Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
My MacBook has been hacked!
- Thread starter spooky1980
- Start date
- Sort by reaction score
Not true. An admin account is not as powerful as a root account. To enable root you need to muck about in the netinfo app.
Root has unrestricted access to everything. Admin doesn't. The admin account can acheive a lot of the same things as root, but has to authenticate to do so. (by using sudo or authenticating in the GUI)
Ok maybe hoax is too strong a word.Sorry.
But.
Like I said until the OP can explain the network set-up I'm suspicious of not an external breach but an internal one.As in a mojor screw-up or a joke by a friend or this or that.The OP doesn't seem to want to contribute any more info so ?
But.
Like I said until the OP can explain the network set-up I'm suspicious of not an external breach but an internal one.As in a mojor screw-up or a joke by a friend or this or that.The OP doesn't seem to want to contribute any more info so ?
Read the first post again. He had SSH enabled. Do we need more than that? I believe he gave us plenty of information to get an idea of what's going on. Just because you didn't doesn't mean others didn't either.
Does it matter if someone got access to his box from the LAN versus the WAN? Not really. It doesn't change the fact that his computer was compromised.
Computer security is not a laughing matter. You've gone from saying that this is a hoax, to it all being just a big joke that was done by one of their friends. Are you the OP's spokesman? I think not. Don't speak for him.
If you got your car broken into or vandalized would your first reaction be "It's all just a joke!" No. You'd call the police.
The OP doesn't seem to want to contribute any more info so ?
Maybe they don't have the time to start spreading lies and deceit, and doesn't have the time like I do to call you out on it.
I mean come on. You claim that it's all a big hoax, then as soon as I call you out on it you start backpedaling like a Russian circus bear.
Well there is a very high probability that either social engineering or just plain stupidity was involved here at the least. The chances of someone guessing your user name and your password are just too low for me to sit around believing it was brute forced. At the same time a vulnerability in Open SSH would be a huge deal, compromising thousands or millions of computers.
Either he used a "dumb" username/password combination, or someone knew it. I'm not saying that I'm certain of it, just that there is an incredibly high probability of it.
The thing is, at least on a Mac there isn't much reason to use ssh unless you are fairly competent on a command line (as far as I know Macs don't support X forwarding), and most people who are competent enough on a command line to be bothering with ssh understand the security risks involved, and how to overcome those (which really isn't hard - even with 100,000 login attempts the chances of someone getting your username, not to mention your password are darn low).
Either he used a "dumb" username/password combination, or someone knew it. I'm not saying that I'm certain of it, just that there is an incredibly high probability of it.
The thing is, at least on a Mac there isn't much reason to use ssh unless you are fairly competent on a command line (as far as I know Macs don't support X forwarding), and most people who are competent enough on a command line to be bothering with ssh understand the security risks involved, and how to overcome those (which really isn't hard - even with 100,000 login attempts the chances of someone getting your username, not to mention your password are darn low).
Again, read the rest of my post. The funny thing is, you pick one little detail and jump to conclusions about what I was implying.
Learn to READ fully - I simply stated that there was no security hole in OSX that was related to him being "hacked" - he had left the back door wide open and was asking for trouble.
If he didn't have SSH enabled, Remote Login etc then my statement would be wrong, but he does so therefore I am not wrong.
It looks like the guy was trying to execute something on the command line containing a sentence, but did so ineptly and each word wound up as a file (easy mistake to make, just takes a misplaced or missing quotation mark). Hopefully his 'hacking' of your system, if there was anything more to it than that, was equally inept...
Relax dude.The world doesn't revolve around you.
It's now the next day and the OP hasn't been back here.I've been around MR long enough to know a newbie that makes 3 posts about the same thing is pure trolling.
When I said interior I mean just that.No back peddling.I think either he or a friend went into his macbook while sitting or standing in front of it and messed with the files.
A couple of questions need a real answer.
WHY would he have remote log on selected?
What kind of network configuration did the OP have?
Why does he not come back in here and answer those questions?
If he was so concerned about a breach he sure gave up fast.
I don't care if I'm wrong or not.But using derogatory words won't get you anywhere except in the banned corner for a week.
Yes, we do. Just as one shouldn't assume that you can't be compromised, you shouldn't assume that someone was compromised based on a screenshot. We have ZERO information on the files themselves other than name, filesize, and creation time. We have zero log file snippets or anything else provided.
Without any further evidence, this could be a compromise, it might not be. We cannot jump to the conclusion of what it is without more information.
We don't even know if anyone else uses this computer, or where the computer is, etc. If he is in a dorm room and left the machine asleep (without a password), someone could easily do this via physical access to the machine, meaning it wasn't a SSH vuln if that was the case. With sshd instances now being run as nobody until the user logs in, it is even harder to get root access via an SSH vuln, making it harder to cover his tracks, so there should be some trace left in the logs.
One screenshot does not prove/disprove compromise, this is why I say armchair forensics are not gonna get us anywhere at this point. My previous post was a hypothesis of the likely method of entry.