PDA

View Full Version : Apple.co.kr Hacked?


MacRumors
May 3, 2006, 02:49 PM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com)

Silicon.com reports (http://networks.silicon.com/webwatch/0,39024667,39158606,00.htm) that Apple's Korean online store (http://apple.co.kr/store) was hacked and defaced.

The defacement was reported to be a dozen lines of code posted to the Apple.co.kr homepage. It was removed quickly by Apple after being notified of the incident.

The attack, carried out by someone working under the name 'Dinam', who claimed in his post to be Turkish, was brought to the attention of silicon.com last Thursday.

Apple.co.kr is running (http://toolbar.netcraft.com/site_report?url=http://www.apple.co.kr) under Mac OS X/Apache. Few other details are available at this time, and Apple has made no comment.

arn
May 3, 2006, 02:50 PM
http://www.zone-h.org/en/defacements/view/id=3680404/

supposed to be documentation of it I guess. still very few details.

arn

WildCowboy
May 3, 2006, 02:50 PM
Hmmm...is this really Page 1 worthy?

arn
May 3, 2006, 02:52 PM
Hmmm...is this really Page 1 worthy?

guess it depends how it was hacked ;)

arn

eva01
May 3, 2006, 02:52 PM
Hmmm...is this really Page 1 worthy?

nope, not at least in my opinion.

bousozoku
May 3, 2006, 02:55 PM
Hmmm...is this really Page 1 worthy?

Definitely.

It says a lot about WebObjects + Apache and hints at Mac OS X being a vulnerable host, even if it wasn't the host.

I'm wondering why he attacked a low traffic area instead of the U.S., UK, or Japanese store.

runplaysleeprun
May 3, 2006, 02:56 PM
Seems its top-news worthy on other mac-centric sites. not that i say following others is always a great move, i'm only just saying others seem to think its big enough news.

wonder what the code was.

UberMac
May 3, 2006, 02:58 PM
Well assuming that the site is hosted by Mac OS X server and on Xserves this seems to say a lot about the security of Apple systems - ironically only days after it started advertising itself for having no viruses (Yes, I understand that this isn't a virus!)...:o

Uber

EDIT: Anybody have any pics of the site hacked?

Metatron
May 3, 2006, 03:01 PM
Scary...and could be really bad news depending on how it was hacked. One can hope the flaw was in apache...

mcarnes
May 3, 2006, 03:03 PM
Hmmmm, sign of things to come with the new ads taunting the nerds? I hope not.

Texas04
May 3, 2006, 03:04 PM
Somone saw the Virus commercial and gave a whack at it... at least thats my opinion... But I do think it is page 1 worthy,

You cant live without harm,

For Example...
You cant walk outside without being vunerable to a virus or cold of some kind.
Your computer cant communicate with others without being vunerable to a virus or malicious code of some kind...

But once we know a virus is there we have medicine to cure it.
Once we see a vunerablilty by somone hacking we patch it and move on.

^Endless cycle of life^

iMeowbot
May 3, 2006, 03:06 PM
mail.apple.co.kr was defaced (http://www.zone-h.org/en/defacements/view/id=3738607/) too, today.

yellow
May 3, 2006, 03:06 PM
Well assuming that the site is hosted by Mac OS X server and on Xserves this seems to say a lot about the security of Apple systems

I wouldn't necessarily say that.. I'd be more inclined to peer at Apache, but that's just me.

miketcool
May 3, 2006, 03:10 PM
And so the cold war begins...

eva01
May 3, 2006, 03:14 PM
I wouldn't necessarily say that.. I'd be more inclined to peer at Apache, but that's just me.

Thats my guess

G99
May 3, 2006, 03:14 PM
Have Apple made any comment about his yet?
And, does anyone have any idea what exactly was defaced? Visiting it now, I see some of the icons are missing, but this might have not been related to the attack...

boncellis
May 3, 2006, 03:14 PM
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

If it is in conjunction with the "challenge" to hackers within the new ad campaign, why wouldn't Apple.com be hacked--better security? Somebody educate me.

Lollypop
May 3, 2006, 03:17 PM
Wonder if we will soon se the first security patch for may! :p

I think its Page 1 worthy.

WildCowboy
May 3, 2006, 03:17 PM
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

Because there are no international borders in cyberspace...

PlaceofDis
May 3, 2006, 03:18 PM
wonder how it was hacked, and why the Korean site?
perhaps the US or an European store couldn't be hacked and had to settle for the Korean one? details are few so hopefully more light will be shed on this incident.

Lollypop
May 3, 2006, 03:20 PM
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

If it is in conjunction with the "challenge" to hackers within the new ad campaign, why wouldn't Apple.com be hacked--better security? Somebody educate me.

Going after a "lesser" site is a tactic hackers usually use, they wont have the latest and greatest security because they dont have the trafic the bigger sites have and the damage if hacked isnt as much either. Apple should however make sure all their commerce sites are secured with only the best.

longofest
May 3, 2006, 03:20 PM
Hmmm...is this really Page 1 worthy?

Did you see what OS it was running on? OSX Server/Apache. If this was hacked from the outside, then absolutely this is page1 worthy. Shows that MacOS is not invulnerable, and apparently not even when its hardened!

eva01
May 3, 2006, 03:22 PM
Did you see what OS it was running on? OSX Server/Apache. If this was hacked from the outside, then absolutely this is page1 worthy. Shows that MacOS is not invulnerable, and apparently not even when its hardened!

who thought it was invulnerable?

:rolleyes: Nothing is invulnerable

yellow
May 3, 2006, 03:26 PM
Did you see what OS it was running on? OSX Server/Apache. If this was hacked from the outside, then absolutely this is page1 worthy. Shows that MacOS is not invulnerable, and apparently not even when its hardened!

Again, I seriously doubt it's OS X. I'm betting something unpatched in the Apache that was running. But I could be wrong. However, no one that has a Clue™ said that OS X was invulnerable.

People should really look at the other stats the attacker has on the Zone-H site. (http://www.zone-h.org/defacements/filter/filter_defacer=By%20Dinam)

There's only 3 (reported) of 116 by "By Dinam" that target OS X. Most are IIS/Windows targets.

jaxstate
May 3, 2006, 03:28 PM
Seems kinda ironic that this happens a day or so after the release of the "virus" and the other apple ads.
Hmmmm, sign of things to come with the new ads taunting the nerds? I hope not.
Note to Apple, dont piss off the nerds.:cool:

thevil
May 3, 2006, 03:29 PM
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

The hacker probably ran some software that scanned through a list of sites looking for a vulnerability.

Like Apache Vulnerability Scanner.

Mod Edit: deleted link to vulerability scanner... too prone to abuse.

longofest
May 3, 2006, 03:30 PM
who thought it was invulnerable?

:rolleyes: Nothing is invulnerable

I certainly never said it was invulnerable, but plenty of fellow Mac users seem to claim or at least act like it is.

Side note: A big part of me likes the new commercials because they showcase Mac features which Apple hasn't always done a good job of doing, but one thing I hate about them is that Virus one. Definitely feel it is misleading.

I hope this plus the virus plus the unpatched security flaws (http://www.macrumors.com/pages/2006/04/20060427020719.shtml) that have been around for months will force Apple into a security huddle kind of like what Microsoft did a little while back, and get serious about security. We don't want our prized OS to become as big of a joke as MS's is (if that's possible)...

However, no one that has a Clue™ said that OS X was invulnerable.

once again, I am not saying that anyone is blatantly saying this, but more that many Mac fans act this way.

Lollypop
May 3, 2006, 03:31 PM
Again, I seriously doubt it's OS X. I'm betting something unpatched in the Apache that was running. But I could be wrong. However, no one that has a Clue™ said that OS X was invulnerable.

Im personally very surprised that apple doesnt release more frequent patched for their server software, sure some of the patches arent that big, but it will only take a small hole to do a lot of damage. Have monthly or bi-monthly updates for the deskop users, and weekly fixes for the open source stuff in the Server edition.

Wellander
May 3, 2006, 03:31 PM
Hi,
Hackers = very bad.
Apple should take legal action on that if they did not already.

yellow
May 3, 2006, 03:32 PM
Hackers = very bad.
Apple should take legal action on that if they did not already.

Easier said than done. Where exactly does one send the lawyers? ;)

WildCowboy
May 3, 2006, 03:34 PM
Easier said than done. Where exactly does one send the lawyers? ;)

Through the Interweb...

nagromme
May 3, 2006, 03:35 PM
It says a lot about WebObjects + Apache and hints at Mac OS X being a vulnerable host, even if it wasn't the host.
It says nothing about any of that, until we know WHAT was done and HOW.

Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?

Or is OS X as insecure as Windows and we are all doomed? :D

I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me :)

PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!


I certainly never said it was invulnerable, but plenty of fellow Mac users seem to claim or at least act like it is.
Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing? ;) Somehow all I ever seem to see is Mac users claiming that OS X is less vulnerable than Windows.

jaxstate
May 3, 2006, 03:37 PM
Waiting for facts on a rumor site? Yeah ok, we'll do that.:rolleyes:
It says nothing about any of that, until we know WHAT was done and HOW.

Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?

Or is OS X as insecure as Windows and we are all doomed? :D

I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me :)

PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!

nagromme
May 3, 2006, 03:43 PM
Waiting for facts on a rumor site? Yeah ok, we'll do that.:rolleyes:
Ah, you see: waiting for facts is irrelevant to rumor, speculation, guesswork, discussion, and good old fashioned fun. I hope none of those ever stop here.

But I'm proposing something more: let's make not mere speculation, but assumptions--and then state them as solid info! :) Even MORE fun that way.

swingerofbirch
May 3, 2006, 03:53 PM
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.

It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.

Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.

For shame Apple. For shame.

nagromme
May 3, 2006, 03:56 PM
I agree about the boasting.

It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.

j/k

I don't think the ads caused the defacement (nor the defacement any real harm) in any case. Besides, the ad talked about viruses, not about enterprise web hosting.

shawnce
May 3, 2006, 03:59 PM
Thats my guess

...or just a weak user password and ssh enabled and accessible from the outside.

You should see the logs from a Mac OS X server I run at home (good old little cube) that has publicly available ssh port... miles and miles of username / password attempts. That is why I have a 20 digit password minimum for any user on that system.

jaxstate
May 3, 2006, 04:05 PM
Is this backwards?

From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:

2 are rated Exteremly Critical, 1 remains partially unpatched
2 are rated Highly Critical, 1 remains unpatched


Of 7 Windows XP Pro vulnerabilities this year:

0 are rated Exteremly Critical, 0 unpatched
2 are rated Highly Critical, 0 unpatched

longofest
May 3, 2006, 04:05 PM
Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing? ;) Somehow all I ever seem to see is Mac users claiming that OS X is less vulnerable than Windows.

From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:

2 are rated Exteremly Critical, 1 remains partially unpatched
2 are rated Highly Critical, 1 remains unpatched


Of 7 Windows XP Pro vulnerabilities this year:

0 are rated Exteremly Critical, 0 unpatched
2 are rated Highly Critical, 0 unpatched


...or just a weak user password and ssh enabled and accessible from the outside.

A weak password for a corporate public webserver? Come on...

longofest
May 3, 2006, 04:06 PM
Is this backwards?

No.

Mac: http://secunia.com/product/96/?period=2006#statistics
WinXP: http://secunia.com/product/22/

Fiveos22
May 3, 2006, 04:14 PM
screen shots?

shawnce
May 3, 2006, 04:15 PM
A weak password for a corporate public webserver? Come on...

It happens (I have seen it)... but it shouldn't. That is the easiest attack vector and until we know more about what happened it remains at the top of my list.

kettle
May 3, 2006, 04:18 PM
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.

It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.

Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.

For shame Apple. For shame.

Maybe you want to step outside to the "Politics, Religion, Social Issues" forums where you can have that stinking "off topic" piece of slander/libel reinserted.

BTW the Titanic was designed in Belfast, N.Ireland.
:rolleyes:

yellow
May 3, 2006, 04:19 PM
From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:

2 are rated Exteremly Critical, 1 remains partially unpatched
2 are rated Highly Critical, 1 remains unpatched


Of 7 Windows XP Pro vulnerabilities this year:

0 are rated Exteremly Critical, 0 unpatched
2 are rated Highly Critical, 0 unpatched


Your point?

charris
May 3, 2006, 04:21 PM
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

If it is in conjunction with the "challenge" to hackers within the new ad campaign, why wouldn't Apple.com be hacked--better security? Somebody educate me.

Others have suggested that the Korean site(s) were targeted because they were easier prey, but the first Turkey-Korea connection that popped into my head was the 2002 World Cup. Korea and Turkey played each other for third place. Turkey won the game, which makes it unlikely that Turkish fans would harbor bitterness towards Koreans, but perhaps it was lingering animosity. I wonder if there's a significant Korean population in Turkey.

boncellis
May 3, 2006, 04:21 PM
...I hope this plus the virus plus the unpatched security flaws (http://www.macrumors.com/pages/2006/04/20060427020719.shtml) that have been around for months will force Apple into a security huddle kind of like what Microsoft did a little while back, and get serious about security. We don't want our prized OS to become as big of a joke as MS's is (if that's possible)...

Couldn't agree more. Why would those security flaws still be around, even if they're not being exploited on a wider scale?

Maybe Apple is hoping to "fix it all" with 10.5.

longofest
May 3, 2006, 04:23 PM
Your point?

Was replying to nagroome's (sp?) post about mac users trying to assert that Mac is less vulnerable. I was making the point that we are often more vulnerable, even though exploits don't get written as often because we don't own as much of the market. As we can see, with Apple attracting more attention to themselves, it looks like we may see more and more exploits.

Couldn't agree more. Why would those security flaws still be around, even if they're not being exploited on a wider scale?

Maybe Apple is hoping to "fix it all" with 10.5.

glad to see someone's with me here :)

ChrisA
May 3, 2006, 04:24 PM
Scary...and could be really bad news depending on how it was hacked. One can hope the flaw was in apache...

No, Apache runs user written scripts. Let's hope the problem was in the stuff the Apple web designers wrote. Actually it is triveal to write a truely horable bin/cgi script. For example I could write one in only two lines that simply passes it's argument to the shell. And then bingo. With no flaw in either Mac OS or Apache the whole world would have shell level acces to the user account that runs Apache and could then make any change to the site.

What I suspect is that what Apple did was to write an only slightly less stupid than the triveal one I describbed above.

roach
May 3, 2006, 04:24 PM
Seems kinda ironic that this happens a day or so after the release of the "virus" and the other apple ads.

Note to Apple, dont piss off the nerds.:cool:

This is what I was thinking. Every time a big corporate makes claim of their impenetrable security product, it's an instant challenge to hacker and virus writer. Plus the instant media exposure they receive. It also doesn't help having some users (like some people in this forum) also being arrogant about...Hackers wants people to eat their words. Microsoft went through being a target…looks like Apple is also going through being a target.

shawnce
May 3, 2006, 04:24 PM
I prefer CERT and it looks like... (IMHO secunia likes to label things that are really a social engineering type exploit as uber critical)

Mac OS X - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/629845
http://www.kb.cert.org/vuls/id/115729
http://www.kb.cert.org/vuls/id/913449
http://www.kb.cert.org/vuls/id/176732
http://www.kb.cert.org/vuls/id/980084
http://www.kb.cert.org/vuls/id/999708

Windows XP - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/388900
http://www.kb.cert.org/vuls/id/953860

whee900
May 3, 2006, 04:25 PM
Probably just guessed the right password... Given enough time, anybody could do something like that.

AeChei
May 3, 2006, 04:29 PM
Through the Interweb...

oh man. :D

but would lawyers running loose on the interweb be better or worse than the hackers?
I bet that we would rather have the hackers.

Rustus Maximus
May 3, 2006, 04:31 PM
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.

It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.

Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.

For shame Apple. For shame.

Actually they boasted that God Himself couldn't sink her...and it wasn't England as a whole...just the obnoxious White Star Line.

As for Apple's boasting, they are just stating facts, whether people agree that OS X is invulnerable or not. Nothing is impossible. At least...we haven't found the impossible thing yet.

What if Apple is right though? What if OS X IS the "Unstoppable Force"?? The mind boggles... :D

However without all of the details we'll continue to see this thread fill up with more radical ideas than a French Economic convention. Sooooo....

Patience lads...patience.

boncellis
May 3, 2006, 04:32 PM
...As we can see, with Apple attracting more attention to themselves, it looks like we may see more and more exploits.

...glad to see someone's with me here :)

Word up. I know how to keep it real wit' my peeps from No. VA (McLean, personally).

The more I think about it, the more it makes sense that this was in response to the advertisements--are they running in Europe as well as the States? Whoever it was probably tried several different localizations until he was able to pinpoint a hole in the .kr page.

There are some very sensitive hackers out there! I, for one, hoped Apple would advertise a specific (new) product rather than misleading generalizations. This is probably just a blip on their radar anyway.

yellow
May 3, 2006, 04:33 PM
Was replying to nagroome's (sp?) post about mac users trying to assert that Mac is less vulnerable. I was making the point that we are often more vulnerable, even though exploits don't get written as often because we don't own as much of the market.

Hate to use your own source against you..

Mac OS X:
2003: 23 advisories
2004: 15 advisories
2005: 22 advisories


Windows XP:
2003: 30 advisories
2004: 29 advisories
2005: 45 advisories


I guess it depends on what your definition of "often" is. ;)

The more I think about it, the more it makes sense that this was in response to the advertisements--are they running in Europe as well as the States? Whoever it was probably tried several different localizations until he was able to pinpoint a hole in the .kr page.

Again, looking at the attacker stats on the Zone-H site, it appears that By Dinam has been a busy little beaver.
I'm confident that is has little to nothing to do with the ads.

http://www.zone-h.org/defacements/filter/filter_defacer=By%20Dinam



Enjoy.

chuckzee
May 3, 2006, 04:36 PM
The floodgates have opened



http://www.zone-h.org/en/defacements/filter/filter_defacer=By+Dinam/page=1/

ChrisA
May 3, 2006, 04:36 PM
...
You should see the logs from a Mac OS X server I run at home (good old little cube) that has publicly available ssh port... miles and miles of username / password attempts. That is why I have a 20 digit password minimum for any user on that system.

I only enable SSH from a narrow set if IP addresses. Even if one of your SSH users need access from a DHCP configured machine his IP address would come from a relatively small pool.

Requiring ong passwords can be counter productive. Users will either make up easy to remember passwords like "onetwothreefourfive" or they will write down the password or (worse) store it in some text file.

Our company uses a combination of single use password and a normal user password. So a compromise of either does no harm.

arn
May 3, 2006, 04:39 PM
just to stem the discussion, website hacks are common and are typically the result of poorly configured scripts or security holes in apache/php.

and defacement of a file doesn't necessarily mean the person could have run arbitrary code etc...

the fact that it ran under Mac OS X isn't necessarily relavent, and if it were a random Mac OS X site and not Apple.co.kr, it wouldn't have made page 1. Even with Apple.co.kr, it was somewhat debatable, but enough sites had picked it up already.

arn

winmacguy
May 3, 2006, 04:43 PM
guess it depends how it was hacked ;)

arn
I was reading that they used the admin password, so maybe they got it while sleeping with the sysadmin...:p

shawnce
May 3, 2006, 04:44 PM
I only enable SSH from a narrow set if IP addresses. Even if one of your SSH users need access from a DHCP configured machine his IP address would come from a relatively small pool. I was talking about a personal server of mine, memorizing a strong 20+ character password is normal for me... :)

We use two factor authentication around here otherwise.

wandering
May 3, 2006, 04:45 PM
If you look at the source of applestore.co.kr there's a meta tag that was left my a Microsoft Web Page editor.

"<META content="MSHTML 6.00.2730.1700" name=GENERATOR>"

Do they update their site with Frontpage? If so then that means that MS frontpage server extensions might be installed on Apache. Maybe a clue.

That meta tag doesn't come up on apple.com/store, so maybe the web servers are set up differently and apple.co.kr isn't as secure.

yellow
May 3, 2006, 04:45 PM
The floodgates have opened
http://www.zone-h.org/en/defacements/filter/filter_defacer=By+Dinam/page=1/

Yes.. a total of 3. Posted earlier in the thread.

shawnce
May 3, 2006, 04:46 PM
just to stem the discussion, website hacks are common and are typically the result of poorly configured scripts or security holes in apache/php. Yup.

winmacguy
May 3, 2006, 04:48 PM
Again, looking at the attacker stats on the Zone-H site, it appears that By Dinam has been a busy little beaver.
I'm confident that is has little to nothing to do with the ads.

http://www.zone-h.org/defacements/filter/filter_defacer=By%20Dinam



Enjoy.
I think dinam needs a girlfriend or an alternative form of distraction, like maybe to go outside and play in the traffic for a bit judging by that list of websites that have been hacked or defaced.

yellow
May 3, 2006, 04:52 PM
I think dinam needs a girlfriend or an alternative form of distraction, like maybe to go outside and play in the traffic for a bit judging by that list of websites that have been hacked or defaced.

Either that or switching to decaf. :)

winmacguy
May 3, 2006, 04:54 PM
Either that or switching to decaf. :)
Where's the fun in that?:eek:

AlmostThere
May 3, 2006, 04:58 PM
Easier said than done. Where exactly does one send the lawyers? ;)

Seeing as the Apple Store was hacked ... follow the order for 10,000 MacBook Pros :)

Oh, wait. This is Apple Tracking we are talking about. Better ask apecode :D

nagromme
May 3, 2006, 04:59 PM
From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:

2 are rated Exteremly Critical, 1 remains partially unpatched
2 are rated Highly Critical, 1 remains unpatched


Of 7 Windows XP Pro vulnerabilities this year:

0 are rated Exteremly Critical, 0 unpatched
2 are rated Highly Critical, 0 unpatched


Or, a broader perspective:

Windows XP Home:
http://secunia.com/product/16
23 out of 116 advisories, rated up to Highly Critical, are marked as unpatched by Secunia.

XP Professional:
http://secunia.com/product/22
27 out of 131 advisories, rated up to Highly Critical, are marked as unpatched.

Internet Explorer 6.x:
http://secunia.com/product/11
19 out of 99 advisories, rated up to Moderately Critical, are marked as unpatched.

Safari 2.x:
http://secunia.com/product/5289
1 out of 3 advisories, rated up to Not Critical, are marked as unpatched.

Mac OS X:
http://secunia.com/product/96
1 out of 69 advisories, rated up to Highly Critical, are marked as unpatched.


In any case, you may be confusing a couple things if you find yourself arguing against Mac users who contend (as I do) that Macs are more secure than Windows.

1. Personal computer security from viruses and web server security from defacement are two very different things. We usually discuss the former, but this is the latter.

2. Number of vulnerabilities isn't the be-all measure. There's also the likelihood of that vulnerability being exploited. Even within a category (like "Highly Critical" by Secunia's criteria), not all vulnerabilities are created equal. Design and target size both are factors there.

But when all the oversimplification is said and done, I still see Macs being a much safer platform to have my data on--and I do NOT see users claiming that safety is perfect. It isn't--it's just much better than Windows. (BOTH by design and by market share--and both advantages are here to stay.)

Was your objection against Mac users saying we're perfectly safe? Or against Mac users saying we're safeER?

benpatient
May 3, 2006, 05:10 PM
wow. you guys are seriously sensitive about this security risk stuff...

too bad OS X is getting less secure every day...

ChrisA
May 3, 2006, 05:34 PM
Or, a broader perspective:

Windows XP Home:
http://secunia.com/product/16
23 out of 116 advisories, rated up to Highly Critical, are marked as unpatched by Secunia.

XP Professional:
http://secunia.com/product/22
27 out of 131 advisories, rated up to Highly Critical, are marked as unpatched.



On a realated note: Woman has purse snatched after parking her Toyota and this get listed as a "toyota related security problem" Has with the person who just drove a Honda geting listed as a "Honda problem". So if someone gues a password on a Solaris system doesthis count as a "Solaris Problem".

What you all have to remember is the Mac OSX is UNIX. It rund the same server code that runs on Linux, Solaris and BSD. Apache is Apache. It don't mater if Apache drives a Toyota or a Honda. In this case it likely was not even Apache that was exploited. More likely it was something in Apples web design

Kenndac
May 3, 2006, 05:58 PM
too bad OS X is getting less secure every day...
Yeah, 'cause my Mac is slowly uninstalling system and security updates all on it's own...

Eniregnat
May 3, 2006, 06:06 PM
This didn’t seem to have any political point, less sending people to the hackers email. It doesn’t state anything about an activest group, a microculture with in Turkey, or political party.

from Zone-h (http://www.zone-h.org/defacements/mirror/id=3680404/)archive. <!--#include file="database.asp"-->
<!--#include file="Server-CreateObject.asp"-->

<%
If hacked.eof then
Response.Write (" This Web Page Hacked ")
Response.Write (" Hacked By Dinam ")
Response.Write (" RSA key fingerprint : 4f:b8:e8:83:h7:82:1g:t4:2e:49:72:41:f2:19:66:ea ")
Response.Write (" Are you sure you want to continue connecting (yes/no)? ")
Response.Write (" yes ")
Response.Write (" Root: Hacker By Dinam ")
Response.Write (" password: ******* ")
Response.Write (" Md5 : 3f3082fd88c694198de78162285940bf ")
Response.Write (" Checksum : --->> Game Ower :) ")
End If
%>

I think we can rule out any brute force methods, so either this guy applied some social engenering (or was socialy engineered her/him self) or he did some great data scaveging and extrapolated out some sort of pattern to Apple’s password. Likely she/he spoofed his address along with any password requirements.

Well done (I don’t condone defacement of sites, but I admire the effort). This was a lot of work for this person to do, regardless of what loopholes were exploited.

It seems like the hacker gave Apple a break by not having any vulgarity or a clear message (other than self aggrandizement.)

Is it page one news... no.

Also, Kudos to Apple for catching quickly.

legacyb4
May 3, 2006, 06:15 PM
At least it's reported by Netcraft to be Mac OS X.

http://uptime.netcraft.com/up/graph?site=www.apple.co.kr

Well assuming that the site is hosted by Mac OS X server and on Xserves

wnurse
May 3, 2006, 06:17 PM
who thought it was invulnerable?

:rolleyes: Nothing is invulnerable

The people who say viruses cannot be written for the mac (and there are a lot of these people).. now, this is not a virus and heck, who knows what was hacked (apache, OSX??) but yeah, a lot of people said OSX was invulnerable. If you want to find out who they are, go read any thread that discusses viruses in the microsoft world. I'm sure you'll find many mac fanatics loudly exclaiming how that could never happen on a mac. Make a list of the names and then examine it carefully, You might be surprised to find yourself on it.

Eniregnat
May 3, 2006, 06:21 PM
wow. you guys are seriously sensitive about this security risk stuff...

too bad OS X is getting less secure every day...

Actually it's a two fold problem.

1.) Perception- we are finding out about problems as we look for them. They were always there in OS X, but as we find them, it looks as though there are more. So in this case I disagree.

2.) Reality- As any OS adds features, 3 things happen. It becomes larger. It has more bugs. It has a larger number of security holes/flaws. So as Apple adds features I agree, but on a day to day basis the OS it's self is not becoming less secure.

MicroSoft, Sun, Apple and the Open source OS s are all making larger and larger OS S, with more features, more bugs to fix, and with intentional and unintentional security holes.

I do wonder why people are touchy about pointing out OS X’s exploits. One can’t preach the virtues of one’s self with out also acknowledging ones foibles.

dejo
May 3, 2006, 06:33 PM
If you want to find out who they are, go read any thread that discusses viruses in the microsoft world. I'm sure you'll find many mac fanatics loudly exclaiming how that could never happen on a mac. Make a list of the names and then examine it carefully, You might be surprised to find yourself on it.

Windows viruses don't work on Mac OS X so saying "that could never happen on a Mac" is kinda true.

But anyways, okay, let's hear some of these names...

(And then we'll see if they are respected members of the MacRumors community.)

longofest
May 3, 2006, 06:34 PM
Was your objection against Mac users saying we're perfectly safe? Or against Mac users saying we're safeER?

Neither. It is their actions and their auroa that worry me most. I worry that fellow mac users (and I do stress fellow, because I obviously am one) get too prideful about the lack of exploitations, and get lax in their security practices. Safari should NEVER have "open 'safe' files" turned on, for instance. Of course, I blame this more on Apple than mac users...

Inevitably, there will be a well crafted worm that crushes a lot of Mac users because they are less mentally prepared for it than battle-hardened Windows users are.

swingerofbirch
May 3, 2006, 06:38 PM
Actually they boasted that God Himself couldn't sink her...and it wasn't England as a whole...just the obnoxious White Star Line.

As for Apple's boasting, they are just stating facts, whether people agree that OS X is invulnerable or not. Nothing is impossible. At least...we haven't found the impossible thing yet.

What if Apple is right though? What if OS X IS the "Unstoppable Force"?? The mind boggles... :D

However without all of the details we'll continue to see this thread fill up with more radical ideas than a French Economic convention. Sooooo....

Patience lads...patience.

Thanks for the info mate.

Boggles the mind: the majesty of the ship tumbling towards the ocean floor in the middle of a frigid dark night. I wonder if it was God that sank the ship, or if it was the iceberg, or the foolish captain, or shotty engineering. Hard to say really. Maybe a little of each. I still don't understand why Rose let go off Jack's hand. How did she know he was dead and not just in a coma?

Now the QM2, there's a ship to behold. I would like to board her one day. I believe Cunard is the line that puts her out. Have you had the good fortune? I am assuming you are from the motherland because of your insights into Titanic....

Squire
May 3, 2006, 06:43 PM
Others have suggested that the Korean site(s) were targeted because they were easier prey, but the first Turkey-Korea connection that popped into my head was the 2002 World Cup. Korea and Turkey played each other for third place. Turkey won the game, which makes it unlikely that Turkish fans would harbor bitterness towards Koreans, but perhaps it was lingering animosity. I wonder if there's a significant Korean population in Turkey.

I don't think it has anything to do with Turkish-Korean ties. As others have suggested, it was likely an easier target somehow.

-Squire

dejo
May 3, 2006, 06:50 PM
Inevitably, there will be a well crafted worm that crushes a lot of Mac users because they are less mentally prepared for it than battle-hardened Windows users are.

Based on how we handled the Oompa/Loompa, which originated on these forums, I'm not overly worried. Word and measures will spread quickly.

Squire
May 3, 2006, 06:57 PM
I could be reaching here but is it possible that the apple.co.kr site isn't even operated by Apple? I know it sounds crazy but there's a company here (in Korea) that takes care of Apple sales. Call them a subcontractor, I guess. Perhaps part of their role is to take care of online sales (and the site in general) as well. Whenever there's an updated product, it takes ages for it to show up on the Apple.co.kr site. In fact, up until a couple of years ago, you couldn't even buy stuff from the Korean online Apple site.

-Squire

weg
May 3, 2006, 07:06 PM
Where exactly does one send the lawyers? ;)
To hell with them, if you ask me.

Goliath
May 3, 2006, 07:16 PM
Actually they boasted that God Himself couldn't sink her...and it wasn't England as a whole...just the obnoxious White Star Line....

There's a belief amongst some that The Titanic never actually sank- that it's sister ship The Olympic was modified in the months beore the tragedy to look like The Titanic and sunk on purpose for the insurance payout.

nagromme
May 3, 2006, 07:26 PM
It is their actions and their auroa that worry me most. I worry that fellow mac users (and I do stress fellow, because I obviously am one) get too prideful about the lack of exploitations, and get lax in their security practices.
I don't see that. If people have good habits, then their "aura" won't change that. And if people don't, then they're already lax to begin with.

We can VERY much enjoy and appreciate being virus-free (who wouldn't?) but it doesn't mean that pride makes us "get lax." But if that worries you, I don't blame you for trying to help! :)


The people who say viruses cannot be written for the mac (and there are a lot of these people).. ... a lot of people said OSX was invulnerable.
I've never seen anybody say that, merely that it's much more difficult to make a Mac virus, and less likely to succeed... but I'll take your word for it :)


There's a belief amongst some that The Titanic never actually sank- that it's sister ship The Olympic was modified in the months beore the tragedy to look like The Titanic and sunk on purpose for the insurance payout.
Maybe, but I bet they got caught when they tried to sell the real Titanic...

WildCowboy
May 3, 2006, 07:29 PM
There's a belief amongst some that The Titanic never actually sank- that it's sister ship The Olympic was modified in the months beore the tragedy to look like The Titanic and sunk on purpose for the insurance payout.

This doesn't make any sense to me. HMS Olympic continued to serve for decades after Titanic sank.

Demoman
May 3, 2006, 07:40 PM
The hacker probably ran some software that scanned through a list of sites looking for a vulnerability.

Like Apache Vulnerability Scanner.

Mod Edit: deleted link to vulerability scanner... too prone to abuse.

This was an inside job. Korea for crissake. The more Apple gains on the Establishment, the more they will be attacked. Don't think so? You must be a Republican.

Goliath
May 3, 2006, 07:54 PM
This doesn't make any sense to me. HMS Olympic continued to serve for decades after Titanic sank.

If The Titanic was switched with The Olympic then it never actually sank.
Thus, The Olympic that sailed the world up until it was sold for scrap in 1935 would be The Titanic disguised as The Olympic!

Soton Speed
May 3, 2006, 08:03 PM
This doesn't make any sense to me. HMS Olympic continued to serve for decades after Titanic sank.

Try here (http://www.amazon.co.uk/exec/obidos/ASIN/0752801678/qid=1146704110/sr=1-1/ref=sr_1_18_1/203-3072414-5569502)

One of the co-authors actually disagrees with the theory.

RMS is the proper title, she was a Royal Mail Ship, not a part of His Majesty's Navy.

cybermiguel
May 3, 2006, 08:44 PM
just to stem the discussion, website hacks are common and are typically the result of poorly configured scripts or security holes in apache/php.

and defacement of a file doesn't necessarily mean the person could have run arbitrary code etc...

the fact that it ran under Mac OS X isn't necessarily relavent, and if it were a random Mac OS X site and not Apple.co.kr, it wouldn't have made page 1. Even with Apple.co.kr, it was somewhat debatable, but enough sites had picked it up already.

arn
I agree 100% with you, arn.

I still don't know why you people make such a circus around a flaw that happens even in the most secure UNIX servers (i.e. Linux, FreeBSD).

I would be surprised if I see a hack like the ones that hackers make to windows server in a unix server (any flavor).

And remember: Apache IS NOT the server itself...it's a part of it (that works under the 80 port and it runs on Windows and different unix flavors), so stop whiening about the security in Mac OS X. It's as safe as any other UNIX (and that says a lot).

gman71882
May 3, 2006, 08:49 PM
Windows and Linux Run sites are hacked and defaced every day... but when it happens to APPLE Everyone wants to broadcast the news from the top of Mount Everest!!!!! :mad:

Give it a freaking break... Apple has had a target on there head for the past 5 years and yet there has NEVER been a serious sercurity breach problem with OS X Server since its inception.

AidenShaw
May 3, 2006, 08:57 PM
I still don't know why you people make such a circus around a flaw that happens even in the most secure UNIX servers ...
Why a circus? In my mind, two major reasons...

1. We all know the Mac fanbois who do the hi-tech equivalent of "nyah, nyah, nyah!! Windows (Windoze, winblows, or other juvenile equivalents) has virii - Macs don't. nyah, nyah, nyah"

2. Apple has committed the potentially grave mistake of basing an ad campaign on the above - thus throwing down the gauntlet to the legions of hackers.

On the other hand, any potential security issue in Windows is page 1 news - even if it takes a Nubian princess riding a surfboard on the first day of a waxing moon to exploit. Fair is fair!

kirk26
May 3, 2006, 10:18 PM
Well, that what you get for using a unix based server. Better off with IIS.

DMPDX
May 3, 2006, 10:38 PM
I can't find any details of what the defacing code said. DOes anyone here know? Please pm me if you do. Im just curious.
-dsm

Fiveos22
May 3, 2006, 10:59 PM
Windows and Linux Run sites are hacked and defaced every day... but when it happens to APPLE Everyone wants to broadcast the news from the top of Mount Everest!!!!! :mad:

Give it a freaking break... Apple has had a target on there head for the past 5 years and yet there has NEVER been a serious sercurity breach problem with OS X Server since its inception.

This is the only place I have seen talking about an Apple site being hacked. It doesn't appear to be broadcaste from the top of Mount Everest.

Perhaps you should try adding some potassium rich foods to your diet to reduce your apparent hypertension.

Fukui
May 4, 2006, 12:07 AM
I could be reaching here but is it possible that the apple.co.kr site isn't even operated by Apple? I know it sounds crazy but there's a company here (in Korea) that takes care of Apple sales. Call them a subcontractor, I guess.
Yup, a few years ago the Korean store was just a link to a different site. Even the Korean one now looks like its not part of the "shared" apple store as the URL is different, and not using apparently webobjects like the US/EU/JP.

As an example JP is http://store.apple.com/0120-APPLE-1/WebObjects/japanstore/ the UK one is http://store.apple.com/Apple/WebObjects/ukstore/ and the SK one is http://www.applestore.co.kr/ .

When you do purchase something though, then it routes it to a webobjects server that is looks similar to the other ones.... Its seems like the front page was defaced then? Its probably just neglected.... much unfortunately like the Korean market.... apple could make lots of money there if they tried!

wnurse
May 4, 2006, 12:10 AM
Windows viruses don't work on Mac OS X so saying "that could never happen on a Mac" is kinda true.

But anyways, okay, let's hear some of these names...

(And then we'll see if they are respected members of the MacRumors community.)

I originally typed a response but never mind. I just realized you told me windows viruses don't run on mac (that is like computer 101). I'm pretty sure i never claimed that (i graduated with a degree in computer science so this is like basic knowledge to me). But that's ok.. before this discussion disintegrates into a "who can insult who better" match, i'll leave it alone. For those who saw the original post, well..

Bakey
May 4, 2006, 02:05 AM
Thanks for the info mate.

Boggles the mind: the majesty of the ship tumbling towards the ocean floor in the middle of a frigid dark night. I wonder if it was God that sank the ship, or if it was the iceberg, or the foolish captain, or shotty engineering. Hard to say really. Maybe a little of each. I still don't understand why Rose let go off Jack's hand. How did she know he was dead and not just in a coma?

Now the QM2, there's a ship to behold. I would like to board her one day. I believe Cunard is the line that puts her out. Have you had the good fortune? I am assuming you are from the motherland because of your insights into Titanic....

Sorry, and what's the point of your pointless ramblings?

To be fair from the phraseology you've been using, and indeed your username, makes me air on the side of caution as it's coming across as if you're from the motherland as you put it!

Hey listen, don't worry - it'll all clear up in the end, so there's really no need to be quite so bitter about it all...

Question to the mods :: Can we wasteland these responses, including my own?

gauchogolfer
May 4, 2006, 02:26 AM
even if it takes a Nubian princess riding a surfboard on the first day of a waxing moon to exploit. Fair is fair!

Link?

:)

sorry, just got here from the May Desktop forum :cool:

barstard
May 4, 2006, 04:35 AM
On the other hand, any potential security issue in Windows is page 1 news - even if it takes a Nubian princess riding a surfboard on the first day of a waxing moon to exploit. Fair is fair!

Yeah, because this is a Mac site! And a rumours site at that, fairness is hardly even implied. If you want "fair", go to Fox News. Oh wait...:D

This is still nothing to do with a virus. If we look at that zone-h page look at the dozens and dozens of attacks this guy has done recently. Surely he is running a script or automated processes to find vulnerabilities wherever they occur. What would be alarming though is if Apple's Korean site was re-defaced. This I feel is unlikely. If any admin was to have his/her site re-defaced then it is curtains for them.

barstard.

grockk
May 4, 2006, 06:50 AM
It wasn't so much hacked as it was made awesome...

http://www.zone-h.org/defacements/mirror/id=3738607/

you are on the path to destruction, move on every zig!

Orge
May 4, 2006, 08:06 AM
I agree about the boasting.

It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.


Incidentally, I believe it's actually illegal to mention a competitor's products in an advertisment in the UK! :p

J

generik
May 4, 2006, 10:04 AM
Your computer cant communicate with others without being vunerable to a virus or malicious code of some kind...


Why is that the case? Shoddy coding is shoddy coding.

ITR 81
May 4, 2006, 11:16 AM
Definitely.

It says a lot about WebObjects + Apache and hints at Mac OS X being a vulnerable host, even if it wasn't the host.

I'm wondering why he attacked a low traffic area instead of the U.S., UK, or Japanese store.

More then likely less security.
I would expect high traffic stores to have things in place to stop multiple attacks..mostly because it would halt or slow down their online sales.

Also social engineering could have come into play.
Why crack or steal a username and pwd when someone will just give it to you over the phone.

Security can be broken if someone doesn't follow specific protocols for someone asking for a pwd and etc..

mgrossi
May 4, 2006, 12:56 PM
If you go that Korean web page and scroll down, there is a section called new arrivals. If you click there it shows several nanos in many different colors.
Is that true?????
I guess they are no new nanos just cases. Sorry my Korean is not perfect

Rustus Maximus
May 4, 2006, 03:59 PM
Thanks for the info mate.

Boggles the mind: the majesty of the ship tumbling towards the ocean floor in the middle of a frigid dark night. I wonder if it was God that sank the ship, or if it was the iceberg, or the foolish captain, or shotty engineering. Hard to say really. Maybe a little of each. I still don't understand why Rose let go off Jack's hand. How did she know he was dead and not just in a coma?

Now the QM2, there's a ship to behold. I would like to board her one day. I believe Cunard is the line that puts her out. Have you had the good fortune? I am assuming you are from the motherland because of your insights into Titanic....

Maybe it wasn't God that sank it, mate, but rather the arrogance of attempting things without God (as well as questionable construction, captain's errors, etc. etc.). We'll all know the answers in our own sweet times I suppose.

I'm from where I believe you would refer to as "The Colonies", but I imagine you knew that ;) so the QM2 is a bit out of my venue as well as my price range. However I did enjoy the terrific behind the scenes construction special I saw on television, truly a beautiful ship.

As for Rose letting go of Jack's hand...since it was obvious he was already frozen from the waist down she really had no further use of him and decided to part the "best of friends".

Sorry, and what's the point of your pointless ramblings?

To be fair from the phraseology you've been using, and indeed your username, makes me air on the side of caution as it's coming across as if you're from the motherland as you put it!

Hey listen, don't worry - it'll all clear up in the end, so there's really no need to be quite so bitter about it all...

Question to the mods :: Can we wasteland these responses, including my own?

Easy Bakey...easy. Sheesh :D

And swingerofbirch could be many things. A baseball player? I know a stretch. Ummmm, a fan of Robin Hood and his Merry Men? You know, the quarterstaff? huh? Huhhhhhh??

ctango
May 4, 2006, 04:57 PM
nope, not at least in my opinion.


Page 1 worthy? i'd say yes. It was about an apple employee that didn't do their job well and affected the company image. I'd say that it is okay for page 1 because they don't bring up every time a Mac OS X web server is hacked, only that it was an apple domain that got hacked.


Looks like there might be an opening soon in web development in Korea.

NamJangNamJa
May 5, 2006, 09:12 PM
Nobody buys Macs in Korea except very few. As a Korean, I am not surprised at all at this news because Apple Computer Korea is pretty small enough company to be vunarable to those kind of attacks.