Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
The same guy who constantly finds OSX holes, Charlie Miller, cites "security through obscurity" as being the main benefit for Apple.
If a hacker becomes famous, that means his career is over. That is the kind of guy law enforcement agencies like to make an example of before he becomes some kind of folk hero. Any hacker that I've seen (and I've known a couple) prefer anonymity and leave some sig in their code. This is a business today primarily built on profit. They're interested in creating the largest bot networks and not press interviews from the pen doing a 10 year sentence.
I don't know, it seems like there are plenty of people that hate Apple with a passion so you would think they would be creating viruses, malware, etc. for the platform...
Why would she keep the keys in the glovebox when she grew up keeping them in the visor?
He's sitting on it for his own publicity. That much is obvious.
And for those who are confused, a security hole is not the same as a virus. Viruses can often use security holes to operate, but having a security hole in your OS is not the same as having a virus. Many security holes require black hats to be operating on your internal network to exploit. Others require you to be in close proximity to exploit a BT driver or something like that. I even read about one guy who's claimed security hole required physical access to your computer! (How's that a hole? They get your computer, and you are done for).
Fact is, we know nothing about these holes he found, so I wouldn't run out and buy an anti-virus product just yet.
There are lots of security holes in every OS - this guy sounds like he went through a lot of trouble to discover his 20. Kudos to him. Hopefully he reports them to Apple before he reports them to the rest of the world. That's the responsible thing to do.
Dear 1337 hackers,
please hack my box and change my background to...I dunno..."OWNED" in big red bold letters. Also, I request that you do this without needing any physical access, and whilst I run my machine as a limited user.
Oh, and there's a win 2k7 server on my network. Please leave that one alone. I know it's hard to resist.
thx
E~
P.S. I heard that there is an executable that can be run on my local network and infect all my macs from a single host, again without any user intervention. Can you send that my way? I'd like to take a look at it. I heard it exists but i've never seen it, and i've looked hard.
please hack my box and change my background to...I dunno..."OWNED" in big red bold letters. Also, I request that you do this without needing any physical access, and whilst I run my machine as a limited user.
Oh, and there's a win 2k7 server on my network. Please leave that one alone. I know it's hard to resist.
thx
E~
P.S. I heard that there is an executable that can be run on my local network and infect all my macs from a single host, again without any user intervention. Can you send that my way? I'd like to take a look at it. I heard it exists but i've never seen it, and i've looked hard.
What I also liked in that story is how her car was "always" getting stolen. How many times was it stolen? The same car? Recovered multiple times, only to be stolen again? Or kept buying new ones? And she never learned?
I have family in the country, and they do indeed leave doors unlocked. But they're also smart people, and understand that you don't do that in the city.
If nobody gives a damn about the mac platform then why this is a news at all? Well, I say more power to any hacker for writing a virus that will spread WITHOUT my consent or affirmative action all through the web/LAN. More power to them. I would love to see at last some actions behind these truly empty threats.
Needless to say I remember this very topic in 2006 when first virus" aka trojan to Mac OS was introduced:
https://www.macrumors.com/2006/02/16/the-first-mac-os-x-virus-a-new-os-x-trojan/
Needless to say I remember this very topic in 2006 when first virus" aka trojan to Mac OS was introduced:
https://www.macrumors.com/2006/02/16/the-first-mac-os-x-virus-a-new-os-x-trojan/
Oh please.
Her car "keeps getting stolen" and yet she continues to leave the keys in it and the doors unlocked?
Yes, that's believable.
This guy is annoying. He's treating OS X as if it was a crapload less secure than Windows, when the only difference is that it doesn't have a full implementation of ASLR. That's the only thing that makes Windows more "secure", and he said that if Mac OS X had ASLR he would stop complaining about it.
So it's more like a farmhouse with standard security vs a city house with bars on Windows.
Considering that the "farmhouse" is all organized, clean and a pleasure to live in, it's still overall better and more safe than the messy, disorganized and dirty city house.
So it's more like a farmhouse with standard security vs a city house with bars on Windows.
Considering that the "farmhouse" is all organized, clean and a pleasure to live in, it's still overall better and more safe than the messy, disorganized and dirty city house.
I'm just saying that no software is perfect. There have been instances where a few virus/trojans have appeared for OS X. Granted it was 10.5 but maybe its "perfect" now, but give people time. If someone really wants to make a trojan for OS X they will.
I've never trotted out that "No viruses!" line, and I correct people who do. I know people who get far too gung ho into the fanboyism and it annoys me.
What I will say is that for various reasons, Mac OS X is currently more secure, and its relatively limited combination of hardware components means it is more stable than Windows. That's why I generally favour my Mac over my PC.
What I will say is that for various reasons, Mac OS X is currently more secure, and its relatively limited combination of hardware components means it is more stable than Windows. That's why I generally favour my Mac over my PC.
OS X is not invulnerable ....
but I get tired of these people saying "it's full of holes" and then not demonstrating that it is. I believe the guy that won the Mac hacking contest in Canada last year (which he had to direct to a prepared website to attack it) said he uses a Mac.
Attention by outrageous announcements seems to be the goal here. It is a bit irresponsible to say you know vulnerabilities but not announce them. I'd be interested to know what he has found, though.
but I get tired of these people saying "it's full of holes" and then not demonstrating that it is. I believe the guy that won the Mac hacking contest in Canada last year (which he had to direct to a prepared website to attack it) said he uses a Mac.
Attention by outrageous announcements seems to be the goal here. It is a bit irresponsible to say you know vulnerabilities but not announce them. I'd be interested to know what he has found, though.
Yeah actually, there have been no proof of concept or real VIRUSES written. Maybe it can be done, but no one has been able to do it. Yes there are Torjans out there that require someone to fall for it, but these are 2 different animals. Find me self-propagating virus and I will be worried.
True, no software is perfect. But a trojan is not the same thing as a virus.
Why would she keep the keys in the glovebox when she grew up keeping them in the visor?
In the country, we keep our visors in the glove box and our transmissions in the bathtub.
Better version of TFA's quote
Better version:
OS X is like living in a normal house with standard locks; Windows is like living in a house with bars on the windows, maglocks on every door (even interior doors) that constantly ask, "Are you sure you want to unlock?", and a sign reading "FREE CRACK HERE" hanging on the outside over the giant hole in one wall - while living in a bad part of town. Of course, most Windows users either reflexively answer "yes" to the unlock prompts (even when Jimmy the Crackhead is trying to get in) or have disabled them entirely. As for the hole, it's needed by "legacy applications" (*cough*ActiveX*cough*) and so everyone just puts up with it.
Better version:
OS X is like living in a normal house with standard locks; Windows is like living in a house with bars on the windows, maglocks on every door (even interior doors) that constantly ask, "Are you sure you want to unlock?", and a sign reading "FREE CRACK HERE" hanging on the outside over the giant hole in one wall - while living in a bad part of town. Of course, most Windows users either reflexively answer "yes" to the unlock prompts (even when Jimmy the Crackhead is trying to get in) or have disabled them entirely. As for the hole, it's needed by "legacy applications" (*cough*ActiveX*cough*) and so everyone just puts up with it.
You mean a worm. A virus by definition requires execution through manual user intervention. A worm uses a security hole to propagate itself across a network.
Agreed. Its not obscurity. Macs are Unix based and there are a lot of Unix servers out there handling some serious and important data. That data could be $$ to hackers and thats the motivator but the Mac still remains secure. this Obscurity thing needs to go anyhow. Macs are increasing in market share and are far from obscure. I can't wait for the business industry to wake up and realize how stupid it is to do business on Windows OS. Why use something so unsecure for your business operations?
There are no known worms. Right now hackers must rely on the ignorance and stupidity of users to use and enter stuff they shouldn't.
People are still crafty in coming up with ways to exploit software. As you say, nothing is perfect.
More secure than what? Windows XP yes. Windows Vista? Maybe. Windows 7? Hell no.