Magnet Mail Archive: Mac Compromises/Weak passwords

From: John Ives <jives_at_info-sec.Security.berkeley.edu>
Date: Wed Aug 24 2005 - 12:26:49 PDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Everyone,

My apologies for cross posting this to three different lists but
there is a lesson for everyone in this.

Recently, System and Network Security has again seen an increasing
number of Mac OSX computers compromised and set-up as IRC servers
(some of you may remember that a similar message was sent out in
March). While we have not positively identified the cause of these
compromises, there is a good indication that they are the result of
enabling Remote Login and using weak passwords. This is particularly
dangerous on systems where the root user has been enabled, because
the root account has so many privileges and is frequently targeted
for attacks.

While remote access is a handy feature and Apple has made the right
move supporting it via SSH, encrypting the traffic only prevents
password sniffing, not password guessing. Over the years there have
been numerous programs and scripts written to guess passwords via
SSH.

In a March email to Magnet, Aron Roberts outlined several tips for
related to Remote Login security. You can find these tips in the
Magnet archives at:
http://ls.berkeley.edu/mail/magnet/2005/0096.html.

Additionally, if you do not generally need the root user it is
generally a good idea to disable the account. For OS X 10.4
instructions for enabling or disabling the account can be found at:
http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1549.html

At this time I would like to remind everyone (not just the Mac users)
that complex passwords are required as part of the Minimum
Standards. Information on what constitutes a complex password can be
found at:
http://security.berkeley.edu/MinStds/Passwords.html

Yours,

John Ives
System and Network Security

- ----------------------------------------------------------------------
- ---
John Ives
GSEC, GCIH, GCWN
System & Network Security
University of California, Berkeley

Phone (510) 642-7773
Cell (510) 229-8676
- ----------------------------------------------------------------------
- ---

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQwzJ+ZOthQ8M7PCaEQLXlgCgukbUlRhCvcmPyKA6DPiDompwbLgAnjPg
jR6aIja5SMierTiYRZIRK50j
=JUWh
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Wed Aug 24 12:35:23 2005

This archive was generated by hypermail 2.1.8 : Wed Aug 24 2005 - 12:35:24 PDT