Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Anyone have a Mac get hacked?

Amusingly enough, I just got to spend a few hours cleaning and upgrading software on a Win2K box in my lab that was infected by a worm. The person who uses it had done an OS upgrade that I wasn't aware of, got back from vacation, turned on his computer, and an hour later I get a call from the campus network guy telling me one of the machines in my lab is going berserk. There's Windows for you.

Oh, and by the way, cb911, since the ports you named have standard port numbers associated with them, there's not much point is "hiding" which are open But as caveman_uk said, it doesn't really matter which ports are open, just whether what is listening to that port is vulnerable or not. Apple's preinstalled services are pretty solid, and so long as you keep up with OSX security updates, I see no reason to believe they won't continue to be.
 
Since it's basically Unix...

... I would think the same rules for security would apply.

- Don't run unnecessary services (that is, don't run a Web server and file sharing unless you've got a specific need to have those running).

- Turn your firewall on, and only open up the ports that need to be open (i.e. SSH, HTTP if you've got a Web server running)

- Don't make every account an "admin" (correllary: don't turn off the password for sudo)

- Pick good passwords

- Don't turn on auto-login (correllary: Require the password to be typed for the screensaver and for wake-from-sleep)

- Patch quickly whenever updates are released
 
In the few years i've been repairing macs, i've only seen 1 computer come in with a virus. It was called the Sevendust virus, and it seemed pretty harmless. This was in os 9.

As a repairman, i'd expect to see my share of viruses, but like i said, only seen one so far...
 
I have seen two viruses on Macs: one in OS8.5 and the other in OS9.1. Both were relatively harmless. There were many vulnerabilities in the Mac OS before OSX. OS10.3 is fairly secure but there are a few vulnerabilities.
 
Originally posted by Peyote
how do you close open ports?
Click to expand...

Turning the firewall on closes the ports. Most people don't need to manually open any of them anyway; plus OS X is pretty good about opening the ones it needs automatically when you turn on a service (if you turn on file sharing for example) - in this case you'll see certain items in the Firewall's "Allow" list checked off. Normally it'd only be under special circumstances that you'd have to worry about going through the ports list and figuring out which ones have to be open or closed.

In case it isn't clear: a "port" in networking-speak just means that some particular server-type program on a computer is ready and listening for connections from another computer. It's a way of determining what type of connection is to be made over an internet connection. Ports are assigned numbers, which as far as I know were just arbitrarilly agreed upon by various standard-setting groups of people. 80 is the port number for Web (443 is the port for secure Web connections), 22 is SSH, etc etc etc. So if your computer is acting as a Web server you have to leave port 80 open, for example.
 
i got infected once... after years of using one antivirus software (SAM, back in the day) i had never heard a peep from it, so i deliberately infected it... it did catch it, so i was happy.

it was not easy for me to find a virus for the Mac, this was in ... what, system 6 days? 7? there were (and still are) only a few in existance... but they don't spread.

pnw
 
revenuee, thanks for that Terminal tip. :)

would that also work if you just typed in a random IP? ;)

about which apps are listening to a port... so basically if it's a weak, vulnerable app that's using a particular port, that's easier to exploit?

so what exactly does netinfo-local do? what would happen if you disabled that port?
 
I just remember the screensaver hackathon that they did.
They had Xp Pro machine with all the patches on it and Mac I believe with 10.2.7 on it. They had no firewalls on the machines and gave out both IP adds on the air. After 15 mins the Xp box was hacked and blue screening like mad! The Mac..had attacks on it but nothing happen it just kept running. At the end the Xp box has the blue screen of death on it and the Mac was fine...and they even went on to surf on it to show you it was A-Ok!

Only folks with Unix background and know alot about OS X tend to be the only folks able to hack it and thats if Apple doesn't patch hole before it's exploited which never has happened.

I've used OS X almost since it's came out and I've never had a virus or got hacked. I can also say I've never heard of Mac getting hacked by any of my friends that use them all the time.

I only have Norton because of MS Word Macro viruses that can effect Word doc.

I recently got the paypal worm email.
So what I did I opened it up and looked at it's code. Found out where it was sending all the CC #'s they are getting and I just mail bombed them with their own worm virus. I also notice the worm only affects Win95 on up because on the top it said This program does not work in DOS enviroment. So what I did was I went on windows site and posted the whole virus code and everyone said how did you get that. I said it's easy when you got a Mac.
I told them if they were running DOS as their OS they wouldn't get infected.

If anyone is wondering the worm is send folks Paypal accounts, name and address, and CC# to 4 accounts in the Czech Republic.
 
Originally posted by cb911
revenuee, thanks for that Terminal tip. :)

would that also work if you just typed in a random IP? ;)

about which apps are listening to a port... so basically if it's a weak, vulnerable app that's using a particular port, that's easier to exploit?

so what exactly does netinfo-local do? what would happen if you disabled that port?
Click to expand...

I myself haven't even began to scratch the surface of understanding many aspects of exploits, but it is my understanding that certain ports run certain apps and daemons, that if correctly manipulated can compromise a system - how to actually do this is still a mystery to me.

i know enough to login in, and surf around, open and read files - the very basics.

as far as what ask about random IP's ... well yes and no ... i don't fully understand networking and IP addressing, but what i do know is that there are just under 425 million possible combinations of IP's and not all of them are connected to the internet at the same time. Also not every IP will have the same services running and ports open so you won't be able to much fun there... some ports don't do anything, they don't respond to commands (non that i know) so even if you do connect, that doesn't mean you can do anything

*Warning - accessing a computer you don't have permission to is illegal in most countries - so be careful*

you have to also consider why you are accessing that computer? for the sake of entering? for purposes of information? or is it purely malicious?

SIS admins aren't stupid ... there is a log file of people accessing a server, and the activity being done, so unless you really know what your doing, you might unwittingly connect to a computer, do even absolutely nothing, but if something does happen, you can be blamed for it.

<sarcastic rant>And now a days computer crime is a bigger felony then murder </sarcastic rant>

now that we covered why you might want to avoid using random IP's ...
here is what you can do ... if you have second computer at home, snag it's ip address, port scan it, and see what you can do with the ports that are open

and as far as what netinfo-local does ... you got me... i've been trying to figure it out too...

:D :) have fun
 
Originally posted by revenuee
I myself haven't even began to scratch the surface of understanding many aspects of exploits, but it is my understanding that certain ports run certain apps and daemons, that if correctly manipulated can compromise a system - how to actually do this is still a mystery to me.
Click to expand...
I think that's the way it works. Remember the ssh bug/hole that had a slight hand in the 10.2.8 mess? It was patched quickly, but it took Apple a little bit longer to distribute.
 
well there's alot of numbers in an IP... you never know you might make a small mistake once in a while... ;)

i'm probably just going to set up a PC here so i can have some fun with it. he he. :D

so i'm guessing that since netinfo-local is a system thingy it's best not to mess with it...
 
Originally posted by cb911
well there's alot of numbers in an IP... you never know you might make a small mistake once in a while... ;)

i'm probably just going to set up a PC here so i can have some fun with it. he he. :D

so i'm guessing that since netinfo-local is a system thingy it's best not to mess with it...
Click to expand...

thats one solution, and quite frankly a good one, i've been playing around with one here at home myself (my parents... LOL)

your other solution is to load the PC with some version Linux, and if you can offord to not use the computer for anything else then for running attacks on it, even if you do end up screwing something up, you can just format it, and then try again...

hmm, which give me an idea... i have an OLD 486 sitting in the basement that i think i might want to play around with...

but it doesn't have a CD-ROM or an ethernet card .... anybody know where i can get these cheap ... it's an old computer so i don't really care to spend an in-ornate amount of money here... LOL
 
An ethernet card is like $10 at fry's or your local electronics store. you can pick up a CD rom for 25 or so.
 
Originally posted by leet1
An ethernet card is like $10 at fry's or your local electronics store. you can pick up a CD rom for 25 or so.
Click to expand...

nice ... looks like i can pull this project off for less then 50$
 
if your on a *nix machine that includes OS X

open the terminal

you will see something like this

[*yourhostname1:~] *yourusername*%>

type CD .. and hit return

you should then see

[*yourhostname1*:/Users] *yourusername*%>

type CD .. and hit return (again)

and you should see

[*yourhostname1:/] *yourusername*%>

now type open etc/services

that will open a test file that will give you all the port references that common services run on
 
You can do a simple port scan of your home computer and a few other security checks at the Symantec web site. http://security.symantec.com/ssc/ Click on "Scan for Security Risks". Unauthorised port scans are a no-no so don't try this on a corporate network without permission from your network administrator.
 
it's fairly simple.

Just look at the linux security bulletins, eg. openssl is always a good way to get into a system. The only reason that macs are usually spared from hackers and net worms is that most worms work only on specific patforms (e.g. linux slapper, which introduced itself to me last year on a linux box) - the only reason is that OSX Servers that serve internet services are very rarely seen, and noone really cares to try them.

So, if you know a Xserve that serves as Webbrowser with openssl, you may want to check if it has been patched already, or if you can do s.th. nasty with a linux exploit.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back