How long does it take a hacker to hack the latest and greatest OS X with all "security" patches installed ?

2 Minutes.

http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-...-winner-with-picture

Good thing i gave up on this piece of crap.

You have been warned.

When the shit hits the fan, don't come crying because uncle klapp told you so.

You're sitting in front of a security hole that's so ridiculous it's not even funny any more.

Do you keep sensitive data on an OS X machine that is connected to the net ? You've got guts. Or you're crazy. Or both.

OS X should be banned. The worst thing about it is Apple users won't even know if their machines have been compromised because they are too technically illiterate.

You have been warned.

.
Mac, OS X, Easiest To Hack, Says Prizewinner
.

Ooo, that's a bad bit of publicity for Apple. I mean, besides eye candy, I thought the reason to own a Mac was that it wasn't prone to viruses and other malicious attempts to mess with your data? Now it seems that Vista may be more secure. Or is one competition such as this a good judge of anything?

The exploit had nothing to do with Mac OS X or Safari. They gained supposed access by duping the client i.e. they set up a malicious website to get the end user to allow them access.

What I think this all shows is just what kind of in roads Apple is making into the business sector. It is a nightmare for these ITS guys because it takes less people to maintain Macs than it does for windows. The last thing ITS companies want is a system running in a company that say one person can maintain 100 hundred Macs to say needing 20 people to maintain 100 windows machines.

A conference like this is a good way to try to scare companies into thinking Macs are not secure. Windows is big business for the ITS industry. Running Macs cuts down on ITS overhead for businesses.

Any way brother Klappy has posted the same links to the same type of tests in the past involving a "hacker" gaining access to an Apple machine in a controlled situation were the "hacker" does not really gain access but rather the end user allows the "hacker" access through an external website.

quote:

Originally posted by RicoX:
The exploit had nothing to do with Mac OS X or Safari. They gained supposed access by duping the client i.e. they set up a malicious website to get the end user to allow them access.

What I think this all shows is just what kind of in roads Apple is making into the business sector. It is a nightmare for these ITS guys because it takes less people to maintain Macs than it does for windows. The last thing ITS companies want is a system running in a company that say one person can maintain 100 hundred Macs to say needing 20 people to maintain 100 windows machines.

A conference like this is a good way to try to scare companies into thinking Macs are not secure. Windows is big business for the ITS industry. Running Macs cuts down on ITS overhead for businesses.

Any way brother Klappy has posted the same links to the same type of tests in the past involving a "hacker" gaining access to an Apple machine in a controlled situation were the "hacker" does not really gain access but rather the end user allows the "hacker" access through an external website.

Idiot.

That OS X is running on outdated versions of a gazillion Open-Source-components with known security holes for which fixes have been available for weeks has nothing to do with Apple. Yeah, sure.

http://www.computerworld.com/action/article.do?command=...ic&articleId=9029202

"After he, Honoroff and Mason fuzzed the vulnerability out of WebKit, the application framework that forms the foundation of the Safari browser they discovered that the flaw they had rooted out had been fixed by the open-source project more than a year before"

Nothing to do with Apple, of course.

That Safari has known security holes all over the place has nothing to do with Apple. Yeah, sure.

Who has it to do with then ? The tooth fairy ?

The end user simply clicked a link in Safari.

Due to a bug in Safari - which Apple has nothing whatsoever to do with of course - , that website was able to run some code on OS X which due to security holes in OS X - which Apple has nothing whatsoever to do with of course - was able to open a TCP/IP-port through which due to security holes in OS X - which Apple has nothing whatsoever to do with of course - a remote telnet session could be opened which due to security holes in OS X - which Apple has nothing whatsoever to do with of course - allowed the hacker to take control of the machine. Good thing Apple has nothing whatsoever to do with that.

This is the same bullshit i kept hearing with "repair permissions". As long as you don't install any third-party software, you're fine with permissions on OS X. Well, great. So that means as long as i don't click any links in Safari, i'm fine with OS X. Hilarious.

In my organization and many others, Apple-PC's running OS X are banned for security reasons, and that's a darn good thing. So much for your inroads. Only a retard would run this piece of crap in a professional organization.

By the way: Did you know that Microsoft actually buys exploits for Windows ? That's right, if you are a gifted hacker, Microsoft will pay you for discovering security flaws in Windows. If you try to sell an exploit to Apple - well, they just don't give a shit about security.

This message has been edited. Last edited by: klapauzius,

Oh I am an idoit?

Fuck you dick shit. You are sounding like a troll now.

What are you saying that you are a retard or the retard in your organization?

idoit

What the hell is an idoit?

Fuck you dick shit.

I read this guy once who explained that there's a fundamental contradiction involved in networking computers. In order to share information between them, they have to be open. But not too open. I like Microsoft's practice (if that is what they are doing) of paying for the information regarding the holes people discover. What I most definitely don't like is Microsoft's practice of security-via-dialog-boxes. You know the kind. Some dialogue pops up, "Are you sure you want to allow attachments in your emails?" That's a disgraceful method of supposedly securing a computer. And I don't know if Vista's email program has the ability to receive attachments off by default, but some versions of XP did. And that's not security. That's passing on the responsibility for what should be hi-tech stuff to users who can't be expected to be security experts. They just want stuff to work. They don't want little more than security via cover-your-ass dialog boxes.

Okay, we all make fun of Window's over-size Notification messages that pop up out of the task bar. But I'll take that behavior any day over the extremely inconvenient and annoying behavior of OS X apps shoving themselves to the foreground and dropping me out of the app I was working in. This is extremely rookie. Has Leotard corrected this amateurish behavior of the OS?

quote:

This is extremely rookie. Has Leotard corrected this amateurish behavior of the OS?

No. The other one I hate is when the Window manager gets confused, and you go to scroll on the window you're working in, and suddenly something else springs forward, as if you clicked on an other layer.

quote:

Fuck you dick shit. You are sounding like a troll now.

Hey! I resemble that remark, lol.

quote:

Oh I am an idoit?
Fuck you dick shit.

William F. Buckley lives.
.

Here is a thread brother thalo started about the "first trojan" virus for Mac OS X. That was back in March of 2006.

It was the same nonsense where the "trojan" to be activated the user had to be an active participant. So much so that the anti-virus Software engineers at Intego who "found" it had to show the authors of the MacCentral article how to make it work. The MacCentral authors could not get it to work on their own.

Brother Klappy jumped in after all the Font posts to say the same crappipe bullshit he is saying in this thread.

BN has it pretty much down that the security in windows that brother klappy is talking about is all those pop up windows asking the end user do you want to do that. Are you sure you want to do that. You better think twice about doing that. Is that a device that has attached itself you might want to not do that.

It is no surprise Microsoft would be paying people to create viruses and trojans. It is big business anti-virus software.

quote:

It is no surprise Microsoft would be paying people to create viruses and trojans. It is big business anti-virus software.

But isn't that more than outweighed by Microsoft's being known for putting out hackable, unsecure OS's? Some people have switched from Windows to Mac for just that reason, while MS's reputation is for putting out crap.
.
.

This message has been edited. Last edited by: Markle,

If the Mac had more of a marketshare, they'd be just as hacked. There is nothing bulletproof at all about OS X. It's simply a smaller target, and casual users are small fish for hackers. I mean think about it, what are they going to get off of casual users, MP3s? Something they COULDN'T get off of the peer-to-peers? Home Movies?

Whereas most businesses are PC based. Deeper pockets, bigger targets. There's nothing with anything worth stealing, like a phone company or internet provider that's run on Macs. With the exception perhaps of iTunes. And I'm sure those servers get attacked mercilessly. If you're worried about anything in the Mac world, worry about your iTunes username and password getting hacked. That's where all the pressure is.

Meanwhile, most Mac users have no idea how to secure a network. My neighbor has a wireless Mac network that's left totally open. People have no idea how to set the multi-user environment up so it's secure. Same goes for anyone with a wireless router. From my office, my car, even my patio I can access free internet from about six different networks, all unsecure.

quote:

Originally posted by thalo:
If the Mac had more of a marketshare, they'd be just as hacked. There is nothing bulletproof at all about OS X. It's simply a smaller target, and casual users are small fish for hackers. I mean think about it, what are they going to get off of casual users, MP3s? Something they COULDN'T get off of the peer-to-peers? Home Movies?

Whereas most businesses are PC based. Deeper pockets, bigger targets. There's nothing with anything worth stealing, like a phone company or internet provider that's run on Macs. With the exception perhaps of iTunes. And I'm sure those servers get attacked mercilessly. If you're worried about anything in the Mac world, worry about your iTunes username and password getting hacked. That's where all the pressure is.

Meanwhile, most Mac users have no idea how to secure a network. My neighbor has a wireless Mac network that's left totally open. People have no idea how to set the multi-user environment up so it's secure. Same goes for anyone with a wireless router. From my office, my car, even my patio I can access free internet from about six different networks, all unsecure.

Sorry, but you have no clue.

Hacking a computer is not just about stealing confidential data (although i would suspect that the "casual users" you refer to have their credit card or social security data lying around somewhere on their machine). It's much more about hijacking a computer to send spam mails from it, send mails with the "casual user" owner as sender and so forth. If a hacker has control of your machine, he can do anything you can do like send an e-mail to someone with whatever contents with YOU as the sender.

Bu that's just small fish, since Apple-PC-Users are immune from all of that. Steve said so.

And you do have a very good point: How many of you Apple-PC-users are technically able to check whether the UNIX bbox you're using has not been hacked ?

I'd wager not a single one of you.

Yes, certainly, many spammers try to hack individual computers to try and send spam that can't be traced back to them. I understand that hacking a computer is about more than stealing confidential data.

Sometimes hacking is even about nothing more than simple vandalism or intellectual everests (seeing if "it can be done") with no clear aim in sight.

There's also varying degrees of hacker. From the script-kiddie up through black hats and cyber terrorists. Spammers are kind of their own thing, though, and I've heard that hackers are just as likely to make spammers a pet project as they are to assist them. Most of the zombie-ing tactics spammers use are by people who run scripts without having the skills to actually write their own. A true spammer-hacker would be formidable, I just don't think spammers get many volunteers because they are universally hated.

Because I do so much work in web design, and so much of it on UNIX servers, I've been able, over the years, to learn something of how to check for hacker incursions. Sometimes it's easy, if it's just some idiot tagging the site... other times it's more difficult, because some guys know how to cover their tracks, even change log files and time stamps. But most of what the average Mac User will encounter are not that sophisticated. Again, because the prize isn't that high. There are easier ways for identity thieves to get information (from the garbage) than hacking.

Anyway, almost no hacker gets away totally clean, without leaving something behind. Sometimes the whole IDEA is to leave something behind. And most of their "warez" like username/password sniffers are (usually) more effective running from the host computer.

You have to look at logs, on your Mac and your router/firewall. You sometimes have to compare binaries of files with clean copies, you have to check time stamps on all hidden files, while knowing which ones are normal and which aren't. A utility like FileBuddy 9 is pretty good for searching your entire computer for various types of files, including invisible ones.

The worst thing Steve Jobs can do, is tout the Mac as impregnable... because it's not. And all that's going to do is cause hackers to make Mac OS X an intellectual everest. They'll gain more chops by wiping the smug look off his face, than exploiting holes that every other tom dick and hacker knows about.

I'll say it again, the Mac is just not enough of a carrot to appeal to most hackers. But notice the second somebody made a CONTEST out of it, boom, a Mac was compromised in record time.

Actually it wasn't hacked in record time. And it wasn't done through a bunch of open holez.

It was done in a week plus two minutes. To quote the hacker: "It took us a couple of days to find something, then the rest of the week to work up an exploit and test it. It took us maybe a week altogether."

As for this... "the Mac is just not enough of a carrot to appeal to most hackers. But notice the second somebody made a CONTEST out of it, boom, a Mac was compromised in record time"... flaming ignorance. This "security through obscurity" has been refuted in every way conceivable, and still it gets used by those who have nothing but it as a last resort.

25 million. That's a nice target. However, OS X isn't a carrot, because it is useless to crack, since it can't be set up to USE.

And still to date, you cannot connect a PC directly to the internet without its being compromised in a matter of minutes. You can connect a Mac to the internet and it will never be compromised. No viruses. No trojans except one that demands full user participation. NOTHING. No financial losses to anyone due to worldwide or company-wide virus or trojan infections. No spyware.

"Meanwhile, most Mac users have no idea how to secure a network. My neighbor has a wireless Mac network that's left totally open." That's kind of partial, isn't it. The insecure networks in my neighborhood are PC networks. Gees, I have so many identified as "linksys" or "smc" it's ludicrous. Those are the unsecured ones. Yeah... the one identified as "AppleNetwork" is, of course, secured. Securing a wireless router in your neighborhood has nothing to do with the sophistication of the users of different platforms. It has to do with the fact that many people, regardless of platform, don't secure their networks. That's why from your office or car you can access free internet from half a dozen insecure networks. Not because you're surrounded by Mac users.

"When the shit hits the fan, don't come crying because uncle klapp told you so. You're sitting in front of a security hole that's so ridiculous it's not even funny any more."
Yeah, yeah. I know. I've been hearing that from frustrated Windows lusers for, wow... yeah, years now. The shit has never hit the fan, and no one will ever come crying to you. The security hole we're supposedly sitting in front of? Only if we also have a Windows machine. Coincidentally, I do. It's the one that has to take the performance hit to run an antivirus, antispyware, and constant security updating for real problems.

quote:

flaming ignorance. This "security through obscurity" has been refuted in every way conceivable, and still it gets used by those who have nothing but it as a last resort.

And yet, you don't go ahead and refute it except to say 25 million is a nice target. Well, actually no, it's a drop in the bucket compared to number of PC users which is between 660 to 670 million, due to hit a Billion users, with a B, by 2010. Refuted in every way possible? Is 25 million a bigger number than 670 million in Apple Delusions these days?

quote:

However, OS X isn't a carrot, because it is useless to crack, since it can't be set up to USE.

I know, I have had many many problems setting up OS X to USE myself. And I'm talking legitimate professional use.

There's actually a very chilling implication in what you've said. Maybe one of the things that makes OS X more resistant to viruses and trojans and so forth is the same thing that keeps it consistently underperforming as a personal computer. It doesn't really DO all that much. It's more of a server and less of an application runner. I hope you're wrong there.