$10,000 Mac hack affects Windows too

Status
Not open for further replies.

shantanu

Technomancer
@freebird: we are not fighting wars here, then it is not our windows and your linux.. Dont own it.. use it.. and who are you to save open source and we to save windows.. just think before you post..
 

aryayush

Aspiring Novelist
freebird said:
BTW:
I dont even want vista or mac even if anyone give it FREE.:)) can use it as a kitchen TV
Yeah, no one is going to give them to you for free, so you don't have to worry about that. Buy a separate kitchen TV.
 
OP
nepcker

nepcker

Proud Mac Pro Owner
1) Yup, we don't know the reason why. Maybe file & print sharing was disabled cos if it was enabled then it sure would have been possible or something like that. Just assuming cos i was not there
No, file-sharing and print sharing was not disabled. The security of macs were actually lowered. The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.

2) They changed the rule cos no one there was able to hack.
That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.

4) For your kind info, Quicktime plugin is loaded in Safari or all browsers in Mac automatically.
I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source)

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.

6) If u disable Quicktime plugin Safari then it will have 0 Multimedia capabilities in it.
Even if I disable QuickTime, Flash will always be there, and sites like YouTube, Google Videos, etc. use Flash. I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.

But I don't think that I will ever disable Quick Time.
 

iMav

The Devil's Advocate
dude y dont u understand for a fact that like the mac if u disable all the things u are saying the windows is also as secure in that case ...
 

Zeeshan Quireshi

C# Be Sharp !
mAV3 said:
it is a matter of self pride and an elevation to an individuals rather insecure state of mind by saying that i use mac or linux ... coz windows being so widely used ppl feel its below their dignity to use it and those using it are considered to b fools for some absurd reason

great point dude :D :D :D

freebird said:
I dont even want vista or mac even if anyone give it FREE.:)) can use it as a kitchen TV

seems like the poor guy never played ny good games :)

aryayush said:
Yeah, no one is going to give them to you for free, so you don't have to worry about that. Buy a separate kitchen TV.

i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible , there's no way he can use such a TV , sheesh ;)
 

gxsaurav

You gave been GXified
No, file-sharing and print sharing was not disabled. The security of macs were actually lowered.
I mentioned that I have no proof that it was enabled or disabled. Do you have a proof that it was not disabled? Plz provide source.

The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.
:rolleyes: How what to say. If I know your IP address & got a backdoor in Mac obviously I can start a remote desktop session.

That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.
Isn't this how most of the Computers get hacked, like Windows. They get a mail with some malicious link which on clicking gives problems. So this is close to a real world sceneario.

Now if you think that in Windows just opening up a website will hack your computer without clicking on any link....then u r.....<censored> :D

the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language
Yup, bug in Apple Quicktime Media Player. How different it is then some bug in WMP with JAVA? I mean the player is flawed in both cases, so this doesn't makes the Mac automatically secure. You have it disabled, WIndows doesn't even comes with JAVA Runtime by default then considering that Windows is more secure with this flaw compared to Mac. There are many Mac users who have in enabled by default.

I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.
No U cannot, Mac uses Quicktime engine to play mp3, midi or whatever embeded in Webpage not just Flash. You cannot experience lot, yes.

mav3 said:
dude y dont u understand for a fact that like the mac if u disable all the things u are saying the windows is also as secure in that case ...
:D R U kidding me, how can he understand this. He browses the internet without a browser. He works on Mac pro without running any application.

Zeeshan said:
i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible , there's no way he can use such a TV , sheesh
Lolz....tooo good chote nawab
 
Last edited:

shantanu

Technomancer
nepcker said:
No, file-sharing and print sharing was not disabled. The security of macs were actually lowered. The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.

That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.

I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source)

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.

Even if I disable QuickTime, Flash will always be there, and sites like YouTube, Google Videos, etc. use Flash. I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.

But I don't think that I will ever disable Quick Time.

what do you know about hacking, methods and techniques, what scripts or port access is used.. what are the perfect ways..

if you did some research , then clear this also that when last time to tried to break something..

and just saying remotely and all cant make sense that you are even understanding the point and technique which the hacker used...
 

eddie

El mooooo
nepcker said:
I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source)

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.
Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.
 

aryayush

Aspiring Novelist
eddie said:
Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.
AFAIK, and I might be wrong on this one, that hack is only for JAVA, not for JavaScript, which is completely different from JAVA.
 

gxsaurav

You gave been GXified
Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.

Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there.
 

iMav

The Devil's Advocate
hey nepcker and other mac fanboys this from mac world link posted in other thread on the same topic:

Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division—and took a lot of Mac users by surprise.

But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.

“Literally any piece of code is going to have vulnerabilities and the Mac is no exception,” said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.

Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. “Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them,” he said.

Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.

“If a hacker turned their attention to the Mac, it would suffer just as much as Windows,” Wagner said. “Attacking the 95 percent of the market gets them more attention.”

According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.

aryayush said:
Care to elaborate? What am I wrong about? That the hack is only for JAVA or that JavaScript is not the same as JAVA?
he means the hack extends to java script
 

aryayush

Aspiring Novelist
The article you posted has already been posted, most probably in this topic itself (or in the "myth crushed" topic).
 

iMav

The Devil's Advocate
no wonder after reading it fellow members decided to tone their attitude down a little in the thread .. o! well its straight from the horse's mouth as u once said arya ... mac world the mac experts ... until offcourse u claim that MS bought them as well
 

Zeeshan Quireshi

C# Be Sharp !
well as far as i know JAVA n javascript r ENTIRELY different things .

java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .
 
OP
nepcker

nepcker

Proud Mac Pro Owner
I have iTunes running all the time. Safari is open when I'm browsing the net, and at other times, I'm using Photoshop, Final Cut Pro, Aperture, Keynote, or some other applications like games, etc.

You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.

There's absolutely nothing to do with JavaScript. Java and Javascript are two different things. The hack will only work if you have Java enabled. Whether JavaScript is enabled or not is not the matter of concern.

As I said before, disabling Java shouldn't be a problem, since very few sites today use Java. I only enable Java when I have to play certain online multiplayer games.

If I had to disable JavaScript, then it would have been a problem. Disabling it is almost like being disconnected from the internet.
 

mediator

Technomancer
nepcker said:
You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.
U seem to be an expert on hacking. Can u give step by step instructions on how to hack windows....i.e XP with latest updates? Also, I want to hack Microsoft site u know!
 
Status
Not open for further replies.
Top Bottom