$10,000 Mac hack affects Windows too

[nepcker]

A few days ago, there was some news titled "Myth crushed as hacker shows Mac break-in". That title was incorrect -- it should have been "Hackers fail to break into mac, so organizers changed the rule". That wasn't actually a hack for Mac OS X, as it only compromised a user account. The Mac remained unhacked for many tries, and it wasn't until the event organizers opened the contest to non-attendees that one successful attack was made.

But now the bug that helped security researcher Dino Dai Zovi claim a $10,000 prize at last week’s CanSecWest security conference affects Windows systems too.

The flaw that Dai Zovi exploited actually lies in the way Apple’s QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com’s TippingPoint division, which put up the $10,000 prize. QuickTime runs on both Windows and the Mac.

When first reported, last week Dai Zovi’s bug was thought to lie in Apple’s Safari browser, a standard component of Mac OS X. But users of Firefox — which supports QuickTime on both Windows and the Mac — are also at risk, Forslof said Tuesday.


In terms of seriousness, the bug is comparable to the animated cursor vulnerability that was recently patched in Windows, Forslof said. The bug “is the equivalent to a click-and-you're-owned vulnerability,” she said.



Initially, contestants were invited to try to access one of two Macs through a wireless access point without any programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs (uniform resource locators) via e-mail.


Dai Zovi, who lives in New York, sent a URL that exposed the hole. Since the contest was only open to attendees in Vancouver, he sent it to a friend who was at the conference and forwarded it on.

Source

Just apply the latest patches to QuickTime, and you should be safe.

 

[gxsaurav]

Wait, an user opens an OS & can he work without any application running? That hack did affected Safari which is again made by Apple to hack in MacOS X, whats the difference then one available for Windows using some bug in IE? Aren't they both the same things...? Ways to hack in an OS.

Anyway, this new flaw which affects windows is a flaw in quicktime java, & again Quicktime is made by Apple.

 

[iMav]

arre gx ... woh bina safari k hi internet use browse karta hai .... hey nepcker a news flash for u .... use an Out of box windows vista/xp dont use any application and just boot and keep it it wont get hacked

 

[gxsaurav]

arre gx ... woh bina safari k hi internet use browse karta hai .... hey nepcker a news flash for u .... use an Out of box windows vista/xp dont use any application and just boot and keep it it wont get hacked

lolz

 

[iMav]

not sure par agar 98 ko bhi boot kar k, use no appz i think it wont get hacked

 

[gxsaurav]

Speaking of that old hack, umm...is it possible to hack a system on LAN with no file sharing or printer sharing or sharing available? I don't think so cos to hack a system on LAN that system must be shown in LAN or network neighbourhood or whatever the place is in your OS

This just in from neowin. That quicktime bug which was the reason for this hack affects all the other browsers. Apple should start fixing bugs in there existing products first.

 

[shantanu]

kya!! bina browser ke internet...

hey nepcker !! a fact for you!!! you know 90% hackers can hack MAc os.. but then they would be called crackers.. so they dont want to get their hands dirty.. and as a point of hack... nothing is the world is uncrackable and or unhackable...

so better keep the fanboyism low..

 

[anandk]

nothing is the world is uncrackable and or unhackable...

my line exactly. its just whter its worth hacking. and whats worthwhile for a hacker? recognition! positive or negative ! its just that 90%+ users use windows and thats whom he is therefore going to be targetting for thats where he is going to get more attention.

 

[mehulved]

my line exactly. its just whter its worth hacking. and whats worthwhile for a hacker? recognition! positive or negative ! its just that 90%+ users use windows and thats whom he is therefore going to be targetting for thats where he is going to get more attention.

In fact they'd get more recognition and fame for hacking a platform that is considered more secure. So, they'd rather target mac/linux then windows for fame and recognition.
And hackers attack windows......lolz
it's more like script kiddies who do.

 

[shantanu]

@tech_y_f do you really mean this , or just said it without any backup... this is not a script kid who hacks windows... and even in hacking Linux, no one will get anything.. as it is itself open.. and its not hard for a windows user who is having 1% knowledge of UNIX platform to hack into it.. here script works... i dont say it will take 3 mins or 5 or 25, but hacking linux, macs is not a big deal... infact if someone does it, then it wont be much difficult.. for windows... you must be remembering the BLASTER worm... that guy became famous overnight.. why ? coz he made a VIRUS for WINDOWS, and windows is the greatest platform of attraction to hackers for getting fame...

and kids dont make scripts... specially hacking ones...

 

[anandk]

and windows is the greatest platform of attraction to hackers for getting fame...

not many will understand this ! and even if they do; they'd prefer to play the ostrich but then, each to his own !

 

[gxsaurav]

In fact they'd get more recognition and fame for hacking a platform that is considered more secure. So, they'd rather target mac/linux then windows for fame and recognition.
And hackers attack windows......lolz
it's more like script kiddies who do.

I used to think of u as a sensible & helpful linux user, not a fanboy. But the truth is reveled today. You are a fanboy .

Just see above, a hacker just hacked Mac, how much recognition he got?

 

[kalpik]

Hmm.. He's getting a lot of attention aint it! Its NEWS that someone hacked a mac.. Suppose there are 2 threads.. "Mac hacked" and "Windows Hacked", which one would most of the people open first? And i find no fanboyism in mehul's post..

 

[praka123]

May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
*whylinuxisbetter.net
*www.livingwithoutmicrosoft.org/

 

[gxsaurav]

May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
*whylinuxisbetter.net
*www.livingwithoutmicrosoft.org/

Troll alert, who fed him

Again for no reason you are bashing Vista in this thread. Mind staying to the topic plz

 

[aryayush]

And i find no fanboyism in mehul's post..

Of course you don't. You are a normal person after all.

 

[Zeeshan Quireshi]

well as Recently published in a magazine , hacking is nowadays more of a profession than an obsession . Hackers target windows coz it's used by the majority and also Zero-Day Exploits for Windows fetch $30,000 - $50,000 per exploit , this is not the case with Mac/GNU Linux . Which Adware company will pay u to find a hack in these OS ?

May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
*whylinuxisbetter.net
*www.livingwithoutmicrosoft.org/

well as for u mate , let me tell u that i Use Windows XP and i DON'T have any Antivirus/Firewall installed n i haven't been affected by a single worm/adware/trojan/virus since 2 years. it's mostly the fault of the User not the OS who is respnsible for compromising his privacy , etc . now even if a person got folled by a phishing mail people would blame the OS

 

[praka123]

Well mate in that case you'll like to read this post:
*www.thinkdigit.com/forum/showpost.php?p=481647&postcount=2
UNIX like OS are more secure.

 

[mediator]

you must be remembering the BLASTER worm... that guy became famous overnight.. why ? coz he made a VIRUS for WINDOWS, and windows is the greatest platform of attraction to hackers for getting fame...

What does a virus has to do with hacking? Don' confuse trojans with viruses! I feel really annoyed, when anti-viruses show trojans,malwares,adwares,spywares as viruses tooo making no room for user's enlightenment so that he can understand the differences!
And...script kiddies doesn't mean kids!


That blaster guy got famous coz his work affected millions of windows PCs. Surely he wudn't have got famous if only a few PCs got affected! For that very reason the techies and forum phreaks like me know only about blaster,nimda and a few more and not the rest of the millions in the anti-virus's virus definitions!

Neways, I agree hacking windows isn't easy. Its no script kiddie task, not in the light of 3rd party security softwares! Security majorly depends on security/network admin. Its his work to customize, patch up and secure the system. A poorly administered system can be hacked easily "irrespective" of the OS. The network/system admin may not secure the system and leave it with the default settings. He may not be so technogically sound and may have taken that job in desperation without having interest in that field at all. So he might not be patching up the system daily either, leaving plenty of room for "zero day exploits" and with that its possible to hack into any system!!

this is not the case with Mac/GNU Linux

Being open source is the key here!

 

[gxsaurav]

Prakka123,

Would u mind not hijacking the thread. None of us here is a windows fanboy we give proper reason for any flaw in Windows & acknoledge if it is bad, however we do not sing the same tune again & again that Windows is most user friendly, runs on millions on hardware configuration & what not. Then why do u show yourself as a Linux fanboy & for no reason advertise Linux. Those links you gave are just nonsence & FUD against Windows OS.

There are so many users in this forum using Windows OS without any 3rd party security software. Get over it dude & stop being a smug.

Mediator is right, I have seen Linux systems getting hacked & pwned on LAN using Linux OS runing on the hacking computer, just cos the system was not well maintained & set, also I have myself seen Linux users unable to hack in Windows Vista systems with security settings properly maintained. Now how those IGNOU BIT students did it is beyond my knowledge, i just set up the drivers & computers & provided Ubuntu ultimate & Vista, while configuring Vista.