Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Researcher Set to Announce 20 Zero-Day Holes in Mac OS X

m0nastic said:
Honestly, I'd be curious to see some of those web sites, as the only thing I ever see is that before the conference, media will cover that there's a hacking contest, and the past two years, they've talked about how OS X was the first system hacked; in which case they share some quotes with Charlie (as he's won the contest the past couple years) where he talks about OS X security.

Every actual interview I've seen him give has been pretty down-to-earth, usually as he tries to dispel some of the nonsensical rumors that get associated with OS X security, or the security research community in general.

But look, I'm not his brother or anything, I just don't like seeing someone in my industry maligned by people making guesses as to their motivations or abilities without any information to back it up.
Click to expand...

That's my view on him. At first I was like "what a douchebag!! I hate this guy!" but really it's the headlines that paint him that way; actually reading the interview he comes across as a decent guy.

satcomer said:
OK then why does has name been featured in the tech news circles for the past few yew years? He is a media whore trying to show how viable he is and why is it we never hear from other contests of the contest.
Click to expand...

Here's some marketing 101 for you:

A. Guy makes a living doing security work, vulnerability testing various OSes and applications.

B. Guy knows how to break into OS X, and does so consistently.

C. Guy enters contest, which costs him very little or is worth the expense

D. Guy gets free advertising all over the internet for his abilities, resulting in companies seeking him/his company out for work

E. Profit

It's really not that hard.

Why don't you hear from the other guys? Because they don't win. Every year.
 
Yamcha said:
Not surprised, when OSX becomes more relevant it'll become just like Windows, It has nothing to do with Macs being more secure, thats just BS.. I love OSX but being a computer enthusiast I know the reason the OSX do not have many viruses or spyware is due to the fact that not many people use it..
Click to expand...

oic

So it's not really that Win NT and *nix are fundamentally different at their cores. It's just marketshare.

Right.
 
zombiedictator said:
More secure than what? Windows XP yes. Windows Vista? Maybe. Windows 7? Hell no.
Click to expand...
I see some of us are still under the illusion that Windows 7 is more than just Vista with a bunch of patches. The house of cards will come down, its just a question of when.

As far as hackers touting Mac vulnerabilities, I say bring it on. If you have so many ways to hack it that you can "land a 747 sideways," where are you?? I just don't buy the whole small market share argument. There are enough of us out there now that it would certainly get attention if someone actually did it. We will see what the master hacker Charlie Miller says in his address.:rolleyes:
 
Bike Locks and Viruses

When I was going to school the rule was always that since any bike lock could be broken the best strategy was to always make sure your bike lock was better than the lock (or lack of) on the bike next to yours in the bike rack.

While there may be worms/viruses eventually that will threaten my Mac, there will always be Windows PCs "parked" nearby that will provide an easier target. This is one of the reasons I am thankful that Microsoft exists!
 
Eddyisgreat said:
So NT = *nix ? Ok. No differences.

Right.
Click to expand...

You know that people just like to parrot others without actually looking into what they say. It's how the world works unfortunately. Completely dismissing unix's security by design when compared to windows is just what happens when people refuse to look at reality I guess.
 
supmango said:
I see some of us are still under the illusion that Windows 7 is more than just Vista with a bunch of patches. The house of cards will come down, its just a question of when.

As far as hackers touting Mac vulnerabilities, I say bring it on. If you have so many ways to hack it that you can "land a 747 sideways," where are you?? I just don't buy the whole small market share argument. There are enough of us out there now that it would certainly get attention if someone actually did it. We will see what the master hacker Charlie Miller says in his address.:rolleyes:
Click to expand...


actually Windows 7 is more than just Vista with a bunch of patches. it's a new kernel. MS started a major rewrite of Windows back in 2001 or 2002 and Windows 7 is the first product based on the rewrite
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16)

No viruses on the Mac so far. You can use whatever excuses you want, but we are still quite safe without virus protection over here.

Windows users bring up that they have more selection of software (owing to their larger user base) but they'll jump all over you if you bring up the virus thing. Now the user base becomes an excuse.

Suck it up. The mac is a better platform. It's not just a matter of taste. It's a matter of good taste.
 
Here is a very simple solution. Make sure that your cable/fiber/DSL model is either a NAT firewall or buy a hardware firewall to place between your modem and your computers. Problem solved.

Software firewalls outside of what come with your OS are a waste of time, money and your computer's resources.

If you are behind a NAT firewall, you are protected from remote attacks like mentioned in this article.
 
cleric said:
Looks like I better go back to OpenVMS on my Alpha
Click to expand...

Sweet! Whatcha running? Our company still runs OpenVMS. We recently just retired our last VAX. I don't use the systems much myself. OpenVMS was quite a revolutionary system in its day. Still works great today.
alphafamily.jpg


The pic is from the Digital timeline page at Microsoft. It is actually a pretty interesting site if you are into Digital computers and their history.

http://research.microsoft.com/en-us/um/people/gbell/digital/timeline/dechistory.htm
 
supmango said:
I see some of us are still under the illusion that Windows 7 is more than just Vista with a bunch of patches. The house of cards will come down, its just a question of when.
Click to expand...

Funny, wasn't it Apple that said Snow Leopard was just a minor update which is why it's so cheap?
 
alent1234 said:
actually Windows 7 is more than just Vista with a bunch of patches. it's a new kernel. MS started a major rewrite of Windows back in 2001 or 2002 and Windows 7 is the first product based on the rewrite
Click to expand...

That's not entirely true. Nor is the post you quoted very accurate. Microsoft started Vista based off of XP, they scrapped that and started over but basing it off of Server 2003. Windows 7 is based off of Vista. I believe it's kernel is shared with Server 2008 though.
Vista is a major update though. It laid the groundwork for future windows editions. They changed the kernel, security model, driver model, etc.
7 focused more on the polish to all that. Optimizations, speed, bug fixes, etc. Similar to snow leopard is to leopard.

Though 7 is certainly more than Vista with a few patches. Ars Technica has a nice extensive right up on this very topic. Very well done. That said, Vista is quite secure. And it's technologies carried over the windows 7 and then some.
Our favorite hacker we are discussing here is even on record saying Vista is more secure than OSX. But that OSX is safer. Apple introduced ASLR but only partially among other things in snow leopard.

When most people talking about viruses and infected windows machines the vast majority of the time they are talking about XP. You don't hear a lot of viruses in Vista and 7. It would be interesting to seem some actual data on that subject. How many viruses have actually affected those machines that were not stopped by UAC. I'd also like to see a comparison on infection rates in Vista/7 32bit vs 64bit.
 
VenusianSky said:
Sweet! Whatcha running? Our company still runs OpenVMS. We recently just retired our last VAX. I don't use the systems much myself. OpenVMS was quite a revolutionary system in its day. Still works great today.
alphafamily.jpg


The pic is from the Digital timeline page at Microsoft. It is actually a pretty interesting site if you are into Digital computers and their history.

http://research.microsoft.com/en-us/um/people/gbell/digital/timeline/dechistory.htm
Click to expand...

i think i read somewhere that the guy who designed it was hired by MS to head development of Windows NT
 
archer75 said:
That's not entirely true. Nor is the post you quoted very accurate. Microsoft started Vista based off of XP, they scrapped that and started over but basing it off of Server 2003. Windows 7 is based off of Vista. I believe it's kernel is shared with Server 2008.
Though 7 is certainly more than Vista with a few patches. Ars Technica has a nice extensive right up on this very topic. That said, Vista is quite secure. And it's technologies carried over the windows 7 and then some.
Our favorite hacker we are discussing here is even on record saying Vista is more secure than OSX. But that OSX is safer. Apple introduced ASLR but only partially among other things in snow leopard.

When most people talking about viruses and infected windows machines the vast majority of the time they are talking about XP. You don't hear a lot of viruses in Vista and 7. It would be interesting to seem some actual data on that subject. How many viruses have actually affected those machines that were not stopped by UAC. I'd also like to see a comparison on infection rates in Vista/7 32bit vs 64bit.
Click to expand...

Vista RTM and Server 2003/2008 are a similar kernel. Vista SP2/7/Server 2008 R2/2008 SP2 is the new Mini Win kernel.

back around 2001 MS realized it made a mistake of putting everything in the kernel and started a project to break it up. It was almost a total rewrite of Windows and required making multiple versions of a lot of files similar to OS X 10.5. it's the reason Windows 7 takes 20GB of hard drive space.

MS called this Mini Win and it makes Windows more like UNIX, more modular. It's still not done and we'll see more of this in the coming years as the old WIndows NT/2000/2003/XP code is wiped away

i run 10.4 and Windows 7. Been running 7 since before the official launch. very few security updates compared to XP/2003. and the ones that come out aren't that big a deal unlike the old days. i just set up a Windows 2003 R2 SP2 server today and it's over 200MB of patches to fix stuff that came out just in the last 2 years after SP2
 
stuffradio said:
Funny, wasn't it Apple that said Snow Leopard was just a minor update which is why it's so cheap?
Click to expand...

Yes, but no one is acting as if it was the best Windows OS ever which is on par with Mac OS X in terms on stability and yadda yadda yadda...

Snow Leopard is a minor update, with big under the hood changes. but it's still a minor update.
 
alent1234 said:
actually Windows 7 is more than just Vista with a bunch of patches. it's a new kernel. MS started a major rewrite of Windows back in 2001 or 2002 and Windows 7 is the first product based on the rewrite
Click to expand...

Do you have a reference for this? The MS engineers that I have talked with say that Vista was the redesigned NT kernel and that Server 2008 and Win7 are evolved from that.
If your referring to the "MinWin" optimizations, that was more about reduced overhead and has been largely a part of Vista since SP1.
 
archer75 said:
That's not entirely true. Nor is the post you quoted very accurate. Microsoft started Vista based off of XP, they scrapped that and started over but basing it off of Server 2003. Windows 7 is based off of Vista. I believe it's kernel is shared with Server 2008 though.
Vista is a major update though. It laid the groundwork for future windows editions. They changed the kernel, security model, driver model, etc.
7 focused more on the polish to all that. Optimizations, speed, bug fixes, etc. Similar to snow leopard is to leopard.

Though 7 is certainly more than Vista with a few patches. Ars Technica has a nice extensive right up on this very topic. Very well done. That said, Vista is quite secure. And it's technologies carried over the windows 7 and then some.
Our favorite hacker we are discussing here is even on record saying Vista is more secure than OSX. But that OSX is safer. Apple introduced ASLR but only partially among other things in snow leopard.

When most people talking about viruses and infected windows machines the vast majority of the time they are talking about XP. You don't hear a lot of viruses in Vista and 7. It would be interesting to seem some actual data on that subject. How many viruses have actually affected those machines that were not stopped by UAC. I'd also like to see a comparison on infection rates in Vista/7 32bit vs 64bit.
Click to expand...

Windows 7, 8 out of 10 malware bypasses UAC:
http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable

and after that, it's not that difficult for malware to tweak the registry, disable the other security measures and screw up the whole system.
 
alent1234 said:
Vista RTM and Server 2003/2008 are a similar kernel. Vista SP2/7/Server 2008 R2/2008 SP2 is the new Mini Win kernel.

back around 2001 MS realized it made a mistake of putting everything in the kernel and started a project to break it up. It was almost a total rewrite of Windows and required making multiple versions of a lot of files similar to OS X 10.5. it's the reason Windows 7 takes 20GB of hard drive space.
Click to expand...

That total rewrite, was based on XP and it was scrapped. They started over basing Vista off of Server 2003(SP1). http://en.wikipedia.org/wiki/Windows_Vista
Windows 7 doesn't take 20gb of hard drive space. It is in the requirements tough as it uses that space to copy over installation files and extract them. The final install is smaller.
 
alent1234 said:
i think i read somewhere that the guy who designed it was hired by MS to head development of Windows NT
Click to expand...

I believe that is correct as well. There are similarities in some parts of the NT and VMS systems (NT is like a hybrid of DOS / OS/2 / OpenVMS). OpenVMS was a superior system to UNIX, but it was also far more expensive. Digital was far ahead of their time. Unfortunately, the people running the show ran it into the ground. Digital's legacy will live on through the use of their technologies in software and hardware.
 
notjustjay said:
I dunno. Every time someone even says the word "virus" all the Mac fans jump out and say things like "Not for us! There are no viruses for the Mac!" (Myself included.) For the last 10 years, it's been the same smug, condescending battle cry. "No viruses! Not here! Not us!"

You don't think that the first guy to create an actual, self-replicating virus on OS X, the first guy to prove them all wrong, the first guy to stick it in everyone's face, wouldn't become as famous as Steve Jobs and Linus Torvalds themselves?

You don't think that somewhere out there is a hacker who wants to make a name for himself?

That's why I don't buy "security by obscurity".
Click to expand...

I'll take it a step further. Android has PROVEN that "security by obscurity" is full of shiitake. Why?
iPhone apps: 100k + (malware = 0)
Android apps 10k-25k (banking phishing apps)
iPhone market share is far higher than Android at this point and time.

Sure, the Android apps weren't viruses in the truest sense, but malware writers went for what they ALWAYS go for — the easiest target. In the PC world, Windows just so happens to be the easiest and the largest.

I'm not an Apple apologist and I'll use antivirus software if it ever comes to that, but all these people saying people don't care about Macs don't have an excuse as to why anybody would give a crap about Android so early in the game.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back