mac OS X viruses/worms/trojan horses.

    I have Norton Anti-Virus for Mac OS X and I rarely ever use it. I never remember to update my virus definitions which isn't a problem because the file size of the definitions never changes which tells me that they are never changed except for just changing the definitions date.

    I'm telling PC people all the time that the Mac is the way to go. They are less prone to viruses, rarely break down, easy to use, and easy to use peripherals with them. So while they may seem expensive at first, they will more than pay for themselves in a long run.
     
  9. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #9
    I gotten my Windows XP machine hacked a couple of weeks ago, if that makes anyone feel any better.

    They uploaded a virus and were try to conduct DoS attacks :)
     
  10. Java macrumors regular

    Joined:
    Jan 13, 2003
    Location:
    Marin County (where else?)
    #10
    I consider Microsoft Office vX a virus. But that is just my opinion.

    I had someone steal my static IP address once, but I am not sure if that was computer specific.
     
  11. revenuee macrumors 68020

    revenuee

    Joined:
    Sep 13, 2003
    Location:
    A place where i am supreme emporer
    #11
    Static IP address is not that big of a deal ... unless you've got all your ports open and have not set up an sort of firewall or password
     
  12. cb911 macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #12
    how easy would it be for someone to get access to your Mac? like via SSH?

    from some of the strange behavior i've been experiencing with the Finder i'm beginning to think that someone might be messing around with me...

    also a couple of weeks ago, my little brother had a friend over and he bought his PC and tried to hack my Mac. and he was also connected from inside our router/firewall. but he said he couldn't get in or anything...
     
  13. Makosuke macrumors 603

    Joined:
    Aug 15, 2001
    Location:
    The Cool Part of CA, USA
    #13
    I've used OSX hooked to broadband at home since the day of its release, without special security precautions (I didn't even have the firewall on until recently, and I own no antivirus software) and I've never had anything untoward happen.

    I also administer about a dozen Macs on a campus network, also without antivirus software (but, in the case of the OSX machines, with the firewall on), and they've also never been victim to any funnybusiness.

    I did, once, see a client's copy of Microsoft Word infected by a Macro virus, though. It did no damage (couldn't on the Mac), but it did infect all his outgoing Word documents. That was about three years ago.

    I see virus infected PCs all the time, on the other hand, and am happy to charge people plenty of money to purge them.
     
  14. leet1 macrumors 6502

    Joined:
    Nov 3, 2003
    #14
    There are a few.
     
  15. Rower_CPU Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #15
    For OS X? Linkage.

    [edit - According to http://www.sarc.com, there are no OS X specific viruses/trojans/worms. In fact, the only mention of "OS X" in their database is related to a kadmind buffer overflow issue that affected all *nixes, saying that OS X wasn't affected since they weren't using the daemon.

    So much for that one.]
     
  16. revenuee macrumors 68020

    revenuee

    Joined:
    Sep 13, 2003
    Location:
    A place where i am supreme emporer
    #16
    Assuming the ssh port is open, relatively easy, - it would be like opening the screen door to your house
    However you still need to login - if you have a user account on your computer that does not require a password, thats like leaving your front door unlocked.

    If you don't open the SSH port then it's like trying to break into your house through a brick wall...

    If your worried... use the network utility to run a PORT SCAN on LOCALHOST (127.0.0.1 - as you already know), and see what ports are open, then just go in and close them off ... i think 1033 and like 634 are open, but they are no know security issues associated with them that i have found yet...
     
  17. cb911 macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #17
    aren't there also keystroke loggers and other things that could cause weird behavior?

    as for linkage...http://undergroundmac.com/viruses.html. that's not too hard to find, i'm sure alot of people have seen that site already. but they're just scripts.

    there's also this:http://freaky.staticusers.net/internet.shtml. lots of hacking stuff there & also some more stuff that could mess with your compy.

    http://freaky.staticusers.net/virus.shtml - apparently these are all live virus'. use at your own risk.:rolleyes:

    http://freaky.staticusers.net/macintosh.shtml - even more goodies. keystroke loggers and password crackers. oh woe is me.:rolleyes: :eek: :p

    so lets say someone is fully into all that kind of stuff. how easy is it for them to access Panther and do nasty stuff?
     
  18. leet1 macrumors 6502

    Joined:
    Nov 3, 2003
    #18

    Yup, just classic, had heard someone say that on here.
     
  19. Rower_CPU Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #19
    So why did you say there were a few for OS X? :confused:
     
  20. leet1 macrumors 6502

    Joined:
    Nov 3, 2003
    #20

    Thought thats what they were talking about, but then saw the link ;)
     
  21. revenuee macrumors 68020

    revenuee

    Joined:
    Sep 13, 2003
    Location:
    A place where i am supreme emporer
    #21
    They are primary stuff that affected OS 9

    plus a key logger is useless if he can't get back into your computer to retrieve that logged file IE through an open port, Assuming he lied to you, and did get your password file, and he cracked it to get at your passwords, he still can't get in their is no ports are open

    assuming he has a trojan installed, that trojan needs to open a port, in order for someone to get in, if you run a PORT SCAN you will know what port is open...

    Now, as far as damage, well it's like any other system, the majority of major tasks need to be done from the root user account

    Have you set this up? if you have, and have no real use for it, shut it down, and now he has no real way of damaging your system .... but first and foremost, close the ports, and end the problem
     
  22. cb911 macrumors 601

    cb911

    Joined:
    Mar 12, 2002
    Location:
    BrisVegas, Australia
    #22
    yeah i'm not too worried about all of those 'virus' and stuff you can find on the net.

    i just ran a port scan... i'm not going to say what ports i have open, ;) but what is netbios-ssn? also some other descriptions it put to ports: ipp, netinfo-local, daap (which is used for iTunes sharing, right?) and newoak. so what do all of those mean? anything there that looks out of place?

    also, Apple wouldn't use a vulnerable port for a service would they? for example the iTunes sharing port has no vulnerabliities, right?
     
  23. caveman_uk Guest

    caveman_uk

    Joined:
    Feb 17, 2003
    Location:
    Hitchin, Herts, UK
    #23
    netbios-ssn - something to do with windows file sharing???
    ipp - printer sharing (port 631)
    netinfo-local - netinfo is the central database of mac os x though it isn't used for everything
    daap - itunes

    All ports >1024 are equally 'vulnerable' - it just depends how vulnerable what's listening is.
    IIRC the ports <1024 are special. Something to do with priviledges...
     
  24. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #24
    netbios has to do with DOS/Windows networking. Remote logins default to 22 for ssh and 23 for telnet. iTunes is 3689. The Sharing preferences show these, as well as the Services within Netinfo Manager.

    Generally, anything up through 1024 is a system port and from there through 65536 is an application port.
     
  25. revenuee macrumors 68020

    revenuee

    Joined:
    Sep 13, 2003
    Location:
    A place where i am supreme emporer
    #25
    not off the top of my head... but this is what you wanna do

    open the terminal

    and type in "telnet"

    when you see this

    "telnet>"

    type open 127.0.0.1 "port" ie open 127.0.0.1 34 (port is the port number you want to access)

    so the full line would be

    telnet>open 127.0.0.1 [port]

    then see what happens, if it opens the port ... type, either "man" "help" or "?" to see if it recognizes commands

    or try things like "login" and see what happens?

    or "Helo" and see if it responds.
     

Share This Page