osx boxes defaced...

Tetano

Registered
For the first time, checking for news on a IT security site, i found that a number of osx boxes were hacked today with a mass defacement technique...
http://www.zone-h.org/en/defacements
the site doesn't explain which bug was exploited...
could this be a first alert of a starting of _interest_ from hackers to osx? should we start to prepare to defend our machine from worms & co?
 
It doesn't look as though the sites were actually defaced, though -- rather, an html file was placed into the site for most of them.

A lot of the OS X sites I checked on there seem to be some kind of webmail portal or something, so perhaps this has nothing to do with OS X and has everything to do with the kind of webmail/web portal software those sites are running...
 
"It doesn't look as though the sites were actually defaced, though -- rather, an html file was placed into the site for most of them." - That's pretty much what defacing means, ElDiabloConCaca. ;) Oh, I see, you mean they didn't replace the main index-file... Still: Same security breach. If they can add a html-file... They just were more nice than to me (in the past). ;)
 
do you need admin rights to the machine for a deface like these ones, or it simply exploits a bug of the webmail software?
 
Defacing is almost always because of a flaw in the web server, such as Apache, which runs on many different UNIX type systems.
 
Kind of what I expected -- it's not a flaw with OS X, it's most likely a flaw with Apache... completely separate from OS X. It's up to the Apache people to fix this.
 
However, it always takes some time for Apple to incorporate Apache's fixes. Quite probably, the fix - if it IS an Apache fault after all - would long be available before Apple releases a security update that handles the problem. You _can_ take matters in your own hands by compiling and installing Apache yourself. However, if you run a webserver you might just as well use linux instead if you're going to use the 'hard road' anyway.
 
If the sites were running a webmail portal of some kind (I can't see - the zone-h site seems to be having MySQL problems), then it's also very possible that the exploit wasn't against Apache, but against the webmail software - the PHP, perl, or whatever that was powering it.

It might have been that the reason they created a file, but didn't trash the existing ones, was that they weren't able to escalate their privileges enough to delete the existing files - maybe they were only able to execute privileges as the mysql or www user.

Again - I can't check, because I can't look at the website that lists the victims...
 
"perhaps this has nothing to do with OS X and has everything to do with the kind of webmail/web portal software"

"Defacing is almost always because of a flaw in the web server"

"it's not a flaw with OS X, it's most likely a flaw with Apache... completely separate from OS X"


This is funny ::ha::
 
Hmm? The linked article tells the opposite. What do you mean by your post, soulseek?
 
Back
Top