trees
03-13-2006, 10:48 PM
I've had a couple of calls/emails from off-campus professional IT folk asking for information/validation of this,
http://www.tucsoncitizen.com/news/local/031306a1_computers .
If you haven't seen it, it is an article from the Tucson Citizen. It purports to be an article about the recent compromised Macs on the Journalism department. There appear to be some knowledgeable people out there who are troubled with the article.
I have heard no official description of how the Macs in question were compromised. Since this void is being filled with conjecture and disinformation, I'll be bold and put what I've heard out here.
The word around campus is that it was a simple brute force attack which succeeded due to poor ID and password choice for the administration accounts. I say accounts instead of account, as all the Macs apparently had the same insecure (obvious) admin ID and password. They also all had inbound SSH enabled, making them a very easy target. Under this scenario, there was no 'break-in', no OS security flaw, and certainly no virus outbreak.
As for the rest of the info and implications in the article, weeeelll, as much as I like the good press that OSCR got, I'll gently point out that the headline says "Mac", but the picture is of our very fine Dan T., OSCR Tech Lead Extraordinaire, cleaning a virus off of a customers Windows laptop. No Mac in sight. I doubt the reporter could of told the difference anyway.
As for most of the various people quoted, they are not exactly where I would go for Macintosh expertise. They are of course MS Windows techies, extrapolating their narrow focus onto an OS they know little, and in some cases, nothing, about.
As a Macintosh professional IT administrator, I have concluded that there is nothing for me here. (Other than to make sure I have decent IDs and passwords. Well, duh.) Nothing to worry about, no additional steps to take. Mac and OS X will get some real malware sooner or later, certainly, but this isn't it.
As you were.
http://www.tucsoncitizen.com/news/local/031306a1_computers .
If you haven't seen it, it is an article from the Tucson Citizen. It purports to be an article about the recent compromised Macs on the Journalism department. There appear to be some knowledgeable people out there who are troubled with the article.
I have heard no official description of how the Macs in question were compromised. Since this void is being filled with conjecture and disinformation, I'll be bold and put what I've heard out here.
The word around campus is that it was a simple brute force attack which succeeded due to poor ID and password choice for the administration accounts. I say accounts instead of account, as all the Macs apparently had the same insecure (obvious) admin ID and password. They also all had inbound SSH enabled, making them a very easy target. Under this scenario, there was no 'break-in', no OS security flaw, and certainly no virus outbreak.
As for the rest of the info and implications in the article, weeeelll, as much as I like the good press that OSCR got, I'll gently point out that the headline says "Mac", but the picture is of our very fine Dan T., OSCR Tech Lead Extraordinaire, cleaning a virus off of a customers Windows laptop. No Mac in sight. I doubt the reporter could of told the difference anyway.
As for most of the various people quoted, they are not exactly where I would go for Macintosh expertise. They are of course MS Windows techies, extrapolating their narrow focus onto an OS they know little, and in some cases, nothing, about.
As a Macintosh professional IT administrator, I have concluded that there is nothing for me here. (Other than to make sure I have decent IDs and passwords. Well, duh.) Nothing to worry about, no additional steps to take. Mac and OS X will get some real malware sooner or later, certainly, but this isn't it.
As you were.