入侵一個Mac OS X網頁伺服器只需20分鐘?
Published by Chainsaw March 7th, 2006 in Pitfall.
據Ars Technica報道,有人設立了一台使用Mac OS X Server的Mac mini的網頁伺服器,公開挑戰各大高手去入侵該伺服器,名為”rm my Mac,“挑戰賽。這台伺服器只需六小時就被征破。ZDnet訪問這位入侵者,原來他是利用SSH的一個漏洞去入侵該Mac mini,前後只用了20分鐘。而SSH服務,在Mac OS X預設是關閉的。
由於SSH的問題,是多平台的。Ars Technica指這可能不是Mac OS X Server的問題。就算聲稱最安全的OpenBSD也有SSH問題。Ars Technica指出:
security is a non-trivial problem, and simply choosing one operating system or platform over another does not automatically solve the problem with no further thinking required.
我指出(抄出)
the only winning move is not to play.
4 Responses to “入侵一個Mac OS X網頁伺服器只需20分鐘?”
- 1 Pingback on Mar 7th, 2006 at 13:03 HKT
- 2 Pingback on Mar 8th, 2006 at 00:43 HKT
- 3 Pingback on Mar 8th, 2006 at 09:52 HKT
the only winning move is not to play…..
的確,這世界沒有攻不破的城堡,有出入口<SSH>就有隙可乘啦!