$10,000 Mac hack affects Windows too

[Zeeshan Quireshi]

Well mate in that case you'll like to read this post:
*www.thinkdigit.com/forum/showpost.php?p=481647&postcount=2
UNIX like OS are more secure.

my point is , the OS is as secure as the user using it .

so if the user is a fool then i think there's no sense blaming an OS .

and i didn't say nything of the sort that Unix was les secure , bla bla i only said it all deepended on the user , get it ?

 

[nepcker]

At that event, nobody was able to break into mac. Several attempts, no success. Then the contest was open to non-attendees. Again, no success. Only one successful hack occurred after sending URLs via e-mail was allowed too.

As for fame and recognition, the Blaster worm guy got recognition because it was a serious threat. But this hack for OS X is not a serious threat.

*www.macworld.co.uk/macsoftware/news/index.cfm?newsid=17871

Organizers of last week's MacBook Pro hack challenge Thursday disputed accounts that the QuickTime exploit that won the $10,000 prize was nicked from a wireless network and is now in circulation.

"Not likely," said Dragos Ruiu, one of the CanSecWest and hack contest organizers. "Everything went over a wired network. It was in a locked cabinet, so it would have to have been physically compromised."

When asked about the chance that the exploit could now be in the hands of anyone other than 3com TippingPoint – the company that paid $10,000 for the code; its creator, Dino Dai Zovi; and Apple, Ruiu said: "Slim."

Hackers target windows coz it's used by the majority and also Zero-Day Exploits for Windows fetch $30,000 - $50,000 per exploit

Nah, you'll only get a few transcaucasian rubles if you find a exploit in Windows, for they are so common. But if you found an exploit in Mac OS X, you'll be awarded with $10,000 (as like Dino Dai Zovi, who found an exploit in QuickTime, and got rewarded for that).

 

[gxsaurav]

At that event, nobody was able to break into mac. Several attempts, no success. Then the contest was open to non-attendees. Again, no success. Only one successful hack occurred after sending URLs via e-mail was allowed too.

is it possible to hack a system on LAN with no file sharing or printer sharing or sharing available? I don't think so cos to hack a system on LAN that system must be shown in LAN or network neighbourhood or whatever the place is in your OS

now what to say.

But this hack for OS X is not a serious threat.

Yup it is not a serious threat despite of the fact that the hacker was able to access the user folder, was able to copy or delete or replace files there. Here is the thing, he was able to access the user files & he could have created havoc...still u say this is not a serious threat. Ya right. Whats more of a serious damage to u, your OS files getting curropt which can be fixed by simply reinstalling it or someone deleting the pics of your gf .

Even blaster worm was not a serious threat then, it only rebooted the machine on connecting to windows update, for those who don't use Windows Update it was not a serious threat either :-"

 

[Zeeshan Quireshi]

Nah, you'll only get a few transcaucasian rubles if you find a exploit in Windows, for they are so common. But if you found an exploit in Mac OS X, you'll be awarded with $10,000 (as like Dino Dai Zovi, who found an exploit in QuickTime, and got rewarded for that).

well then i suggest u read the latest issue of CHIP mag , also u get money for finding exploits in windows coz adware/spyware companies can then use these exploits to market their product , etc . these companies r the ones that pay u for finding explots .

as for $10k for finding an exploit in mac , then well events like these happen once a year man , n u can't possible make a living earning $10k a year

 

[nepcker]

Simple Random questions. Anyone can answer them?

1. They were having trouble hacking the "Macs"?
2. They changed the rules?
3. They allowed the Safari browser?
4. You had to load a plug-in for Safari for this to work?
5. Would I have been asked for permission to load the plugin?
6. If I didn't allow or load this plug-in would it still have worked?
7. They paid out money for a misleading media con against Apple?
8. Does anyone believe that anything man made is infallible?

And yeah, you can't make a living by finding exploits on OS X -- they're way too less on OS X when compared to Windows.

 

[iMav]

^^ and your point is ... please read i have given a news flash for u on the first page itself ... read that and then revel in the macs past glorious

 

[shantanu]

8. Does anyone believe that anything man made is infallible?

really.. i think this was the first thing every body said.. except you.. and thank god , now you youself commited this...

 

[nepcker]

@mAV3:*www.thinkdigit.com/forum/member.php?u=12027
I just meant to say that they cheated and lowered the security levels. Before the security levels were lowered no one could break in. So this break in is null and void as a real world break in. This seems to be a trend that has played out itself over and over again. People pretend to break in and create a big headline, but in the end the story is unfounded. The truth comes out later that, like in this case, they had to cheat in some way or another to get in.

Thanks for the news flash. It works with Windows 98 too. 98 ran without any BSOD/error boxes/security threats for over 30 minutes. A new world record, I guess.

@shantanu_webmaster:
You were the one that said it, not every body. But I guess you were right.

But I've already accepted that Macs are indeed hackable, and that hacking a mac is easier the hack than hacking Windows. I've posted it before, but since you seem to have missed it, I'm posting it again:

Yes, macs are hackable. What's more, hacking a mac is way too easier than hacking a Windows PC. Here are the steps which you can follow to hack a mac:

Step 1: Find a dude with a mac running.
Step 2: Tap on his shoulder, and state something like "Hey, is that Steve Jobs over there using an iPhone?".
Step 3: Quickly rip the Mac from his hands, and run like hell.
Step 4: Pray that he was logged on as an admin, so you can change the rights.

See? It is crystal clear that the mac is more hackable. In my attempts with Windows systems, I had to perform Step 2 several times over to try and get the driver disks, Service Pack 2, the anti-virus program manual, et cetera. I have also noticed that the mac I own, the Mac Pros are more secure, as the hacker will probably fail in the step 3 process.

Seriously, I know there are holes in the Mac OS X, as there would be with any. The line about Mac not spending enough time on security when compared to Windows is a crock, as they (and the UNIX developers) started working on security about twenty years before Windows even considered it. I think it would be very interesting to see the code behind the hack, as I suspect it actually may be more like my "comedic code" above than a true, and grave threat.

 

[freebird]

UNIX is much more secure by design itself my dear poor winblows users
be it mac os x,freebsd,linux any UNIX like OS.take it

 

[Zeeshan Quireshi]

UNIX is much more secure by design itself my dear poor winblows users
be it mac os x,freebsd,linux any UNIX like OS.take it

well freebird , i clearly see that u r a FANBOY , pls keep ur comments to urself or we'll have to call GX

 

[shantanu]

1. If you boot up and surf the Web using a Windows PC without installing or configuring any security tools, it will likely pick up some piece of spyware, some adware, or a virus on it pretty quickly. By contrast, you can surf the Web using a Mac without changing any of the default install settings for months without problems. This is what most people point to as proof that Mac OS X must be more secure.

What really makes this example seem like evidence of Mac OS X as a perfectly secure operating system is that there are very few viruses or other forms of malware that have been created to exploit flaws in Mac OS X.

There are multiple reasons for this; chief among them the fact that there are far fewer Macs in the world than there are Windows PCs. As a result, most malicious code writers choose to target Windows so that they can have a much wider impact.

2. Another factor is that until recently Mac OS X was designed to run only on Power PC processors, which use different instruction sets and assembly language than Intel or AMD processors. Although not an impossibly large hurdle to malicious users, this meant that malware needed to be coded with a payload specific to Power PC hardware rather than simply converting an existing payload to work with exploitable flaws in Mac OS X. Combined with the smaller user base, it historically resulted in far less interest in targeting Mac users.

Security by obscurity, however, is not proof of a secure operating environment. It might not even be a comforting thought because it can lead to a general lackadaisical attitude toward security and widespread infection should a rapidly propagating virus or other malware be developed. The truth is that although there have been few instances of malware or widespread attacks targeting Mac OS X, the platform is not perfectly secure. In fact, it does have a variety of vulnerabilities.

Kernel Weakness

One of the weaknesses in Mac OS X is its combination of BSD Unix with the Mach kernel. The BSD nature of Mac OS X offers several security advantages: securelevels, a multiuser access control model, and the ability to limit the access that applications have to the kernel and other core operating components. All this offers improved security compared with most Windows releases.But Windows Vista makes this go its own way, by enhancing the kernel to be more secure.

However, the fact that the BSD architecture sits on top of the Mach kernel presents a weakness because it’s possible to use Mach-specific kernel services to circumvent BSD security features by passing system calls and instructions into the kernel itself. This could allow a malicious user with knowledge of the Mach kernel to carry out a number of normally restricted activities.

There are also a number of known vulnerabilities to the Mach kernel. As with most kernel vulnerabilities, they are primarily related to system calls. Some of them have been used in the past to develop rootkits capable of patching the kernel and allowing a malicious user to infiltrate a system without detection. Apple has prevented known rootkits from being used to compromise the current release of Mac OS X. However, there continue to be ways in which malicious users or code can infiltrate the kernel and, by extension, compromise the entire operating system.

I think this can clear some myths and facts.

 

[aryayush]

All it did was further drive the point home that Macs are highly secure. Yes, it did warn that it might start getting infected by viruses in future. LOL! Haven't we been hearing that since ages?

I use my Mac with the default settings and the firewall turned on. I use the administrator account (which is password protected) and I do not use any security software. I open every link I come across without any fear and I use P2P software. I will believe that Macs are not as secure as they are touted to be the day I get hit with virus or spyware. I couldn't care less about the reasons why Mac OS X is secure.

And your post has been reported for not mentioning the source. You keep doing that all the time.

 

[shantanu]

i dont think i did it any time.. report it and get as rude as you can

now you have to mention my each and every post coz you have said all the time.. plz mention the proof for that...

 

[gxsaurav]

Simple Random questions. Anyone can answer them?

1. They were having trouble hacking the "Macs"?
2. They changed the rules?
3. They allowed the Safari browser?
4. You had to load a plug-in for Safari for this to work?
5. Would I have been asked for permission to load the plugin?
6. If I didn't allow or load this plug-in would it still have worked?
7. They paid out money for a misleading media con against Apple?
8. Does anyone believe that anything man made is infallible?

And yeah, you can't make a living by finding exploits on OS X -- they're way too less on OS X when compared to Windows.

1) Yup, we don't know the reason why. Maybe file & print sharing was disabled cos if it was enabled then it sure would have been possible or something like that. Just assuming cos i was not there

2) They changed the rule cos no one there was able to hack.

3) Obviously, can u expect any user in this world to work without a browser or without any application runing like I mentioned in post 2

4) For your kind info, Quicktime plugin is loaded in Safari or all browsers in Mac automatically.

5) Nope, it is a Apple browser plugin from Apple Quicktime, it comes under trusted plugins.

6) If u disable Quicktime plugin Safari then it will have 0 Multimedia capabilities in it.

7) They paid moeny for succesfully hacking Mac. Stop being such a bad defender.

^^^^ arya, what if unlike u he actully wrote it from his own experience

 

[freebird]

@shantanu' quote source @:
*www.informit.com/articles/article.asp?p=712742&rl=1

 

[gxsaurav]

^^^ bhai, u got lots of useless time to dig things on Net.

 

[freebird]

^^ Now some useful eyeopener for U and many Win users:
Why is Linux more secure than Vista?

In Vista Security A Joke? : Executables Install As Administrator Because It’s More Convenient, Vista gets dinged for prompting users to run installer executables as Administrator.
The article gets it wrong though. How many Linux users out there have done this?

1. sudo make install
2. sudo yum install my-favorite-app
3. tar xzvf my-favorite-app.tar.gz; cd my-favorite-app; sudo ./install.sh

I don’t know a popular distro that doesn’t also prompt the user to install software or modify system settings as root. So, on the surface, the Vista model and the Linux model are the same. Installing software requires elevated privileges, and comes down to a judgement call on the part of the user.
Where Linux security differs is in the nature of the software installed. The majority of software on Linux, virtually all the software that the typical end-user will use, is open-source software.
Open source is a different world. You won’t see open-source malware-infected spyware. Open source software sells itself its merits to the user, rather than by being a gatekeeper to what the user wants to do, like play a movie, a game or edit a photo.
The motivation behind open source is to make something useful, build a community around it, and then profit from the market generated by that community, rather than put a cover charge on the party.
This is the antithesis of spyware/malware/adware, which tries to pose itself to the potential user as a solution, and then feed off of the user as a parasite. This parasite cannot survive when exposed and publicized. Parasites don’t get invited to the party, and they get found out and kicked out pretty quick.
Its been argued that Linux security is only due to the fact that there isn’t enough Linux marketshare to make attacking it worthwhile. I disagree, I think the open source model scales. Even if Linux and Windows marketshare were equal, I would argue that malware would be virutally non-existent on Linux. Open source communities that meet the popular needs of users would be even more motivated to do so, as the communities around them would be more profitable. They would receieve even more corporate sponsorship, and distribution to end users, audited and certified by the distros, would have more choices.
It is probably a good idea to have the OS install software in a semi-restricted environment, or provide different levels of security, but I don’t know of *any* popular distribution that does this. But no OS will ever be able to make the final security judgement call for the user, unless the computer is reduced to the restricted environment of a game console.




source:
*cmars.wordpress.com/2007/02/14/why-is-linux-more-secure-than-vista/#comment-103
Open Source rules!

 

[gxsaurav]

So, for open source we have to assume that the guy coding is a nice guy & not a hacker & he is giving his code for free without any benifits from him & all for charity.

freebird, you should be hired by linux companies for best marketing methodology by spreading FUD. . Are yaar we know all this Unix thing...kuch naya bol. Vista has fixed the security learning things fron the past, why don't u accept that.

Microsoft - Damned if they do, Damned if they don't.

 

[iMav]

it is a matter of self pride and an elevation to an individuals rather insecure state of mind by saying that i use mac or linux ... coz windows being so widely used ppl feel its below their dignity to use it and those using it are considered to b fools for some absurd reason

 

[freebird]

^^ ur avatar says.I also believes the same.I cant buy Vista or for that matter any windows.so that means the only other way(if not gifted) is to Pirate for most average ppl.

Yes.dont feel that there wont be jobs for software professionals when M$ lost its monopoly.You can make money from FOSS.the options as of now are growing.
We,The Open SOurce users are way better in keeping away from piracy unlike many of our forum users themself.have some respect even though i know u hate the growth of Open SOurce atleast we r not pirating ur windows os.

Why do i post the virutes of Open source here?do u know what is FUD,patent warfare and other things this huge monopoly does to Linux and FOSS.if u r not taking sides.U'll understand.this is not insecurity-it is a war against MSFT to save Open SOurce.
if u regularly read linux.slashdot.org or some other sites,u'll understand what is monopoly M$ doing for us.
BTW:
I dont even want vista or mac even if anyone give it FREE. can use it as a kitchen TV