Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
boncellis said:
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

The hacker probably ran some software that scanned through a list of sites looking for a vulnerability.

Like Apache Vulnerability Scanner.

Mod Edit: deleted link to vulerability scanner... too prone to abuse.
 
eva01 said:
who thought it was invulnerable?

:rolleyes: Nothing is invulnerable

I certainly never said it was invulnerable, but plenty of fellow Mac users seem to claim or at least act like it is.

Side note: A big part of me likes the new commercials because they showcase Mac features which Apple hasn't always done a good job of doing, but one thing I hate about them is that Virus one. Definitely feel it is misleading.

I hope this plus the virus plus the unpatched security flaws that have been around for months will force Apple into a security huddle kind of like what Microsoft did a little while back, and get serious about security. We don't want our prized OS to become as big of a joke as MS's is (if that's possible)...

yellow said:
However, no one that has a Clue™ said that OS X was invulnerable.

once again, I am not saying that anyone is blatantly saying this, but more that many Mac fans act this way.
 
Again, I seriously doubt it's OS X. I'm betting something unpatched in the Apache that was running. But I could be wrong. However, no one that has a Clue™ said that OS X was invulnerable.

Im personally very surprised that apple doesnt release more frequent patched for their server software, sure some of the patches arent that big, but it will only take a small hole to do a lot of damage. Have monthly or bi-monthly updates for the deskop users, and weekly fixes for the open source stuff in the Server edition.
 
bousozoku said:
It says a lot about WebObjects + Apache and hints at Mac OS X being a vulnerable host, even if it wasn't the host.
It says nothing about any of that, until we know WHAT was done and HOW.

Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?

Or is OS X as insecure as Windows and we are all doomed? :D

I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me :)

PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!


longofest said:
I certainly never said it was invulnerable, but plenty of fellow Mac users seem to claim or at least act like it is.
Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing? ;) Somehow all I ever seem to see is Mac users claiming that OS X is less vulnerable than Windows.
 
Waiting for facts on a rumor site? Yeah ok, we'll do that.:rolleyes:
nagromme said:
It says nothing about any of that, until we know WHAT was done and HOW.

Did some employee let a password slip? Is there a software flaw separate from the PS? Did someone at Apple screw up and leave an obvious door open?

Or is OS X as insecure as Windows and we are all doomed? :D

I say, let's make lots of assumptions, and repeat them without getting the facts. It's good enough for the AP, CNN, and just about any journalist... so it's good enough for me :)

PS, just to start the ball rolling: Abraham Lincoln announced today that a hacked web server is the same as a virus. If THAT's not a trustworthy source, I don't know what is. In fact, he said this was actually a mutated form of the bird flu at work. Now you know--spread the word!
 
jaxstate said:
Waiting for facts on a rumor site? Yeah ok, we'll do that.:rolleyes:
Ah, you see: waiting for facts is irrelevant to rumor, speculation, guesswork, discussion, and good old fashioned fun. I hope none of those ever stop here.

But I'm proposing something more: let's make not mere speculation, but assumptions--and then state them as solid info! :) Even MORE fun that way.
 
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.

It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.

Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.

For shame Apple. For shame.
 
I agree about the boasting.

It's very inappropriate to go on about how your product is better than the alternative. That's not what ads are for. When do you EVER see an ad do that? Only Apple would be so crass. And maybe the British, of course. That Stamp Tax still riles me.

j/k

I don't think the ads caused the defacement (nor the defacement any real harm) in any case. Besides, the ad talked about viruses, not about enterprise web hosting.
 
eva01 said:
Thats my guess

...or just a weak user password and ssh enabled and accessible from the outside.

You should see the logs from a Mac OS X server I run at home (good old little cube) that has publicly available ssh port... miles and miles of username / password attempts. That is why I have a 20 digit password minimum for any user on that system.
 
Is this backwards?

longofest said:
From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:
  • 2 are rated Exteremly Critical, 1 remains partially unpatched
  • 2 are rated Highly Critical, 1 remains unpatched

Of 7 Windows XP Pro vulnerabilities this year:
  • 0 are rated Exteremly Critical, 0 unpatched
  • 2 are rated Highly Critical, 0 unpatched
 
nagromme said:
Funny... I often see people claiming THAT... yet I don't think I've ever actually seen a Mac user claim Mac OS was invulnerable. If there are "plenty" of people saying that, why am I not noticing? ;) Somehow all I ever seem to see is Mac users claiming that OS X is less vulnerable than Windows.

From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:
  • 2 are rated Exteremly Critical, 1 remains partially unpatched
  • 2 are rated Highly Critical, 1 remains unpatched

Of 7 Windows XP Pro vulnerabilities this year:
  • 0 are rated Exteremly Critical, 0 unpatched
  • 2 are rated Highly Critical, 0 unpatched

shawnce said:
...or just a weak user password and ssh enabled and accessible from the outside.

A weak password for a corporate public webserver? Come on...
 
longofest said:
A weak password for a corporate public webserver? Come on...

It happens (I have seen it)... but it shouldn't. That is the easiest attack vector and until we know more about what happened it remains at the top of my list.
 
Oh my dear lord.

swingerofbirch said:
Oh my dear lord. What hath Apple wrought. Fox trotting and bunny hopping with these ads.

It reminds me of a rather boastful country: England. At one time the sun never set on England. At one time it made the world's most unsinkable ship the Titanic.

Now England can barely fill a time zone and Titanic sits at the bottom of the ocean.

For shame Apple. For shame.

Maybe you want to step outside to the "Politics, Religion, Social Issues" forums where you can have that stinking "off topic" piece of slander/libel reinserted.

BTW the Titanic was designed in Belfast, N.Ireland.
:rolleyes:
 
longofest said:
From Secunia's 2006 statistics so far this year:
Of 6 Mac vulnerabilities this year:
  • 2 are rated Exteremly Critical, 1 remains partially unpatched
  • 2 are rated Highly Critical, 1 remains unpatched

Of 7 Windows XP Pro vulnerabilities this year:
  • 0 are rated Exteremly Critical, 0 unpatched
  • 2 are rated Highly Critical, 0 unpatched

Your point?
 
boncellis said:
If the hacker claims to be Turkish, why is he hacking the Korean localization of Apple's website? Seems strange to me.

If it is in conjunction with the "challenge" to hackers within the new ad campaign, why wouldn't Apple.com be hacked--better security? Somebody educate me.

Others have suggested that the Korean site(s) were targeted because they were easier prey, but the first Turkey-Korea connection that popped into my head was the 2002 World Cup. Korea and Turkey played each other for third place. Turkey won the game, which makes it unlikely that Turkish fans would harbor bitterness towards Koreans, but perhaps it was lingering animosity. I wonder if there's a significant Korean population in Turkey.
 
longofest said:
...I hope this plus the virus plus the unpatched security flaws that have been around for months will force Apple into a security huddle kind of like what Microsoft did a little while back, and get serious about security. We don't want our prized OS to become as big of a joke as MS's is (if that's possible)...

Couldn't agree more. Why would those security flaws still be around, even if they're not being exploited on a wider scale?

Maybe Apple is hoping to "fix it all" with 10.5.
 
yellow said:
Your point?

Was replying to nagroome's (sp?) post about mac users trying to assert that Mac is less vulnerable. I was making the point that we are often more vulnerable, even though exploits don't get written as often because we don't own as much of the market. As we can see, with Apple attracting more attention to themselves, it looks like we may see more and more exploits.

boncellis said:
Couldn't agree more. Why would those security flaws still be around, even if they're not being exploited on a wider scale?

Maybe Apple is hoping to "fix it all" with 10.5.

glad to see someone's with me here :)
 
No, they exploited a server-side script

Metatron said:
Scary...and could be really bad news depending on how it was hacked. One can hope the flaw was in apache...

No, Apache runs user written scripts. Let's hope the problem was in the stuff the Apple web designers wrote. Actually it is triveal to write a truely horable bin/cgi script. For example I could write one in only two lines that simply passes it's argument to the shell. And then bingo. With no flaw in either Mac OS or Apache the whole world would have shell level acces to the user account that runs Apache and could then make any change to the site.

What I suspect is that what Apple did was to write an only slightly less stupid than the triveal one I describbed above.
 
jaxstate said:
Seems kinda ironic that this happens a day or so after the release of the "virus" and the other apple ads.

Note to Apple, dont piss off the nerds.:cool:

This is what I was thinking. Every time a big corporate makes claim of their impenetrable security product, it's an instant challenge to hacker and virus writer. Plus the instant media exposure they receive. It also doesn't help having some users (like some people in this forum) also being arrogant about...Hackers wants people to eat their words. Microsoft went through being a target…looks like Apple is also going through being a target.
 
I prefer CERT and it looks like... (IMHO secunia likes to label things that are really a social engineering type exploit as uber critical)

Mac OS X - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/629845
http://www.kb.cert.org/vuls/id/115729
http://www.kb.cert.org/vuls/id/913449
http://www.kb.cert.org/vuls/id/176732
http://www.kb.cert.org/vuls/id/980084
http://www.kb.cert.org/vuls/id/999708

Windows XP - 2006 (so far) (23 in 2005 - not considering severity)
http://www.kb.cert.org/vuls/id/388900
http://www.kb.cert.org/vuls/id/953860
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.