Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
I had tried to indicate that to munkery by (parenthetically) posting a ps command, but perhaps it was too subtle.
Excellent... i just dropped in to post something similar, but i see you've done that already. I'll just add one variation then:
Code:
$ [color=blue]sudo ipfw list[/color]
Password:
33300 deny icmp from any to me in icmptypes 8
65535 allow ip from any to anyI had also intended to quote a few articles, but it seems just the links will suffice at this point:
Close the ports -- March 2008
Mac Security: Firewalls -- October 2008
@Hal
That first article you posted (http://www.macworld.com/article/132558/2008/03/connect2504.html) it says that by default Mac OSX leaves few ports open but by the sounds of it this is not related to firewalling.
Can you give me some guidance to sources to understand how that is done?
The article maybe wrong but this perception that the ports are closed lead me to believe in the past that it was from a firewall.
Also in reading about man in the middle attacks, especially in relation to unencrypted wireless, I found a tool that actively blocks Arp poisoning.
It's called ArpON. Can anyone give me any feedback on this?
http://arpon.sourceforge.net/
Thanks
That first article you posted (http://www.macworld.com/article/132558/2008/03/connect2504.html) it says that by default Mac OSX leaves few ports open but by the sounds of it this is not related to firewalling.
Can you give me some guidance to sources to understand how that is done?
The article maybe wrong but this perception that the ports are closed lead me to believe in the past that it was from a firewall.
Also in reading about man in the middle attacks, especially in relation to unencrypted wireless, I found a tool that actively blocks Arp poisoning.
It's called ArpON. Can anyone give me any feedback on this?
http://arpon.sourceforge.net/
Thanks
Perhaps it could be better said that the media is a pimp... in which case, you appear to be the perfect John. The reactive effect it seems to have evoked further feeds the "controversy" — and that's what they live on. [i.e., relax]
Obviously there must be more to it than DOS or crashing Preview. I don't believe they would have paid him $10,000 (plus a MacBook) in 2008 and $5,000 (plus a MacBook) in 2009 for such simple disruptions.
So then, this Wednesday (March 24, 2010) we will see what happens.
I'm more of a Terminal junkie than a Networking guru, so perhaps someone else can answer that. Just from a basic viewpoint however, if no ports were open at all... then Mail, Safari and Software Update (to name a few) would be fairly useless apps.
Looking at it the other way (outbound), even a program like Little Snitch needs to protect (i.e., prevent users from closing) certain ports, so as not to frig the functionality of the OS...
(ignore the spam there, just view the image)
From the 2009 contest rules:
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
"To participate in the contest, you can choose either or both technologies and must generally prove successful code execution." (emphasis added)
From the 2008 contest rules:
http://dvlabs.tippingpoint.com/blog/2008/03/19/cansecwest-pwn-to-own-2008
"To claim a laptop as your own, you will need to read the contents of a designated file on each system through exploitation of a 0day code execution vulnerability (ie: no directory traversal style bugs)." (emphasis added)
AFAICT, the 2010 rules have not been finalized yet. The blog entry says to expect rule updates, and it identifies what counts as a successful attack on the mobile targets:
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
"A successful hack on these [mobile] targets must result in code execution with little to no user-interaction." (emphasis added)
To summarize, I doubt that merely crashing Preview is going to count as a contest winner. However, I could be wrong about that, since the 2010 rules don't seem to be finalized yet.
If the conference is next week, I can see Apple releasing the 10.6.3 update next week which hopefully will address these 20 zero day holes in Mac OS X. Although for the average person such hack feasts don't hold much credence at the same time, however, many of these average people do obtain advice from geeks. If the geeks are not impressed by the slow/non-existant response by Apple to these security problems then in turn these geeks will be more reluctant to suggest a Mac to their technophobic friends.
Those sums are cheap for publicity, we will indeed see in 3 or 4 days time. Anyway, after 18 pages we got this thread back on the topic of the initial summary, that is probably a more significant achievement than will be revealed on Wednesday.
I doubt if Miller has anything of substance, certainly not enough to win a contest. He is out for publicity and, to be fair, he has got some of that already without having done anything.
Why would she keep the keys in the glovebox when she grew up keeping them in the visor?
Teenagers like to rebel....
I never claimed to be some sort of an expert. And you know… you never once seeing a real world exploit in 20 years, I find that hard to believe. But good for you if that’s the case.
Semantics. True that Inqtana.A is categorized as a worm and the rest I quite clearly marked. But seriously. Worm, trojan, backdoor… Whatever you call it you’re not gonna like what it does
.It’s not really a hassle at all.
Good question.
Well… maybe it’s time to think about changing AV provider. I’ve never used SEP but I’m quite happy with Intego on Mac and F-Secure on Windows. And I agree with not running anything that doesn’t need to. AV just is something that needs to.
Like I said, semantics.
It really doesn’t make one bit of difference if something is called a virus / trojan or worm. Yes, some require social engineering or user interaction otherwise. But we all know the biggest problem with computers is the user. It’s naive to say it doesn’t matter because it requires user action to work.
And you know… Together with security holes in Safari, Preview, Adobe Reader etc… it might be possible to get a malware onto a system without the user’s permission.
Yeah…
.
Except for the fact that it's 100% wrong.
With as much growth as Apple has seen, I'd expect to see more issues of vulnerability and exploitation.
We have none.
Funny, and the best post of this thread.
I assume you incorrectly include me on this list.
Complete, utter, obvious BS. I have no problem with Apple criticism. I have plenty of Apple criticism myself (feel free to peruse my comment history). What I have a problem with are the resident trolls (the truly "tired acts") who have nothing positive to say about Apple. Ever. They have no business on an Apple users site when they add nothing but contention and anti-Apple propaganda, all day, every day.
From the pro Microsoft shills like AidenShaw, who claims he's just here to help
rolleyes, to the embittered souls who start whining about Apple beginning at post #1 and never stop (where the line "Apple must have kicked your dog" truly applies), to the truly egregious trolls who long ago ended up on my ignore list - these folks take any discussion thread off the rails the moment it leaves the station. And they turn this forum into an everlasting flamewar, where it used to be a place where actual Apple customers would intelligently discuss Apple and its products (both the positives and the negatives).
If the security through obscurity thing worked effectively then how come platforms with significantly smaller user-bases than osX have had massive problems with viruses (etc)? My Amiga used to get loads of them.
There is something to it but it cant be the dominant reason why we're generally quite safe. I'm surprised we didnt get a whole slew of them as soon as people started working out how to do intel hackintoshes.
There is something to it but it cant be the dominant reason why we're generally quite safe. I'm surprised we didnt get a whole slew of them as soon as people started working out how to do intel hackintoshes.
On wired networks individuals are connected less transiently (at work). The attacker is either a known individual who is consistently part of the wired network (so somewhat transparent over time) or an unknown individual that is accessing the network by plugging in without anyone being aware. They would only have a range of attack for the area of the network that is connected to them by switches and hubs but not via router.
The real implication of such exploits relates to unencrypted wireless networks where someone can covertly launch a mitm attack. Apparently this type of attack is common at open wireless networks such as at airports but the nature of the attack is passive eavesdropping and not arbitrary code execution. Eavesdropping is a problem but safe web practices can limit how at risk you are. I really don't care if someone wants to see my IM conversations and I don't bank or purchase online while using open unencrypted wireless networks.
These question are in relation to all OSes but most relevent to OSX because it is more vulnerable to them.
Given that the target has to navigate to a malicious URL and the attacker has to get them there without becoming known to the target, are mitm attacks as used in PWN2OWN where the goal is more than eavesdropping very likely?
If these attacks (mitm with arbitrary code execution) are not overly likely to occur, how pertanent are the results of PWN2OWN to any OSes security?
More concisely, how at risk are computer users in general to a mitm attack with arbitrary code execution as the goal of the attack?
If I remember correctly none of the OSes were hacked until the user of the target computer was instructed by the attacker where to go to get hacked. The target was not just going about their normal daily Internet activities.
Once the malicious URL injected code into the system, the attacker could access the system via being the mitm. Without being on the same network (hub/switch or unencrypted wireless), the attacker could not get into the system.
The real implication of such exploits relates to unencrypted wireless networks where someone can covertly launch a mitm attack. Apparently this type of attack is common at open wireless networks such as at airports but the nature of the attack is passive eavesdropping and not arbitrary code execution. Eavesdropping is a problem but safe web practices can limit how at risk you are. I really don't care if someone wants to see my IM conversations and I don't bank or purchase online while using open unencrypted wireless networks.
These question are in relation to all OSes but most relevent to OSX because it is more vulnerable to them.
Given that the target has to navigate to a malicious URL and the attacker has to get them there without becoming known to the target, are mitm attacks as used in PWN2OWN where the goal is more than eavesdropping very likely?
If these attacks (mitm with arbitrary code execution) are not overly likely to occur, how pertanent are the results of PWN2OWN to any OSes security?
More concisely, how at risk are computer users in general to a mitm attack with arbitrary code execution as the goal of the attack?
If I remember correctly none of the OSes were hacked until the user of the target computer was instructed by the attacker where to go to get hacked. The target was not just going about their normal daily Internet activities.
Once the malicious URL injected code into the system, the attacker could access the system via being the mitm. Without being on the same network (hub/switch or unencrypted wireless), the attacker could not get into the system.
Well done to him for finding the vulnerability, but vulnerabilities have been found before and still I'm plodding away quite happily without AV. Why would anybody want to live in the bad part of town if they can have a farmhouse anyway?
... Why would anybody want to live in the bad part of town if they can have a farmhouse anyway?
Better restaurants and nightlife?
Even with the guy's track record, he's only been able to find these vulnerabilities after someone on the other side lets him in.
And it's nice to see that it still takes someone opening the backdoor, but then all one has to do is not be an idiot and open the spam or travel to that one porn site that tells them to download this or that.
I'm sorry, but when you're criticizing a guy saying that he's a bitter ex-Apple employee because he's concerned about OS X's security and Apple's efficiency in patching it, that's a problem.
As Apple fans, it's our job to demand more of Apple to fix our favorite OS, not be complacent, or worse yet, arrogant about the lack of malware. There is such a thing as karma, and it'll come back to bite us all in the nether regions one of these days.
We should all be great cats when it comes to security. Not ostriches.
I love OS X; I can't say I use even my Linux machines that much anymore, though even they give me more delight than Windows. But I am utterly concerned about security in OS X, given the huge problem identity theft and other issues are in the IT industry in general. It's everyone's concern. Not just Windows users.
Identity theft in relation to mitm attacks occurs due to eavesdropping and not arbitary code execution.
You are correct in that it is everyones concern.
So your focus on this issue in terms of the IT industry and identity theft relates to ARP poisoning in general and none of the OSes have built in faculties to prevent this.
This is a concern for everybody regardless of there OS and the solution lies in smart internet practices just like with phishing and its relation to identity theft.
Although, ArpON (http://arpon.sourceforge.net/) looks promising as a possible solution to this. To bad none of the OSes have this by default. It is open source and already works with most OSes.
Well, not entirely true. There are several past vulnerabilities in Windows that have resulted in malware getting loaded on a user's machine with zero interaction, simply by visiting a webpage. This can occur when the user clicks on a seemingly innocent Google search link, or perhaps a legitimate website that's been hacked, or, in the case of NYTimes.com, a legitimate website that sells ads to a malicious software maker with javascript exploiting vulnerabilities. All of these would be ineffective on an OS X or Linux box, but totally compromise a Windows box of that period.
It doesn't always have to be phishing or a pop-up that the user has to click yes to install or put their password in.
Very true! The product gets very different when you introduce malware in to the equation. This is where the problem starts to be more relevant; when malware becomes a component of the problem.
Mac OSX and Linux are fairing significantly better in this domain.
It is still an issue on Windows and as a previous poster stated DEP and UAC have been somewhat ineffective in preventing malware issues. I really don't know much about how they are circumvented.
Exactly. My point is (along with others here) is that we want OS X to continue fairing significantly better by having Apple be more responsive in patching security holes.