Air Hacked.....

[Cybergypsy]

A MacBook Air running an up to date installation of Mac OS 10.5 Leopard was the first laptop to fall in last week's CanSecWest PWN2OWN contest, casting the spotlight once again on the Mac's security.

The contest pitted a MacBook Air against a Vista laptop and a Ubuntu Linux laptop, all fully patched. While all 3 laptops did not fall the first day which only allowed attacks against the base OS for a prize of $20,000 (+laptop), the MacBook Air reportedly took only 2 minutes to fall on day 2 when conference rules were relaxed to include all OS-bundled software for a prize of $10,000 (+ laptop).

While details of the exploit are under non-disclosure while Apple works on the issue, the attack was levied against Safari, after the user was directed to a specially crafted website (as allowed by the rules). The exploit has been reported to be an overflow bug in Webkit.

The remaining two laptops survived the rest of the second day, but the Vista laptop fell the following day when Adobe Flash player was installed as the rules were further relaxed to allow for attack of popular 3rd party applications. The Linux laptop was not exploited.

While Apple is aware of and working on the vulnerability, a recent study has claimed that Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.

The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.

[XSRCivic]

[atruhondagrl]

But Sandy, we maccers are screwed as macs become more popular. Computer deviants will soon enough be attempting to hack into our machines.

[Cybergypsy]

LOL steve will defend them........LOL

[atruhondagrl]

He better. I've got two and hopefully wil have the third this fall.

[Firestrife]

I think all that Mac gloating has finally caught up.
But nothing is impervious except for Linux.. but then again who cares bout linux. haha.

[duk]

Just throwin' this out there: but apparently the Mac guys had a bit of an advantage because the guys workin on Vista did all their practice on a machine without SP1, and had found an exploit, but then they ended up working with a machine using SP1, which had fixed the exploit they found.

[Toxis]

So does this mean you're jumping off the Mac bandwagon? Gonna go blow more money on another computer?

[Cybergypsy]

Quote:

Originally Posted by Toxis

So does this mean you're jumping off the Mac bandwagon? Gonna go blow more money on another computer?

nope happy with my air..........

[firmhonda]

Quote:

Originally Posted by atruhondagrl

But Sandy, we maccers are screwed as macs become more popular. Computer deviants will soon enough be attempting to hack into our machines.

Yes ma'am, and this is where things will go very wrong. It seems that mac owners falsely believe that macs are more secure than pc's, which is quite the opposite of the case. The reasons why pc's get attacked more is because they're more popular. I mean, why write a script that will attack 5 machines when you can write a script that will attack 200 machines? If macs ever get as popular as pc's then I feel very bad for mac owners, simply because of the fact that they haven't taken a fraction of the security precautions as windows, and the fact that mac os.X (variable) is based on a free operating system that anyone can download at any point in time, which is also one that a majority of "hackers" use.

I would say that this is where people will start to realize that all those windows safety efforts are warranted and should be welcomed.

The thing that I find interesting about this is the fact that it was Safari that was compromised. Is Apple never going to learn? Safari has been a MAJOR security issue with the iPhone and several other mac machines, and yet they don't care enough to simply revamp the program. I can't believe that they feel comfortable charging so much for a product knowing full well that they aren't doing what they need to do to keep their customers safe.

[darkrom]

Quote:

Originally Posted by Firestrife

I think all that Mac gloating has finally caught up.
But nothing is impervious except for Linux.. but then again who cares bout linux. haha.

Everything you just said makes me want to hit babies with another baby as a baseball bat

I don't even care to explain but congrats on driving me up a wall

You are right about the Mac gloating though. Besides who cares if you "cant get viruses" on a machine that has no applications other than pretty graphic design and creative arts software?

[firmhonda]

Quote:

Originally Posted by darkrom

You are right about the Mac gloating though. Besides who cares if you "cant get viruses" on a machine that has no applications other than pretty graphic design and creative arts software?

That's what drives me crazy.. My father is a huge mac fan and he uses this argument all the time, and every single time I try to tell him that it's not that macs can't get viruses, it's that no one cares to write a virus for macs because of how few computers it would actually affect.

Mac hasn't even begun to take a fraction of the security measures that Microsoft has taken to defend against viruses. Macs OS is a linux/unix based operating system so there are constantly people learning how to exploit non-updated systems (like mac), simply because it's the first thing you learn when you learn how to exploit servers because a majority of web servers are linux based.

Microsoft has hundreds of people working around the clock to try and keep up to date with guarding against these kinds of attacks, and last I checked the only time mac even paid attention to these things was when they started working on the next operating system.

Don't get me wrong, there is nothing better than a mac for graphic arts and video editing, but I hate hearing people claim that they're so superior when it simply isn't true.

[Cybergypsy]

it all in a opinion.......... I posted but lets not start a war as some of the other threads

[Firestrife]

Quote:

Originally Posted by darkrom

Everything you just said makes me want to hit babies with another baby as a baseball bat

I don't even care to explain but congrats on driving me up a wall

You are right about the Mac gloating though. Besides who cares if you "cant get viruses" on a machine that has no applications other than pretty graphic design and creative arts software?

lol i was joking about the linux part man, I use ubuntu here and there.

[firmhonda]

Quote:

Originally Posted by Cybergypsy

it all in a opinion.......... I posted but lets not start a war as some of the other threads

I apologize, it wasn't my intent to start a war. It just bothers me when people have been misinformed... Well, that and I have a tendency to rant, lol.

I offer a of peace.

[Cybergypsy]

Quote:

Originally Posted by firmhonda

I apologize, it wasn't my intent to start a war. It just bothers me when people have been misinformed... Well, that and I have a tendency to rant, lol.

I offer a of peace.

LOL you know how these flame :)

[shadedream]

What I found... amusing and slightly deceptive of the whole thing was the fact that the guy that did it was one of the guys working on the iPhone jailbreak projects (one of which uses an exploit in mobilesafari). Basically this means the guy already had very intimate knowledge of any bugs and exploits available in the webkit and safari code making it a quick hack and free money for him.

I mean hell, if you had the choice of hacking three computers to receive money and the computer for free, wouldn't you go for the sexiest one on the planet regardless of whether or not you like Macs?

[darkrom]

Quote:

Originally Posted by Firestrife

lol i was joking about the linux part man, I use ubuntu here and there.

Its okay I wasn't actually mad. I am probably the most touchy person in the world when it comes to macs. I hate apple with all my heart and soul. I will admit they are glorious at anything art or Audio/VIDEO related but that is ALL.


Besides that let me say this. I swear by the ipod brand. I have owned over 20 ipods now (I used to repair them while in high school and make a killing by either charging to repair or buying broken ones to fix and resell). I can tell you this, they make the best mp3 player IMO. But then again....thats an audio/video thing like I said. I also own a 4gig iphone and I love it because I use it for everything but music. It is jailbroken and the only reason I got that was because of all the fun I knew I would have hacking it. I am actually already running the 2.0 firmware that everyone has to wait until june to try (nothing fun to do with it yet anyway)

So my final thoughts on Apple are as followed. They make some good entertainment technology, but as far as I am concerned they don't even make computers.

[Cybergypsy]

Quote:

Originally Posted by darkrom

Its okay I wasn't actually mad. I am probably the most touchy person in the world when it comes to macs. I hate apple with all my heart and soul. I will admit they are glorious at anything art or Audio/VIDEO related but that is ALL.


Besides that let me say this. I swear by the ipod brand. I have owned over 20 ipods now (I used to repair them while in high school and make a killing by either charging to repair or buying broken ones to fix and resell). I can tell you this, they make the best mp3 player IMO. But then again....thats an audio/video thing like I said. I also own a 4gig iphone and I love it because I use it for everything but music. It is jailbroken and the only reason I got that was because of all the fun I knew I would have hacking it. I am actually already running the 2.0 firmware that everyone has to wait until june to try (nothing fun to do with it yet anyway)

So my final thoughts on Apple are as followed. They make some good entertainment technology, but as far as I am concerned they don't even make computers.

I love Apple even more................................

[FijiDeez]

Worth the click:

One thing PC users can do that Mac users can't...