Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

"Currently, every copy of OS X out there now is vulnerable to this,"

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
leeroysphitz Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 06:59 AM
Original message
"Currently, every copy of OS X out there now is vulnerable to this,"
Myth crushed as hacker shows Mac break-in

By Nancy Gohring, IDG News Service
April 20, 2007

A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver.

In winning the contest, he exposed a hole in Safari, Apple's browser. "Currently, every copy of OS X out there now is vulnerable to this," said Sean Comeau, one of the organizers of CanSecWest.

The conference organizers decided to offer the contest in part to draw attention to possible security shortcomings in Macs. "You see a lot of people running OS X saying it's so secure, and frankly, Microsoft is putting more work into security than Apple has," said Dragos Ruiu, the principal organizer of security conferences including CanSecWest

Some attendees didn't think it was a coincidence that on late Thursday Apple released a patch for 25 vulnerabilities in OS X.
Macs haven't been targets for hackers and malicious code writers nearly to the degree that Windows machines have historically. That's in part because there are fewer Macs in use, thus making the potential impact of malicious code smaller than on the more widely used PCs.

Also, Apple is "extremely litigious when people do find stuff," noted Theo de Raadt, OpenBSD project leader and an attendee at the conference. He suspects that will backfire on Apple, which could begin to "look evil" if hackers begin to publish potentially threatening letters from the company.



http://www.infoworld.com/article/07/04/20/HNmachackedatconference_1.html


Just thought I'd come out and see if I couldn't stir up a little shit in the Lounge this morning... :) :evilgrin:
Printer Friendly | Permalink |  | Top
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:02 AM
Response to Original message
1. .
Just thought I'd come out and see if I couldn't stir up a little shit in the Lounge this morning...
:rofl:

OpenBSD - why won't people download that instead of paying a big company $150? (oops, I just did the same thing... :rofl: )
Printer Friendly | Permalink |  | Top
 
leeroysphitz Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:08 AM
Response to Reply #1
4. Yeah I just read your Vista post but at that price point I can't
blame you for giving into your curiosity.
Printer Friendly | Permalink |  | Top
 
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:10 AM
Response to Reply #4
6. I rather need to know it anyway; I'm a tech by trade...
My next step is file servers. They are partly relevant right now and I'd rather be able to do the work without bothering the server admins 50 times a day. (I'll have to convince "management" that it'd help productivity too. Wish me luck...)
Printer Friendly | Permalink |  | Top
 
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:13 AM
Response to Reply #4
7. Especially as the full version, clearance, is $160 less than retail...
(I'd mentioned the upgrade cost in the other thread...)

The CompUSA went overboard buying Vista copies and couldn't send them back to Microsoft. As a result, 40% clearance price. :party:

Fine by me; with everything else in the market coming out with new features for less money, it's high time Microsoft's products followed suit rather than being the other way round. Especially given all the jobs they offshore (the stilted English can be read in a few status/query windows too, yuck... Microsoft claims Americans are dumb as a reason to offshore, yet Vista's own issues (and some of those clever workarounds due to their own myopia one can find anywhere on the internet rather prove Microsoft is lying.)
Printer Friendly | Permalink |  | Top
 
leeroysphitz Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:17 AM
Response to Reply #7
8. The Comp USA near my house is, sadly, going out of business
and having a huge sale. I may have to go down there and pick through the chaos for a deal or two...
Printer Friendly | Permalink |  | Top
 
MilesColtrane Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:04 AM
Response to Original message
2. Interesting. No one could hack into the Macs, so they changed the rules.
"Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail."

Fortunately, I don't click on every URL that somebody emails me.
Printer Friendly | Permalink |  | Top
 
leeroysphitz Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:06 AM
Response to Reply #2
3. "I don't click on every URL that somebody emails me"
I do but then I'm bulletproof...
Printer Friendly | Permalink |  | Top
 
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:08 AM
Response to Reply #2
5. The rules are using a computer the way people normally do.
Just having the OS sit there with no open apps is kinda... a big-ass waste of energy.

Good to know OpenBSD/OS X is so bulletproof. Trouble is, it wastes more energy for sitting there and doing nothing. That's not realistic.
Printer Friendly | Permalink |  | Top
 
MilesColtrane Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:34 AM
Response to Reply #5
9. Realistically, I've had no anti-virus software on my computer since installing..
Edited on Sat Apr-21-07 07:36 AM by MilesColtrane
OS X.

My computer does everything I ask of it and it's never been infected.

Whether that's due to brilliant engineering, or disinterested hackers doesn't matter to me. It just works.
Printer Friendly | Permalink |  | Top
 
leeroysphitz Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 10:03 AM
Response to Reply #9
11. I feel exactly as you do...
only I'm using a P.C.
Printer Friendly | Permalink |  | Top
 
eyesroll Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 07:35 AM
Response to Original message
10. If he found a hole in Safari, wouldn't that mean every copy OSX on a computer running Safari
would be vulnerable? I use Firefox.

:shrug:
Printer Friendly | Permalink |  | Top
 
Omphaloskepsis Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 10:34 AM
Response to Reply #10
12. You actually have to visit a malicious webpage in Safari to be affected.
Right now it is just a proof of concept. Nothing bad has been written using this exploit(as of now).

I'm not worried. I use Firefox.
Printer Friendly | Permalink |  | Top
 
nini Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 10:52 AM
Response to Original message
13. I'm sure all operating systems have some security issues..
Edited on Sat Apr-21-07 10:57 AM by nini
the hackers concentrate on Windows systems because they're the most popular - I do agree however Microsoft has made sloppy mistakes though.

I'm convinced many of the viruses out there are created by anti-virus software companies.. what better way to insure the need for your product. :evilgrin:
Printer Friendly | Permalink |  | Top
 
huskerlaw Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 01:19 PM
Response to Original message
14. Who the hell uses Safari??
...if there's a security hole in a browser that nobody uses, does anybody really care?

:shrug:
Printer Friendly | Permalink |  | Top
 
Omphaloskepsis Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Apr-21-07 01:27 PM
Response to Reply #14
15. Well, I used Safari to download Firefox.
The question is this, is this a KHTML problem or a Safari problem?
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Sat May 04th 2024, 11:24 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC