0wn1ng Department Store OS X Machines

Dan and I were in a popular electronics store awhile ago on our way back from GeoCaching. They had some OS X machines there and I thought I’d check out what they were running.

The machines were running some sort of demo. Command-Option-Esc to force quit that demo. That spit me out to the finder. I took a look in the users control panel to see what users they had. A local admin and the regular customer user. I thought that I would just enable Administrator rights for the customers, but I was locked out. Darn. Let’s try something else. I went to Applications > Utilities > NetInfo Manager. In the NetInfo Manager I enabled the root user. This is where the administrators of the machines in the store screwed up. This stuff should be set already so little busy bodies like me can’t screw with their systems. I enabled the root user, back to the control panel, authenticated, and blammo. Access to everything.

The idea that stores are careless like this makes me angry. I could’ve done all kinds of fun things with these machines since they were connected to the outside world. Could’ve been a jerk and destroyed the boot info for the OS, removed all the other accounts but mine, copied trojans to the startup sequence, etc. This is why there are such security problems in our country. People think that bad things can’t happen to them. Well it’s fortunate that it was me this time and not some lunatic doing major dirty work.


p>Since this has happened I’ve emailed the tech people at this chain and told them to distribute a memo to their local techs to enable and secure the root user. I received a nice reply thanking me for bringing this to their attention, but their response also said “We do not actively employ Apple and OS X specialists.” To me, this reads, “We don’t know anything but Windows.” Unfortunate.

This entry was posted in General. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *