aaron posted in hacking on March 7th, 2006
According to the guy that cracked into the contest system “rm-my-box” in sub-30 Minutes, there are still lots of unpublished exploits left in Mac OS X. The host didn’t seem to set the bar too high though, he actually gave out accounts on the system to start with. I’d have to believe that there are tons of SUID binaries there since it comes with root disabled by default.
In related mac-insecurity gossip and stories, the host of the “rm-my-box” challenge alleges that this story about a security researcher getting owned though a Mac at Shmoocon was about Raven Adler. Can anyone confirm or deny? Entertaining nonetheless.