PDA

View Full Version : Apple's in the eye of flaw finders


MacBytes
Feb 8, 2006, 08:20 AM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Apple Software
Link: Apple's in the eye of flaw finders (http://www.macbytes.com/link.php?sid=20060208092048)
Description:: At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher's PowerBook, disabling the firewall and starting up a file server.

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

nagromme
Feb 8, 2006, 09:12 AM
Pretty vague, classic FUD if you ask me--and on a web site owned by Symantec. Real facts mixed with a careful slant to paint a picture?

"It has not had the experience that Microsoft had with its summer of worms."

Yet, it's almost certain the experience will come, he said."

Oh, no! The summer of worms! Macs will be JUST AS BAD as Windows! :o

He says his PowerBook was fully secured, but details are scarce. I for one am not fleeing in terror to the "security" of Windows, nor rushing to pay Symentec until there IS a Mac virus ;)

No OS is perfect. This is the year of the OS X exploit? I think not. That year was the year OS X was released! There have been, and will be, security flaws in OS X. And Mac OS X machines have been invaded by outsiders in the past.

So I do find it believable that someone at a hacking convention could possibly "hack into" your Mac (especially if they have sneakily gotten your password: the writer says they can find no evidence of how the intrusion happened, so I say, never overlook the obvious). Hacking in is not to be confused with viruses and worms, though.

The question is, though, are all flaws created equal?

Assuming Macs have the same or greater "number" of flaws as Windows (doubtful), how easy are they to exploit, and what level of damage can you do?

When I read about the periodic patches Apple releases for newly-discovered flaws, they often sound like the stars must precisely align in order for it to become an issue. (In fact, some require the hacker to be physically sitting at your machine.) And once someone hacks into your user account, that doesn't necessarily give them root access, either.

In any case, OS X being in the sights of security researchers is a good thing, in my book! The press may not like Apple's refusal to comment, and call that "poor security awareness," but as long as Apple is collecting the security information and acting on it, that's the main thing for me.

And if this IS the "year of the OS X exploit" and that DOES mean viruses and worms... will it mean anything CLOSE to the problems Windows users face? No, it won't.

And I'm also wondering if this writer perhaps didn't REALLY lock down his PowerBook in every way that Apple provides. Was he using File Vault? If his friend's name was stolen despite File Vault encryption, and it was done without knowing the guy's decryption password, then that's an accomplishment. But he doesn't go into any detail of what really happened.

My own fear of the sky falling won't come until something more detailed and specific emerges.

I do think there will be a Mac OS X virus someday (not in Windows-like numbers!) but I actually read an article recently by a security professional who thinks there won't ever be one--and not because of obscurity either. So I guess viewpoints on Mac security run the gamut.

Applespider
Feb 8, 2006, 09:24 AM
I had a quick search around the Web and this is the only reference to a Powerbook being 'hacked' at the conference. None of the other blogs/news reports of it mention this at all... There are no names or clues to the identity of the researcher; so how reliable is this report?

There's apparently no trace of how this was done? Really? There's no guarantee that the guy didn't have an obvious password, didn't leave his PB alone at any point and let's face it, we only have the 'researcher's word' for it that it was fully locked down.

If they expect me to believe this, I want more information. I'm all for being continued alertness and wariness on OS X but the more FUD that gets spread, the less likely people are to take it seriously. Haven't these guys heard of the boy who cried 'wolf'?

shamino
Feb 8, 2006, 09:48 AM
I do think there will be a Mac OS X virus someday (not in Windows-like numbers!) but I actually read an article recently by a security professional who thinks there won't ever be one--and not because of obscurity either.
Hello. I am a manual-activation worm/virus. Please post this message to every newsgroup you have access to and erase your hard drive.

Thank you.

nagromme
Feb 8, 2006, 09:57 AM
Hello. I am a manual-activation worm/virus. Please post this message to every newsgroup you have access to and erase your hard drive.
Now posting from my old machine. That worked! :(

otter-boy
Feb 8, 2006, 10:01 AM
Hello. I am a manual-activation worm/virus. Please post this message to every newsgroup you have access to and erase your hard drive.

Thank you.

Now that I read this worm/virus, my computer is doomed!!! Must buy Symantec quickly before I erase my hard drive--too late!!! My Mac has been hax0r3d by the l33t worm/virus writer that is shamino!!!!!!!! :eek: :p :rolleyes:

dswoodley
Feb 8, 2006, 12:17 PM
I find it hard to take seriously anyone who makes a contraction out of "Apple is" and puts it in a headline.

"Apple's in the eye of flaw finders"

macnulty
Feb 8, 2006, 12:54 PM
I find it hard to take seriously anyone who makes a contraction out of "Apple is" and puts it in a headline.

"Apple's in the eye of flaw finders"

I missed that completely, I read it as plural.