# Dude, you got cracked



## rharder (Apr 20, 2001)

If any of you get to this site without passing through the root www.macosx.com, you might not notice that on the morning of 20 April, 2001 it was seriously cracked.

-Rob


----------



## ScottW (Apr 20, 2001)

Fun Fun Fun! <rolling eyes>


----------



## rharder (Apr 20, 2001)

Kudos, hopping on the fix. I wonder how long it was there.

-Rob


----------



## ScottW (Apr 20, 2001)

Appears to have been online since around 4am - 9am'ish.


----------



## AdmiralAK (Apr 20, 2001)

I went to see if there were any posts this morning and I was suprised lol...

Seems like crackers/hackers have bad spelling LOL

Good to see ya back


----------



## gumse (Apr 21, 2001)

Was it a security hole in OS X-server ???


----------



## VGZ (Apr 23, 2001)

> _Originally posted by gumse _
> *Was it a security hole in OS X-server ??? *



I think this site is on a Linux box.


----------



## rharder (Apr 23, 2001)

Webmaster,

Despite the fact that this site is not on OS X, I'd be very interested to know how the crack was accomplished, if you were able to determine that.

-Rob


----------



## ScottW (Apr 23, 2001)

I will talk about it, but not in detail.

Basically, on Linux/Unix servers, now Mac OS X, and any system for that matter... you have ports available on IP addresses... (this is basic for the expert)...

The IP address of 208.34.56.2 is ONE address. That one address can have say, 65000 ports available to it. For example... Telnet runs on port 23, Web (like this website) runs on port 80, SMTP on port 25, etc. These are the standard ports... and you can run these same things on other ports on that one IP address, but you have to specify another port other than the standard when you connect.

Many times, security holes are discovered in the one of MANY applications that run on various ports on your server. Once those are discovered and published, most companies that publish the software are quick to bring out patches... and if you are on top of it, you will update those as quickly as they are release, and you minimize your ability to be hacked.

However, what happens is that you sometimes forget your system is RUNNING things that you really have never messed with or even know anything about it. It was a default install for example.

Well, apparently, one of the applications on our server, had a security hole in it... and was fixed months ago, but we never realized it... and never fixed the patch. Using scripts, this individual, was able to gain root access to the box and setup easy access points on other non-standard ports.

Sometimes individuals who break the law by entering computer systems through these holes do bad things, others do what seem to be innocent although are still just as bad... but aren't as hard on the sys admin, as others are.

Once into a system, its pretty much all yours to do as you please... and this individual chose to change the default html page on our sites with their own "hacked" version, and that was pretty much it. A random install of a IRC server, other things... not a big deal, but still, not fun either... at least for me.

Attempts to use the same security hole where made all weekend, and the individual made 2 successful attempts (thus the 2 hack messages on Saturday) and tried numerous times unsuccessfully on Sunday... others also did some usual port scanning (probably after reading this message). The focus of the "hacking" if you wish to call it that, seemed to be around macosx.com, so I imagine whoever was doing this, has read or is reading these threads.

Sunday evening... we finally found the hole and patched it (we think) and safe for now... but one never knows what hole will be discovered next.

Its a game of cat and mouse. In the 5 years I have been running Linux internet servers, the increase in attempted hacking has increased significantly over the past 6 months. I don't call these individuals "hackers" because they really aren't. Most of these individuals are teens, who are curious about programs that "hackers" write... and the run these scripts to see what type of fun they can have. Most "hacking" from these individuals is in their eyes harmless, and having a little bit of fun.

The problem with this thinking... is that to God, a sin is a sin, if you kill someone, that is just as bad as stealing bubble gum from the local gas station. Breaking into a computer, is just as bad, whether you break in to steal company information, or do what seems to be a "harmless" replace of a web page. Both are equal under the law... and should fear... because, as with any successful hack into our box... we do call law enforcement officials... and will seek after these individuals.

The game of cat and mouse stops when line of the law is crossed... breaking and entering, whether into a house or a business... is against the law.... so is breaking and entering into computers.

Just because you walk by a house and the side door is wide open, doesn't give you the right to walk into it, or take things from it. It just makes it easier to do so.

Admin


----------



## rharder (Apr 24, 2001)

I wonder if Apple will keep up with patches to utilities it includes with OS X and trickle those patches down to the average user through an OS X patch.

-Rob


----------



## VGZ (Apr 24, 2001)

> _Originally posted by rharder _
> *I wonder if Apple will keep up with patches to utilities it includes with OS X and trickle those patches down to the average user through an OS X patch.
> 
> -Rob *



I sure hope so.  apple better realise this and release updates as often as necessary.  If your wrried about it send in some feedback demanding that they do so.


----------



## rharder (Apr 25, 2001)

Oh yeah. Feedback. I'll be right back...

You know, it seems ironic that Microsoft gets dumped on every time they release a bug fix or service pack, but here we are asking Apple to give us patches every week (well, that's what <em>I'd</em> like).

That might make Apple look bad like Microsoft.

OTOH, if Apple adopted the "We'll give you patches as soon as any Unix patches are released" mentality, that would sort of draw the fire from any patches that were Apple-specific and could help them avoid the constant ragging that Microsoft gets. They'd be crusaders for the common man instead of Yet Another Software Company with Bugs. 

Maybe crusaders is too strong a word.

-Rob


----------



## endian (Apr 25, 2001)

Software Update makes this much easier - I think it comes out of the box set to check every week for updates, so all Apple has to do is post them there and they'll filter down automatically.


----------



## conceited (Apr 28, 2001)

I hacked it one time, when i thought everyone would be             sleeping! Then I went to sleep. Then when I woke up, it was back to 
normal, and most of my peers didn't see it... or they complained that            it took to long to load so I redid the html... 

              Also the site is hosted by a company that must not of cared         about it's customers, or has a really bad admin. Not only did I deface 
macosx.com I defaced 29 other sites hosted by macosx.com's host! 

              I'm a 20yr old who wouldn't mind doin network security, 
              If you are hiring or in need of help email me. 


                                                                    P.s 
               				The defacement wasn't 
     	 				 Personal. d=)


----------



## Alex (May 2, 2001)

http://www.attrition.org/mirror/attrition/2001/04/20/

Look at this nice list. How about this, try growing up? This site is just a community for Mac Users, and YOU try to take it away? Hmm, Not cool. I dont agree with this, and Its not something to boast about, have some fun making a game or something, not defacing websites.


----------



## VGZ (May 2, 2001)

> _Originally posted by endian _
> *Software Update makes this much easier - I think it comes out of the box set to check every week for updates, so all Apple has to do is post them there and they'll filter down automatically. *



Talked to an Apple employee today and was told that they plan on releasing updates on a fairly regular basis to patch  security holes in the unix layer.

This is great news and your right that the software update control panel will make this really easy.

I would like to see them include some of the other free unix utilities in the updates/patches such as samba.


----------

