Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MY MAC WAS HACKED!!!

S

Surfernate

macrumors newbie
Original poster
Nov 4, 2003
17
0
Encinitas, Ca
Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

This suks!!

Anybody have some insight?
 
Surfernate said:
Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

This suks!!

Anybody have some insight?
Click to expand...

Check your settings in the Sharing Preferences. This doesn't seem right.
 
Apple Remote Desktop? If that's turned on in Sharing it would allow easy control over your entire desktop. Good security practice says you should only have the services you need turned on.
 
AL-FAMOUS said:
he didnt hack anything :)
Click to expand...

Justt because it is Apple doesn't mean it can't be done. :) Actually with the guy's description of what he did, this vulnerability applies:

http://ciac.llnl.gov/ciac/bulletins/o-138.shtml

However, a fix was issued back in May, so if you are up to date this theoretically shouldn't work. You have updated right?

Otherwise, I can't find a known exploit unless you are running some *nix service that isn't supported out of the box by Apple.

Buffer overflows are very common when using languages like C and C++ (I think OSX is Obj-C so overflows probably still exist). As a result there are typically many of these vulnerabilities inherent in any moderately complex piece of software, and they are easy to exploit if you know they exist. Most people just rely on scripts posted to security sites and don't go looking for the vulnerabilities themselves.

Jim
 
Surfernate said:
Today at work a guy who is studying CS easily hacked my "secure" powerbook over the network just to prove that he could. He was able to start and appparently control applications at will and still will not tell me how he did it. My firewall was ON! He said it was a buffer overrun vulnerability. I did have sharing open as usual because I never worried about this sort of intrusion.

This suks!!

Anybody have some insight?
Click to expand...

Many guys like this are very cocky, and will tell you they 'hacked' your computer when all they did was some very simple stuff:

If you had SSH on, then he probably guessed your password, and was able to issue terminal commands over the network.

If he had access to your computer (did you ever leave your door unlocked?) then he could easily have gotten your password, removed your password, or put software (like ARD or VNC) on your computer that would allow him to control your computer.

If you ever used his computer, or a computer lab computer, it would have been very easy for him to get your password.

Sounds like he doesn't really have a life - tell him to **** off, update all your software, change your password, keep your door locked when you aren't around, and turn off sharing, then move on. :)
 
Surfernate said:
He said it was a buffer overrun vulnerability.

Anybody have some insight?
Click to expand...

This part tells me that you have a jeolous Windows user trying to tick you off. Buffer overruns are usually the number 1 exploit in WinXP... I'd guess he did some sort of Remote Desktop setup... He's being a jerk for now telling you how he did it. That's the second clue that he's scamming you.
 
Well, Maybe

I'm not sure either way. Windows Sharing was on and so was Apple Sharing but remote login was off and the firewall was on. That being said, he did it twice, each time while I was out of my office for a minute, and very well may just be an a$$hole who wanted to piss me off. The personality stereotype fits well. I just want to be certain that he did not have remote access to my machine. I can fix the other kind of access no problem.
 
So uh, you say you left the office and he hacked you?

How do you know he hacked you? Just cause some programs were open that hadnt been? or what?

Sounds like he just walked into your office and opened some apps to me :p
 
OutThere761 said:
Many guys like this are very cocky, and will tell you they 'hacked' your computer when all they did was some very simple stuff:

If you had SSH on, then he probably guessed your password, and was able to issue terminal commands over the network.

If he had access to your computer (did you ever leave your door unlocked?) then he could easily have gotten your password, removed your password, or put software (like ARD or VNC) on your computer that would allow him to control your computer.

If you ever used his computer, or a computer lab computer, it would have been very easy for him to get your password.

Sounds like he doesn't really have a life - tell him to **** off, update all your software, change your password, keep your door locked when you aren't around, and turn off sharing, then move on. :)
Click to expand...
I quite agreed with OutThere761. I have encountered "hackers" before with my clients' sites and most of them turns out to use simple tricks that every tom, dick or harry knows. They are just like kids who wanted to show off. Real hackers does more damage and never visit the scene of crime twice and it is even tougher to track what they did.
 
I'm going to call ********, too. If there WAS a 'buffer overrun' exploit in OS X someone besides your 'friend' would have discovered it, and it would be big news. If you left the office there's a good chance that he slipped in, turned on remote desktop or a VNC server, added a user to your account or got your password, and just did that.

That said, I would change my passwords, check my running processes to be sure that there isn't a keylogger or VNC server running. I would then sign his email address up for every spam site I could find and then see how he likes every security vurnerability in his XP system exposed. :eek:

Rob
 
mrgreen4242 said:
That said, I would change my passwords, check my running processes to be sure that there isn't a keylogger or VNC server running. I would then sign his email address up for every spam site I could find and then see how he likes every security vurnerability in his XP system exposed. :eek:

Rob
Click to expand...

Nice! Spam, pr0n, and even Apple newsletters just to tick him off..
 
Why do I get the feeling that he installed VNC while you weren't looking and just controlled your mac remotely through that.
 
Is this a friend of yours? Does/Did he have physical access to your machine? He may have setup an account for himself on your mac while it was logged in or he knows your password. Check the accounts that exist using Netinfo manager - see if any look fishy.

This is common for "hackers" to create their own user account and then f*ck with the owners. I know i have done it in the past and enjoyed it quite a bit.

Also, change your password.
 
Jigglelicious said:
Why do I get the feeling that he installed VNC while you weren't looking and just controlled your mac remotely through that.
Click to expand...


VNC sounds like it could very well be the cause here. Look in your download folder for any things you have not downloaded yourself and post the names here.
 
john the ripper and SSH or telnet?


give me yoru ip and i'll start a Denial of service attack :eek:.



i have had my system admin try to hack into my ibook and he couldn't do it and he has a CS degree.

then again i have my firewall blocking everything.
 
Hector said:
i have had my system admin try to hack into my ibook and he couldn't do it and he has a CS degree.
Click to expand...

So, having a CS degree automatically makes one a hacker? C'mon, people. There's no corelation.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back