$10,000 Mac hack affects Windows too
- Status
OP
nepcker
Proud Mac Pro Owner
No, file-sharing and print sharing was not disabled. The security of macs were actually lowered. The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.
That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.
I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source)
So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.
Even if I disable QuickTime, Flash will always be there, and sites like YouTube, Google Videos, etc. use Flash. I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.
But I don't think that I will ever disable Quick Time.
Zeeshan Quireshi
C# Be Sharp !
mAV3 said:
great point dude
freebird said:I dont even want vista or mac even if anyone give it FREE.can use it as a kitchen TV
seems like the poor guy never played ny good games
aryayush said:
i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible , there's no way he can use such a TV , sheesh
gxsaurav
You gave been GXified
I mentioned that I have no proof that it was enabled or disabled. Do you have a proof that it was not disabled? Plz provide source.
How what to say. If I know your IP address & got a backdoor in Mac obviously I can start a remote desktop session.Isn't this how most of the Computers get hacked, like Windows. They get a mail with some malicious link which on clicking gives problems. So this is close to a real world sceneario.
Now if you think that in Windows just opening up a website will hack your computer without clicking on any link....then u r.....<censored>
Yup, bug in Apple Quicktime Media Player. How different it is then some bug in WMP with JAVA? I mean the player is flawed in both cases, so this doesn't makes the Mac automatically secure. You have it disabled, WIndows doesn't even comes with JAVA Runtime by default then considering that Windows is more secure with this flaw compared to Mac. There are many Mac users who have in enabled by default.
No U cannot, Mac uses Quicktime engine to play mp3, midi or whatever embeded in Webpage not just Flash. You cannot experience lot, yes.
mav3 said:
R U kidding me, how can he understand this. He browses the internet without a browser. He works on Mac pro without running any application.Lolz....tooo good chote nawabZeeshan said:
Last edited:
shantanu
Technomancer
nepcker said:
what do you know about hacking, methods and techniques, what scripts or port access is used.. what are the perfect ways..
if you did some research , then clear this also that when last time to tried to break something..
and just saying remotely and all cant make sense that you are even understanding the point and technique which the hacker used...
eddie
El mooooo
Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.nepcker said:
infra_red_dude
Wire muncher!
^^^ valid point eddie. disabling javascript will surely impair website compatibility.
gxsaurav
You gave been GXified
Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.
Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there.
Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there.
iMav
The Devil's Advocate
hey nepcker and other mac fanboys this from mac world link posted in other thread on the same topic:
Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division—and took a lot of Mac users by surprise.
But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.
“Literally any piece of code is going to have vulnerabilities and the Mac is no exception,” said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.
Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. “Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them,” he said.
Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.
“If a hacker turned their attention to the Mac, it would suffer just as much as Windows,” Wagner said. “Attacking the 95 percent of the market gets them more attention.”
According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.
Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division—and took a lot of Mac users by surprise.
But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.
“Literally any piece of code is going to have vulnerabilities and the Mac is no exception,” said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.
Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. “Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them,” he said.
Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.
“If a hacker turned their attention to the Mac, it would suffer just as much as Windows,” Wagner said. “Attacking the 95 percent of the market gets them more attention.”
According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.
he means the hack extends to java scriptaryayush said:
Zeeshan Quireshi
C# Be Sharp !
well as far as i know JAVA n javascript r ENTIRELY different things .
java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .
java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .
OP
nepcker
Proud Mac Pro Owner
I have iTunes running all the time. Safari is open when I'm browsing the net, and at other times, I'm using Photoshop, Final Cut Pro, Aperture, Keynote, or some other applications like games, etc.
You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.
There's absolutely nothing to do with JavaScript. Java and Javascript are two different things. The hack will only work if you have Java enabled. Whether JavaScript is enabled or not is not the matter of concern.
As I said before, disabling Java shouldn't be a problem, since very few sites today use Java. I only enable Java when I have to play certain online multiplayer games.
If I had to disable JavaScript, then it would have been a problem. Disabling it is almost like being disconnected from the internet.
You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.
There's absolutely nothing to do with JavaScript. Java and Javascript are two different things. The hack will only work if you have Java enabled. Whether JavaScript is enabled or not is not the matter of concern.
As I said before, disabling Java shouldn't be a problem, since very few sites today use Java. I only enable Java when I have to play certain online multiplayer games.
If I had to disable JavaScript, then it would have been a problem. Disabling it is almost like being disconnected from the internet.
- Status