MY MAC WAS HACKED!!!

Discussion in 'General Mac Discussion' started by Surfernate, Jan 8, 2005.

  1. Surfernate macrumors newbie

    Joined:
    Nov 4, 2003
    Location:
    Encinitas, Ca
    #1
    Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

    This suks!!

    Anybody have some insight?
     
  2. BWhaler macrumors 68020

    BWhaler

    Joined:
    Jan 8, 2003
    #2
    Check your settings in the Sharing Preferences. This doesn't seem right.
     
  3. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #3
    Apple Remote Desktop? If that's turned on in Sharing it would allow easy control over your entire desktop. Good security practice says you should only have the services you need turned on.
     
  4. Counterfit macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #4
    Your firewall might be configured to allow SSH connections. He could have guessed your username/password and logged in that way.
     
  5. BakedBeans macrumors 68040

    BakedBeans

    Joined:
    May 6, 2004
    Location:
    What's Your Favorite Posish
  6. AppleMatt macrumors 68000

    AppleMatt

    Joined:
    Mar 17, 2003
    Location:
    UK
    #6
    Update everything to the latest versions by Software Update too.

    AppleMatt
     
  7. jim. macrumors 6502

    Joined:
    Dec 22, 2004
    Location:
    C-ville, VA
    #7
    Justt because it is Apple doesn't mean it can't be done. :) Actually with the guy's description of what he did, this vulnerability applies:

    http://ciac.llnl.gov/ciac/bulletins/o-138.shtml

    However, a fix was issued back in May, so if you are up to date this theoretically shouldn't work. You have updated right?

    Otherwise, I can't find a known exploit unless you are running some *nix service that isn't supported out of the box by Apple.

    Buffer overflows are very common when using languages like C and C++ (I think OSX is Obj-C so overflows probably still exist). As a result there are typically many of these vulnerabilities inherent in any moderately complex piece of software, and they are easy to exploit if you know they exist. Most people just rely on scripts posted to security sites and don't go looking for the vulnerabilities themselves.

    Jim
     
  8. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #8
    Many guys like this are very cocky, and will tell you they 'hacked' your computer when all they did was some very simple stuff:

    If you had SSH on, then he probably guessed your password, and was able to issue terminal commands over the network.

    If he had access to your computer (did you ever leave your door unlocked?) then he could easily have gotten your password, removed your password, or put software (like ARD or VNC) on your computer that would allow him to control your computer.

    If you ever used his computer, or a computer lab computer, it would have been very easy for him to get your password.

    Sounds like he doesn't really have a life - tell him to **** off, update all your software, change your password, keep your door locked when you aren't around, and turn off sharing, then move on. :)
     
  9. hcuar macrumors 65816

    hcuar

    Joined:
    Jul 23, 2004
    Location:
    Dallas
    #9
    This part tells me that you have a jeolous Windows user trying to tick you off. Buffer overruns are usually the number 1 exploit in WinXP... I'd guess he did some sort of Remote Desktop setup... He's being a jerk for now telling you how he did it. That's the second clue that he's scamming you.
     
  10. Surfernate thread starter macrumors newbie

    Joined:
    Nov 4, 2003
    Location:
    Encinitas, Ca
    #10
    Well, Maybe

    I'm not sure either way. Windows Sharing was on and so was Apple Sharing but remote login was off and the firewall was on. That being said, he did it twice, each time while I was out of my office for a minute, and very well may just be an a$$hole who wanted to piss me off. The personality stereotype fits well. I just want to be certain that he did not have remote access to my machine. I can fix the other kind of access no problem.
     
  11. altair macrumors regular

    Joined:
    Nov 22, 2002
    Location:
    Seattle, WA
    #11
    So uh, you say you left the office and he hacked you?

    How do you know he hacked you? Just cause some programs were open that hadnt been? or what?

    Sounds like he just walked into your office and opened some apps to me :p
     
  12. Dr. Dastardly macrumors 65816

    Dr. Dastardly

    Joined:
    Jun 26, 2004
    Location:
    I live in a giant bucket!
    #12
    He's very old school. :D
     
  13. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #13
    Did you actually see him to this on your screen? Or is he telling you he did?
     
  14. angelneo macrumors 68000

    Joined:
    Jun 13, 2004
    Location:
    afk
    #14
    I quite agreed with OutThere761. I have encountered "hackers" before with my clients' sites and most of them turns out to use simple tricks that every tom, dick or harry knows. They are just like kids who wanted to show off. Real hackers does more damage and never visit the scene of crime twice and it is even tougher to track what they did.
     
  15. jimsowden macrumors 68000

    jimsowden

    Joined:
    Sep 6, 2003
    Location:
    NY
    #15
  16. CubaTBird macrumors 68020

    Joined:
    Apr 18, 2004
  17. mrgreen4242 macrumors 601

    mrgreen4242

    Joined:
    Feb 10, 2004
    #17
    I'm going to call ********, too. If there WAS a 'buffer overrun' exploit in OS X someone besides your 'friend' would have discovered it, and it would be big news. If you left the office there's a good chance that he slipped in, turned on remote desktop or a VNC server, added a user to your account or got your password, and just did that.

    That said, I would change my passwords, check my running processes to be sure that there isn't a keylogger or VNC server running. I would then sign his email address up for every spam site I could find and then see how he likes every security vurnerability in his XP system exposed. :eek:

    Rob
     
  18. virividox macrumors 601

    virividox

    Joined:
    Aug 19, 2003
    Location:
    Manila - Nottingham - Philadelphia - Santa Barbar
    #18
    HAHAHA whos laughing now!!! :D
     
  19. Mechcozmo macrumors 603

    Mechcozmo

    Joined:
    Jul 17, 2004
    #19
    Nice! Spam, pr0n, and even Apple newsletters just to tick him off..
     
  20. snkTab macrumors 6502a

    snkTab

    Joined:
    Nov 13, 2004
    Location:
    Cincinnati, OH
    #20
    what do you mean by secure?
     
  21. Jigglelicious macrumors 6502

    Jigglelicious

    Joined:
    Apr 25, 2004
    Location:
    NYC
    #21
    Why do I get the feeling that he installed VNC while you weren't looking and just controlled your mac remotely through that.
     
  22. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #22
    Is this a friend of yours? Does/Did he have physical access to your machine? He may have setup an account for himself on your mac while it was logged in or he knows your password. Check the accounts that exist using Netinfo manager - see if any look fishy.

    This is common for "hackers" to create their own user account and then f*ck with the owners. I know i have done it in the past and enjoyed it quite a bit.

    Also, change your password.
     
  23. Wes macrumors 68020

    Wes

    Joined:
    Jun 22, 2001
    Location:
    London
    #23

    VNC sounds like it could very well be the cause here. Look in your download folder for any things you have not downloaded yourself and post the names here.
     
  24. Mord macrumors G4

    Mord

    Joined:
    Aug 24, 2003
    Location:
    UK
    #24
    john the ripper and SSH or telnet?


    give me yoru ip and i'll start a Denial of service attack :eek:.



    i have had my system admin try to hack into my ibook and he couldn't do it and he has a CS degree.

    then again i have my firewall blocking everything.
     
  25. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #25
    So, having a CS degree automatically makes one a hacker? C'mon, people. There's no corelation.
     

Share This Page