Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MacBook Air Hacked through Safari
- Thread starter chameleon81
- Start date
- Sort by reaction score
if that is the nuttiest quote you could find, then your definition of nutty is different than mine. What Daniel does best is giving his perspective on sensational headlines. In a world where Windows has been a real world security nightmare, headlines about OS X being vulnerable is big business. If their security issues resulted in real exploits being exposed I would be all for it. If you read the posts in this thread you will see worries about viruses based on this contest results. FUD is FUD. I will predict that this "security contest" OS X vulnerability will result in roughly 1,000,000 times more exploits than last year's. I doubt I will be able to sleep as sound anymore.
I've looked around but can't see any details about the MBA setup. Is it a standard/admin account? password?
The quote
And second, who cares about political reasons? $10,000 is $10,000, so unless you think Microsoft has been bribing all the other teams not to attack Vista, the easy answer is just that Safari is insecure (which I don't see why people would find surprising, as this isn't its first vulnerability).
is nutty because first of all, the event was also sponsored is one of 19 sponsors, amongst which Juniper, Cisco, Google and Adobe (whose Flash proved to be the downfall of Vista on the third day of the contest). Note that in this second quote, Roughlydrafted conveniently left out "partially" from "partially sponsored".
And second, who cares about political reasons? $10,000 is $10,000, so unless you think Microsoft has been bribing all the other teams not to attack Vista, the easy answer is just that Safari is insecure (which I don't see why people would find surprising, as this isn't its first vulnerability).
well at least you don't exaggerate in your response....
and here I thought only Apple had fanbois.....
surprisingly, they are not exaggerations! I myself is surprised as well.
EDIT, No, i admit I shouldn't say "every post", but I stand by "every comparison" (with non-apple products).
I must admit it is kinda messed up he saved the safari exploit until the competition. If I was a contestant on there, I'd be really pissed. AND they were too lazy to do a "linux exploit" they knew about?? (if true)
haha
haha
Actually, according to reports in the Register, nobody even made an attempt on the first day. Which isn't to surprising, because the rules were so stringent (hack the machine remotely without any user interaction in the default install). Pretty much all the major systems have cleaned up their act enough (running few to no network facing services, firewires) to make this extremely difficult.
That is indeed good news, but it also means that attacks are increasingly shifting to exploits targeting applications like the browser.
I'm new to the Mac. How long does Apple usually take to release a fix for this kind of thing?
it really depends, it can be as fast as several days, or as slow as never. A recent research shows apple patching security hole relatively slower than windows.
Good thing is that OSX is still a very small market, so even when you are exposed to the risk, not many people will try to exploit it.
It is FUD if what has been demonstrated results in Fear Uncertainty and Doubt out of proportion to reality. This "security contest" results headlines make it sound like you can hack a mac in 2 minutes. Is that true? No. FUD. This kind of "contest" is exactly what the FUDsters live for. A shread of truth and a mountain of baloney.
Fact is MBA went down first, Vista second, Ubuntu never. Thats fact. What does that tell you? Let ppl think for themselves.
than all of the local news channels are FUD. And if they are all FUD, it has become a normality.
true that. Daniel has a followup article on this. More of his nutty comments like pointing out that the Vista machine has SP1. Funny. My Windows Update fails to show this important update.
And required access to the source code. Way to go, open source! (Puts flame retardant Nomex gear on...)
Yes, just like how I don't have Mac OS X 10.5.3. How odd!
Don't be stupid. Large businesses, IT shops, and developers get the goodies long before they're distributed for public consumption. Vista SP1 has been floating around for quite a long time, your google powers are laughable since clearly you missed the top search result for "Vista SP1" in which they announce a release candidate in the first week of December.
I'm sure Danny boy is insinuating that Microsoft released top secret technology to prevent them from getting hacked at the event while conveniently forgetting a large Apple Security Update that just so happened to be released a week before the contest.
Everyone needs to stop drinking all the Kool-Aid and getting bent out of shape when Apple gets put to task for their slow patching of open source software that they bundle with the OS, as well as some of the security problems that are of their own making through popular software such as Quicktime, WebKit, and iTunes. Don't build market leading software, then whine about it when people find problems with your products. You should all be happy that it's one less bug that's on the market, and it's going to motivate Apple to start taking this security business seriously.
Until recently, Apple wouldn't talk to anyone about anything when it came to security. As a result, we've all suffered. Everyone who has a Pre-Leopard OS X release is vulnerable to a nasty privilege escalation issue that Apple has no intent on fixing, even though it's a small adjustment in the BOM Archive that handles the correct permissions setting on the vulnerable binaries.
I will try not to be stupid but Google doesn't have anything to do with Windows Update. For a contest testing security I find it odd that they use SP1 which is an optional download at this point that doesn't even show up for someone actively clicking their Windows Update icon. I have SP1 on both of my Vista machines because I surfed to microsoft.com, found the SP1 and installed it manually. As you probably know, Vista has eliminated the ability to update through IE and requires the user to use the built in Windows Update so the idea of manually installing OS updates for Vista is probably not happening often. Fortunately the contest was in one of the 5 languages currently available. What do you think the penetration of this SP is at this point? 1% of Vista machines at most? I don't know if SP1 makes any difference, but it sure isn't a realistic example of the vast majority of Vista machines out there. And as far as IT departments go, you must be kidding. IT is generally the last adopt a Microsoft SP until they test to make sure it doesn't cause them more problems than it fixes. And they sure aren't installing SP1 before it is officially pushed by Microsoft.
As far as patching open source holes goes, great. But this whole contest is a joke that should be a wikipedia footnote instead of the Mac hacked in 2 minutes headline.
joke isn't defined by fanboys like roughlydrafted, why its so hard to admit the defects? its not like apple is perfect anyway.
Apple makes benchmarks and statements more "joke-able" all the time, never seen roughlydrafted jump on any of them.
You can argue the hackers prepare more than 2 minutes. sure, obviously nobody gonna dispute that. But hackers also prepare for vista and ubuntu more than 2 days.
The real fact: Mac went down first, and at a relatively low level. That, is NOT a joke for end-users, if any of those fanboys at roughtlydrafted would like to think more for the users instead of apple.
Apple makes benchmarks and statements more "joke-able" all the time, never seen roughlydrafted jump on any of them.
You can argue the hackers prepare more than 2 minutes. sure, obviously nobody gonna dispute that. But hackers also prepare for vista and ubuntu more than 2 days.
The real fact: Mac went down first, and at a relatively low level. That, is NOT a joke for end-users, if any of those fanboys at roughtlydrafted would like to think more for the users instead of apple.
A followup to this. Apparently, the Safari bug that the hacker used to win the $10,000 has been a KNOWN bug for over a year:
http://www.macworld.com/article/133098/2008/04/hack.html?t=101
Come on Apple, FIX YOUR BUGS.
w00master
http://www.macworld.com/article/133098/2008/04/hack.html?t=101
Come on Apple, FIX YOUR BUGS.
w00master