Earlier this week, n2k and myself (onni) visited a "Mac Store" and had a little fun yanking their administrator access on the new Mac OSX. Continued will be a tale of adventure and intrigue, as well as an informational document regarding necessity of securing a machine beyond just the user login.
We arrived at the Mac Store on a fateful, chilly winter's eve around 6pm to be greeted by our loveable apple user. We spent a bit of time scanning for possible weak passwords (as we had found that the apple user's password wasn't really a password at all) to no avail, though I personally still assume that root is given a weak pass.
You can read more in the article, but it ends with the following conclusions...
In my opinion, the major accomplishment was not actually getting administrator privs, it was actually the fact that we did all of this while the Mac sales agents were standing right behind us – although n2k was politely asked not to delete "the password file." We proceeded to giggle like little schoolgirls at the thought that we expected to do something malicious. In fact, we went as far as to document how we did what we did before we left, hopefully they'll take heed and try and work something into the next Mac OSX patch.
As for the fact that they Mac Store staff didn't do anything, we can't stress enough that it's your responsibility to stop anyone that looks questionable from touching your machines - I don't care if you only get paid minimum wage, it's a moral responsibility to your employer (not to say you can't let us roam free though ;).
They left with this note being displayed on the mac...
- so is it still being rooted even if it's mac osx? thanks for the fun, make sure to remove all of the additional users we added, and remove apple from the admin family!
hugz and kisses, n2k & onni, neworder
ps if Barbie is so popular, how come you have to buy all of her friends? seriously, that's such a rip off...
News source: NewOrder - Mac Attack Part 1: The Mac Hack