Mac hacked in 2 minutes


Recommended Posts

Wrong. Currently they are a lot more secure because there just aren't nowhere near as much real security threats circulating for Mac. Infact the number of those is close to ZERO.

Time to set the record straight (again). You will learn the hard way as will all the people who believe Apple's hype. When Apple is big enough to be a blip on the radar and viruses start to come out everyone will be in a panic because they left their computers unprotected. If Macs were more secure than Windows your argument would be that despite all the threats floating around Macs are not getting hit or not spreading the virus. Just because there aren't many threats discovered/created yet it doesn't logically follow that the system is therefore secure.

If we all used your (Apple's) logic, I could say that my beaten-down screen door is the most secure door in the world. No one has ever broken into my house. But I also live in isolation. Almost everyone else lives in a thriving city and requires deadbolts and strong locks. Sometimes they get broken into by thieves. But my screen door has even better security as I have not once been broken into.

I'm glad your screen door works for now but someone from the city could come out and break into your home and then what will you think of your screen door?

So if Vista will reach the marketshare XP has (won't happen :woot: ) it will be as unsecure as XP?

Let's not talk about marketshare since Apple is enjoying it's single-digit marketshare (which is less than Vista alone)

When Apple is big enough to be a blip on the radar
Let's not talk about marketshare

:laugh:

I wouldn't call OS X unprotected. You described default Win XP installation.

You can spend all day looking for threats that would justify running AV in OS X (for other than catching Windows viruses) but end up being empty-handed.

Disclaimer: Certainly many games are available for users of Apple's OS. For whatever reason, however, one particular franchise seems to be mentioned by the Applese moreso than any other.

Posters in this thread either have to try and keep their own bias for one OS out of their answers or else not answer at all.

Myself included. Be at peace.

The amusing thing about threads like this is that most of the bias expressed is pro-Mac. Statements like "It just goes to show that Mac's aren't as secure as Apple's userbase would like to believe", or "Clearly no OS is secure after all", or even "Vista patches go down, Mac patches go up", don't express any bias whatsoever. Any of them could've been made by a user of any operating system. Even a Mac user could (and many do) say those things without being a hypocrite.

What happens is, somebody says one of those things, and it's like a horn blows, calling the attention of Apple apologists, ready to point out that Vista blows, they can play Civ IV, Apple computers aren't overpriced (and only computers--OS point upgrades, the ipod family, etc, are all left unmentioned), they can play Civ IV, the finer points of what defines 'vulnerability' (also 'hack', 'access', and 'the'), and dammit they can play games too (including Civ IV).

What happens is, somebody says one of those things, and it's like a horn blows, calling the attention of Apple apologists, ready to point out that Vista blows, they can play Civ IV, Apple computers aren't overpriced (and only computers--OS point upgrades, the ipod family, etc, are all left unmentioned), they can play Civ IV, the finer points of what defines 'vulnerability' (also 'hack', 'access', and 'the'), and dammit they can play games too (including Civ IV).

You know how tiring this gets though? Its not like the Mac is physically incapable of playing games - just that Microsoft has a stranglehold on games development with DirectX. It's like suggesting that Windows is completely incapable of running a Mac specific app like Aperture. Yes, it is - but only because Apple haven't made Aperture for Windows. Windows itself is perfectly capable of running it, just as OSX would be perfectly capable of running any games you cared to throw at it - IF they'd actually been developed!

Sheesh.

And on overpriced equipment - what would you like me to apologise for? Leopard costs ?85. I can get it discounted to ?58. Frankly I feel its worth every single penny. As an 'experience' from a user perspective, I think its one of the most well rounded and best put together operating systems i've ever used - and believe me when I say i've used plenty.. from Windows 2.0 (and onwards), Linux (Debian, RedHat, Ubuntu, Slackware, etc), FreeBSD, SGI Irix, Solaris, BeOS, NeXT, amd so forth - you get the idea.

iPods are expensive - yeah. But they're worth it. I have an iPod Nano 3rd Gen I was bought as a present. I love everything about it, and think it's probably one of (if not the) best gadgets i've ever owned and I have a history of frittering money on pointless toys!

What more do you want me to say?

Edited by Chicane-UK

Pours some gas on the fire:

The highlight of the day was the presentation given by Stefan Frei and Bernard Tellenback titled ?0-day Patch ? Exposing Vendors (In)Security Performance? covering their analysis of several years of vulnerability disclosures and patching processes from various vendors, and a detailed dissection of Apple?s and Microsoft?s performance. (from the X-Force perspective, we?ve looked this data in the past, however their analysis focused on correlating multiple external data sources and honing in on the CVE-numbered vulnerabilities with full ?cradle-to-grave? disclosIn essence, with their ?0-day Patch? metrics, they managed to show just how far Apple is trailing Microsoft in security patch responsiveness ? in fact, after inspecting their graphs, Apple appears to be trending entirely in the wrong direction; more vulnerabilities, longer patching times, more 0-days, etc. ? not the sort of thing we expect from a well known software vendor.own software vendor.

While I think that there are quite a few reasons wI?d be inclined to say that Apple?s biggest problem appears to be that they treat every new vulnerability as a potential PR disaster rather than an opportunity to visibly reinforce their work in securing their customerssecuring their customers. In recent times this has most critically been reflected in the way Apple works withI?m yet to find a single security researcher that has had any positive things to say about their dealings with Apple?s security teamwith Apple?s security team).

Source here

I think the big picture and the takeaway that people should really get here is - there are problems. Real problems. I am not so much interested in sensationalistic 2 minute hacks or what not. But trends, as described above, are a problem. I do beleive that Apple will come around, but Apple community has to be raising this to them too. Head in the sand is not a good long term security strategy.

I'll go put on my flame resistant suit on now.

agreed. and yes I use macs. granted unix IS a different beast than windows.

i've gotten just about everyone in my extended family to switch to macs just because they don't have to deal with the security-maintenance [scanning for viruses, malware, spyware, adware, etc.] on a regular basis (which none of them did when they had windows, and unfortunately I'm the family g33k). This made my life a lot easier not having to constantly fix their machines. Don't get me wrong, I think windows is excellent (and still use it daily) as long as you keep up with the security-maintenance.

really cause i dont use AVs or Antispyware apps, i do a monthly scan and i havent had a virus on my windows box since win95

Everything is hackable regardless - if you know what your doing and are innovative enough you can make your way into anything and do anything you want wile there... I take that to an extreme instance and say if your good enough you could hack a staple and make it a bowl of grape jello.

:laugh:

I wouldn't call OS X unprotected. You described default Win XP installation.

You can spend all day looking for threats that would justify running AV in OS X (for other than catching Windows viruses) but end up being empty-handed.

Seriously, just ignore fanboys. :D

Clean Neowin

It is market share based. Why hack and make exploits for QNX when only a few people use it and you can instead make one for windows and get HUNDREADS OF THOUSANDS of credit card numbers, password and other personal detail from users.

Mac is POS and that has been proven multiple times, so is windows, and hell even some linux distros are (lindows). The xbox 360 hasn't been hacked because there is no need for a larger hard drive, and the XNA is out so people can code so no hacking is needed, PS3 has linux (I think) so no hacking needed there either, the homebrew hackers are all happy.

You can store your encryption key ANYWHERE, but once you use it on a PC, I guarantee that forensic science can get your key, it may take a while but they WILL get it, else the encryption would be illegal like it was back in 1994 but now science has evolved so has the recovery abilities. Hushmail is a fine example of security being overturned.

I would be willing to bet everything I have that if everyone went out and used only Mac from tomorrow onwards, the amount of viruses written for windows would take a VERY SHARP drop.

If you could follow Bill gates around with a roll of toilet tissue you would huh?

That's low, couldn't think of a informed well thought out reply, instead steep low! You guys make me laugh, nitpicking Microsoft whenever you possibly can, but when facts are added to the equation, you start posting comments like this, lol. Time to get a life...

Still waiting since March 2001.

Nothing. And these little lab experiments, contests, and "challenges" have been going on for nearly as long.

Until it's in the wild and it's compromised someone's OS X install, it's all just . . .

You keep telling yourself that. The rest of us who've been watching your 100% Apple biased to the point of absurdity posts really enjoy watching you squirm when, heaven forbid, Apple is revealed to be just another computer company, just like everyone else.

Think differently. Think for yourself.

Did anyone even read this? I don't see how he gets so many kudos, he could have been a script kiddie and done this. They said he navigated to a webpage where he stored his exploit code. He didn't even hack it so much as download somthing that hacked it for him. Brilliant, just cheating.

Did anyone even read this? I don't see how he gets so many kudos, he could have been a script kiddie and done this. They said he navigated to a webpage where he stored his exploit code. He didn't even hack it so much as download somthing that hacked it for him. Brilliant, just cheating.

It was my understanding that he wrote the code/exploit. He prepared it on the site so it would be easy to prove his point in the contest.

Regardless, the point is made.

Did anyone even read this? I don't see how he gets so many kudos, he could have been a script kiddie and done this. They said he navigated to a webpage where he stored his exploit code. He didn't even hack it so much as download somthing that hacked it for him. Brilliant, just cheating.

I don't understand - why is that cheating?

Source: http://news.yahoo.com/s/infoworld/20080327...infoworld/96676

It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

No... from what i read it was to find a expoilt in a default install or "shop ready" setup of the MBA which in this case was the safari

Listen mother****ers, you want a real Operating System where you'll be completely safe?

Try OS/2 :D

Sure it's one thing to have malware, but by using a Mac or Linux, you're still on the internet and there are other people that can get to you. Ex: Phising, ID theft, etc. :p

I actually bought a Mac this past summer because I was interested in the security of them. I knew that with the commercials and crap Apple was pushing out promoting the security and knocking Vista that it would make them a prime target. I mean look wouldn't you love to just stuff them and say "I'm the one who drop kicked Apple while they were in the spot light!"

My macbook has been my primary machine since I bought it and I gotta say I really like it for doing 90% of what I do. Stuff like this gets me excited about the platform though because I hope it leads to progress and more exploring.

Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you'll also remember, Shane Macaulay was Dino Dai Zovi's on-site team member at last year's PWN to OWN event in which they ultimately took the top prize.

The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue. Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability. You will be able to track the vulnerability on the Zero Day Initiative upcoming advisories page.

team_vista.jpg

Above pictured is Aaron from TippingPoint on the left officiating in front of the Fujitsu laptop, while Shane Macaulay and his pwnage assistants Alexander Sotirov and Derek Callaway (next from left to right) refine the Adobe Flash exploit.

So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing.

We had an awards ceremony tonight where we officially handed out both winning laptops as well as brand spankin' new Zero Day Initiative laptop bags. Here are a couple of pics of the happy winners:

charlie.jpg

Above pictured is Charlie Miller whose team won the MacBook Air and $10,000 on day two of the contest.

alex_k2.jpg

Above pictured is winner Shane Macaulay on the right showing off the spoils of victory with his friend Alexander Sotirov on the left.

http://dvlabs.tippingpoint.com/blog/2008/0...day-and-wrap-up

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.