Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple.co.kr Hacked?
- Thread starter MacRumors
- Start date
- Sort by reaction score
longofest
Editor emeritus
eva01 said:
I certainly never said it was invulnerable, but plenty of fellow Mac users seem to claim or at least act like it is.
Side note: A big part of me likes the new commercials because they showcase Mac features which Apple hasn't always done a good job of doing, but one thing I hate about them is that Virus one. Definitely feel it is misleading.
I hope this plus the virus plus the unpatched security flaws that have been around for months will force Apple into a security huddle kind of like what Microsoft did a little while back, and get serious about security. We don't want our prized OS to become as big of a joke as MS's is (if that's possible)...
yellow said:
once again, I am not saying that anyone is blatantly saying this, but more that many Mac fans act this way.
Lollypop
macrumors 6502a
Im personally very surprised that apple doesnt release more frequent patched for their server software, sure some of the patches arent that big, but it will only take a small hole to do a lot of damage. Have monthly or bi-monthly updates for the deskop users, and weekly fixes for the open source stuff in the Server edition.
nagromme
macrumors G5
It says nothing about any of that, until we know WHAT was done and HOW.bousozoku said:
Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?
Or is OS X as insecure as Windows and we are all doomed? 😀
I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me 🙂
PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!
Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing? 😉 Somehow all I ever seem to see is Mac users claiming that OS X is less vulnerable than Windows.longofest said:
nagromme
macrumors G5
Ah, you see: waiting for facts is irrelevant to rumor, speculation, guesswork, discussion, and good old fashioned fun. I hope none of those ever stop here.jaxstate said:
But I'm proposing something more: let's make not mere speculation, but assumptions--and then state them as solid info! 🙂 Even MORE fun that way.
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.
It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.
Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.
For shame Apple. For shame.
It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.
Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.
For shame Apple. For shame.
nagromme
macrumors G5
I agree about the boasting.
It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.
j/k
I don't think the ads caused the defacement (nor the defacement any real harm) in any case. Besides, the ad talked about viruses, not about enterprise web hosting.
It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.
j/k
I don't think the ads caused the defacement (nor the defacement any real harm) in any case. Besides, the ad talked about viruses, not about enterprise web hosting.
eva01 said:
...or just a weak user password and ssh enabled and accessible from the outside.
You should see the logs from a Mac OS X server I run at home (good old little cube) that has publicly available ssh port... miles and miles of username / password attempts. That is why I have a 20 digit password minimum for any user on that system.
longofest
Editor emeritus
nagromme said:
From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:
- 2 are rated Exteremly Critical, 1 remains partially unpatched
- 2 are rated Highly Critical, 1 remains unpatched
Of 7 Windows XP Pro vulnerabilities this year:
- 0 are rated Exteremly Critical, 0 unpatched
- 2 are rated Highly Critical, 0 unpatched
shawnce said:
A weak password for a corporate public webserver? Come on...
longofest
Editor emeritus
jaxstate said:
No.
Mac: http://secunia.com/product/96/?period=2006#statistics
WinXP: http://secunia.com/product/22/
longofest said:
It happens (I have seen it)... but it shouldn't. That is the easiest attack vector and until we know more about what happened it remains at the top of my list.
boncellis said:
Others have suggested that the Korean site(s) were targeted because they were easier prey, but the first Turkey-Korea connection that popped into my head was the 2002 World Cup. Korea and Turkey played each other for third place. Turkey won the game, which makes it unlikely that Turkish fans would harbor bitterness towards Koreans, but perhaps it was lingering animosity. I wonder if there's a significant Korean population in Turkey.
longofest
Editor emeritus
yellow said:
Was replying to nagroome's (sp?) post about mac users trying to assert that Mac is less vulnerable. I was making the point that we are often more vulnerable, even though exploits don't get written as often because we don't own as much of the market. As we can see, with Apple attracting more attention to themselves, it looks like we may see more and more exploits.
boncellis said:
glad to see someone's with me here 🙂
No, they exploited a server-side script
No, Apache runs user written scripts. Let's hope the problem was in the stuff the Apple web designers wrote. Actually it is triveal to write a truely horable bin/cgi script. For example I could write one in only two lines that simply passes it's argument to the shell. And then bingo. With no flaw in either Mac OS or Apache the whole world would have shell level acces to the user account that runs Apache and could then make any change to the site.
What I suspect is that what Apple did was to write an only slightly less stupid than the triveal one I describbed above.
Metatron said:
No, Apache runs user written scripts. Let's hope the problem was in the stuff the Apple web designers wrote. Actually it is triveal to write a truely horable bin/cgi script. For example I could write one in only two lines that simply passes it's argument to the shell. And then bingo. With no flaw in either Mac OS or Apache the whole world would have shell level acces to the user account that runs Apache and could then make any change to the site.
What I suspect is that what Apple did was to write an only slightly less stupid than the triveal one I describbed above.
jaxstate said:
This is what I was thinking. Every time a big corporate makes claim of their impenetrable security product, it's an instant challenge to hacker and virus writer. Plus the instant media exposure they receive. It also doesn't help having some users (like some people in this forum) also being arrogant about...Hackers wants people to eat their words. Microsoft went through being a target looks like Apple is also going through being a target.
I prefer CERT and it looks like... (IMHO secunia likes to label things that are really a social engineering type exploit as uber critical)
Mac OS X - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/629845
http://www.kb.cert.org/vuls/id/115729
http://www.kb.cert.org/vuls/id/913449
http://www.kb.cert.org/vuls/id/176732
http://www.kb.cert.org/vuls/id/980084
http://www.kb.cert.org/vuls/id/999708
Windows XP - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/388900
http://www.kb.cert.org/vuls/id/953860
Mac OS X - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/629845
http://www.kb.cert.org/vuls/id/115729
http://www.kb.cert.org/vuls/id/913449
http://www.kb.cert.org/vuls/id/176732
http://www.kb.cert.org/vuls/id/980084
http://www.kb.cert.org/vuls/id/999708
Windows XP - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/388900
http://www.kb.cert.org/vuls/id/953860