Go Back   MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

 
 
Thread Tools Search this Thread Display Modes
Old Feb 8, 2006, 09:20 AM   #1
MacBytes
macrumors bot
 
Join Date: Jul 2003
Apple's in the eye of flaw finders




Category: Apple Software
Link: Apple's in the eye of flaw finders
Description:: At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher's PowerBook, disabling the firewall and starting up a file server.

Posted on MacBytes.com
Approved by Mudbug
MacBytes is offline   0
Old Feb 8, 2006, 10:12 AM   #2
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Pretty vague, classic FUD if you ask me--and on a web site owned by Symantec. Real facts mixed with a careful slant to paint a picture?

"It has not had the experience that Microsoft had with its summer of worms."

Yet, it's almost certain the experience will come, he said."


Oh, no! The summer of worms! Macs will be JUST AS BAD as Windows!

He says his PowerBook was fully secured, but details are scarce. I for one am not fleeing in terror to the "security" of Windows, nor rushing to pay Symentec until there IS a Mac virus

No OS is perfect. This is the year of the OS X exploit? I think not. That year was the year OS X was released! There have been, and will be, security flaws in OS X. And Mac OS X machines have been invaded by outsiders in the past.

So I do find it believable that someone at a hacking convention could possibly "hack into" your Mac (especially if they have sneakily gotten your password: the writer says they can find no evidence of how the intrusion happened, so I say, never overlook the obvious). Hacking in is not to be confused with viruses and worms, though.

The question is, though, are all flaws created equal?

Assuming Macs have the same or greater "number" of flaws as Windows (doubtful), how easy are they to exploit, and what level of damage can you do?

When I read about the periodic patches Apple releases for newly-discovered flaws, they often sound like the stars must precisely align in order for it to become an issue. (In fact, some require the hacker to be physically sitting at your machine.) And once someone hacks into your user account, that doesn't necessarily give them root access, either.

In any case, OS X being in the sights of security researchers is a good thing, in my book! The press may not like Apple's refusal to comment, and call that "poor security awareness," but as long as Apple is collecting the security information and acting on it, that's the main thing for me.

And if this IS the "year of the OS X exploit" and that DOES mean viruses and worms... will it mean anything CLOSE to the problems Windows users face? No, it won't.

And I'm also wondering if this writer perhaps didn't REALLY lock down his PowerBook in every way that Apple provides. Was he using File Vault? If his friend's name was stolen despite File Vault encryption, and it was done without knowing the guy's decryption password, then that's an accomplishment. But he doesn't go into any detail of what really happened.

My own fear of the sky falling won't come until something more detailed and specific emerges.

I do think there will be a Mac OS X virus someday (not in Windows-like numbers!) but I actually read an article recently by a security professional who thinks there won't ever be one--and not because of obscurity either. So I guess viewpoints on Mac security run the gamut.

Last edited by nagromme; Feb 8, 2006 at 10:32 AM.
nagromme is offline   0
Old Feb 8, 2006, 10:24 AM   #3
Applespider
macrumors 603
 
Applespider's Avatar
 
Join Date: Jan 2004
Location: looking through rose-tinted spectacles...
I had a quick search around the Web and this is the only reference to a Powerbook being 'hacked' at the conference. None of the other blogs/news reports of it mention this at all... There are no names or clues to the identity of the researcher; so how reliable is this report?

There's apparently no trace of how this was done? Really? There's no guarantee that the guy didn't have an obvious password, didn't leave his PB alone at any point and let's face it, we only have the 'researcher's word' for it that it was fully locked down.

If they expect me to believe this, I want more information. I'm all for being continued alertness and wariness on OS X but the more FUD that gets spread, the less likely people are to take it seriously. Haven't these guys heard of the boy who cried 'wolf'?
__________________
Oops.... the cat killed the rabbit
Applespider is offline   0
Old Feb 8, 2006, 10:48 AM   #4
shamino
macrumors 68040
 
shamino's Avatar
 
Join Date: Jan 2004
Location: Vienna, VA
Quote:
Originally Posted by nagromme
I do think there will be a Mac OS X virus someday (not in Windows-like numbers!) but I actually read an article recently by a security professional who thinks there won't ever be one--and not because of obscurity either.
Hello. I am a manual-activation worm/virus. Please post this message to every newsgroup you have access to and erase your hard drive.

Thank you.
__________________
In theory, theory is the same as practice. In practice, it isn't.
shamino is offline   0
Old Feb 8, 2006, 10:57 AM   #5
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by shamino
Hello. I am a manual-activation worm/virus. Please post this message to every newsgroup you have access to and erase your hard drive.
Now posting from my old machine. That worked!
nagromme is offline   0
Old Feb 8, 2006, 11:01 AM   #6
otter-boy
macrumors regular
 
Join Date: Jun 2003
Location: Fort Worth, TX
Oh no!

Quote:
Originally Posted by shamino
Hello. I am a manual-activation worm/virus. Please post this message to every newsgroup you have access to and erase your hard drive.

Thank you.
Now that I read this worm/virus, my computer is doomed!!! Must buy Symantec quickly before I erase my hard drive--too late!!! My Mac has been hax0r3d by the l33t worm/virus writer that is shamino!!!!!!!!
otter-boy is offline   0
Old Feb 8, 2006, 01:17 PM   #7
dswoodley
macrumors 6502a
 
Join Date: Jul 2002
I find it hard to take seriously anyone who makes a contraction out of "Apple is" and puts it in a headline.

"Apple's in the eye of flaw finders"
dswoodley is offline   0
Old Feb 8, 2006, 01:54 PM   #8
macnulty
macrumors 6502
 
Join Date: May 2003
Location: Rehoboth Beach, De
Send a message via AIM to macnulty
Quote:
Originally Posted by dswoodley
I find it hard to take seriously anyone who makes a contraction out of "Apple is" and puts it in a headline.

"Apple's in the eye of flaw finders"
I missed that completely, I read it as plural.
__________________
Semper Fi

"Only a fool looks at a hand pointing to the sky"
macnulty is offline   0


 
MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
eye tv and apple tv 2 quiet storm iii Apple TV and Home Theater 1 Apr 13, 2014 06:43 PM
Apple maps biggest flaw/gripe trifid iOS 7 6 Jan 23, 2014 03:47 AM
The Finders default size. Wheelie4 Mac Basics and Help 1 Nov 2, 2013 10:56 AM
General: FYI Apple shut down Apple ID and iCloud password reset due to security flaw BumpyFlatline Jailbreaks and iOS Hacks 4 Mar 23, 2013 09:35 AM
Apple Products Security Flaw edtorious iPhone 9 Aug 23, 2012 10:20 AM

Forum Jump

All times are GMT -5. The time now is 04:10 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC