Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple.co.kr Hacked?
- Thread starter MacRumors
- Start date
- Sort by reaction score
eva01 said:who thought it was invulnerable?
Nothing is invulnerable
I certainly never said it was invulnerable, but plenty of fellow Mac users seem to claim or at least act like it is.
Side note: A big part of me likes the new commercials because they showcase Mac features which Apple hasn't always done a good job of doing, but one thing I hate about them is that Virus one. Definitely feel it is misleading.
I hope this plus the virus plus the unpatched security flaws that have been around for months will force Apple into a security huddle kind of like what Microsoft did a little while back, and get serious about security. We don't want our prized OS to become as big of a joke as MS's is (if that's possible)...
yellow said:
once again, I am not saying that anyone is blatantly saying this, but more that many Mac fans act this way.
Im personally very surprised that apple doesnt release more frequent patched for their server software, sure some of the patches arent that big, but it will only take a small hole to do a lot of damage. Have monthly or bi-monthly updates for the deskop users, and weekly fixes for the open source stuff in the Server edition.
yellow said:Easier said than done. Where exactly does one send the lawyers?
Through the Interweb...
It says nothing about any of that, until we know WHAT was done and HOW.bousozoku said:
Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?
Or is OS X as insecure as Windows and we are all doomed?
I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me
PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!
Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing?longofest said:
Somehow all I ever seem to see is Mac users claiming that OS X is less vulnerable than Windows.Waiting for facts on a rumor site? Yeah ok, we'll do that.
nagromme said:It says nothing about any of that, until we know WHAT was done and HOW.
Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?
Or is OS X as insecure as Windows and we are all doomed?
I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me
PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!
Ah, you see: waiting for facts is irrelevant to rumor, speculation, guesswork, discussion, and good old fashioned fun. I hope none of those ever stop here.jaxstate said:Waiting for facts on a rumor site? Yeah ok, we'll do that.
But I'm proposing something more: let's make not mere speculation, but assumptions--and then state them as solid info!
Even MORE fun that way.swingerofbirch
macrumors 68040
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.
It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.
Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.
For shame Apple. For shame.
It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.
Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.
For shame Apple. For shame.
I agree about the boasting.
It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.
j/k
I don't think the ads caused the defacement (nor the defacement any real harm) in any case. Besides, the ad talked about viruses, not about enterprise web hosting.
It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.
j/k
I don't think the ads caused the defacement (nor the defacement any real harm) in any case. Besides, the ad talked about viruses, not about enterprise web hosting.
eva01 said:
...or just a weak user password and ssh enabled and accessible from the outside.
You should see the logs from a Mac OS X server I run at home (good old little cube) that has publicly available ssh port... miles and miles of username / password attempts. That is why I have a 20 digit password minimum for any user on that system.
nagromme said:Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing?
From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:
- 2 are rated Exteremly Critical, 1 remains partially unpatched
- 2 are rated Highly Critical, 1 remains unpatched
Of 7 Windows XP Pro vulnerabilities this year:
- 0 are rated Exteremly Critical, 0 unpatched
- 2 are rated Highly Critical, 0 unpatched
shawnce said:
A weak password for a corporate public webserver? Come on...
jaxstate said:
No.
Mac: http://secunia.com/product/96/?period=2006#statistics
WinXP: http://secunia.com/product/22/
Oh my dear lord.
Maybe you want to step outside to the "Politics, Religion, Social Issues" forums where you can have that stinking "off topic" piece of slander/libel reinserted.
BTW the Titanic was designed in Belfast, N.Ireland.
swingerofbirch said:
Maybe you want to step outside to the "Politics, Religion, Social Issues" forums where you can have that stinking "off topic" piece of slander/libel reinserted.
BTW the Titanic was designed in Belfast, N.Ireland.
boncellis said:
Others have suggested that the Korean site(s) were targeted because they were easier prey, but the first Turkey-Korea connection that popped into my head was the 2002 World Cup. Korea and Turkey played each other for third place. Turkey won the game, which makes it unlikely that Turkish fans would harbor bitterness towards Koreans, but perhaps it was lingering animosity. I wonder if there's a significant Korean population in Turkey.
longofest said:
Couldn't agree more. Why would those security flaws still be around, even if they're not being exploited on a wider scale?
Maybe Apple is hoping to "fix it all" with 10.5.
yellow said:
Was replying to nagroome's (sp?) post about mac users trying to assert that Mac is less vulnerable. I was making the point that we are often more vulnerable, even though exploits don't get written as often because we don't own as much of the market. As we can see, with Apple attracting more attention to themselves, it looks like we may see more and more exploits.
boncellis said:
glad to see someone's with me here
No, they exploited a server-side script
No, Apache runs user written scripts. Let's hope the problem was in the stuff the Apple web designers wrote. Actually it is triveal to write a truely horable bin/cgi script. For example I could write one in only two lines that simply passes it's argument to the shell. And then bingo. With no flaw in either Mac OS or Apache the whole world would have shell level acces to the user account that runs Apache and could then make any change to the site.
What I suspect is that what Apple did was to write an only slightly less stupid than the triveal one I describbed above.
Metatron said:
No, Apache runs user written scripts. Let's hope the problem was in the stuff the Apple web designers wrote. Actually it is triveal to write a truely horable bin/cgi script. For example I could write one in only two lines that simply passes it's argument to the shell. And then bingo. With no flaw in either Mac OS or Apache the whole world would have shell level acces to the user account that runs Apache and could then make any change to the site.
What I suspect is that what Apple did was to write an only slightly less stupid than the triveal one I describbed above.
jaxstate said:Seems kinda ironic that this happens a day or so after the release of the "virus" and the other apple ads.
Note to Apple, dont piss off the nerds.
This is what I was thinking. Every time a big corporate makes claim of their impenetrable security product, it's an instant challenge to hacker and virus writer. Plus the instant media exposure they receive. It also doesn't help having some users (like some people in this forum) also being arrogant about...Hackers wants people to eat their words. Microsoft went through being a target looks like Apple is also going through being a target.
I prefer CERT and it looks like... (IMHO secunia likes to label things that are really a social engineering type exploit as uber critical)
Mac OS X - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/629845
http://www.kb.cert.org/vuls/id/115729
http://www.kb.cert.org/vuls/id/913449
http://www.kb.cert.org/vuls/id/176732
http://www.kb.cert.org/vuls/id/980084
http://www.kb.cert.org/vuls/id/999708
Windows XP - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/388900
http://www.kb.cert.org/vuls/id/953860
Mac OS X - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/629845
http://www.kb.cert.org/vuls/id/115729
http://www.kb.cert.org/vuls/id/913449
http://www.kb.cert.org/vuls/id/176732
http://www.kb.cert.org/vuls/id/980084
http://www.kb.cert.org/vuls/id/999708
Windows XP - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/388900
http://www.kb.cert.org/vuls/id/953860