03-27-2008, 11:21 PM

http://crave.cnet.com/8301-1_105-9905095-1.html

Hackers were able to gain access to a Macbook Air in 2 minutes by exploiting a Safari weakness and getting a user to connect with a malicious site. Luckily it was part of a competition where the actual method is only disclosed to Apple. But what's worse; the fact that a Mac was hacked, or that Vista couldn't not be?

03-27-2008, 11:35 PM

Yeeiiiks!!! That is really scary! And I thought that my Mac was safe from things like that.

Seriously, it makes the news when a Mac gets hacked into because it is such a rare occurrence. Windows computers get hacked every day and the media doesn't pay any attention because it happens all the time.

I still think that Macs are the more secure systems.

03-27-2008, 11:43 PM

Quote:

Originally Posted by fleurya

But what's worse; the fact that a Mac was hacked, or that Vista couldn't not be?

Again, same as last year's fiasco of fallacies.... nothing was "hacked".

Quote:

Originally Posted by article

No one was able to execute code on any of the systems on Wednesday, the first day of the contest, when hacks were limited to over-the-network techniques on the operating systems themselves. But on the second day, the rules changed to allow attacks delivered by tricking someone to visit a maliciously crafted Web site, or open an e-mail.

That isn't hacking, that is social engineering. Take note, that no person was able to actually 'hack' into the Mac until the rules were changed. Just like last year. They couldn't touch the Mac until the rules were changed and severely improbable situations were allowed to take place.

This story is nothing more than sensationalism. Use buzzwords like "hack" and a new product release with as much pomp and fanfare as the MacBook Air... and, well... you get the picture. It's just fodder for fanboyz.

03-27-2008, 11:49 PM

The rules were tweaked, but opening a website isn't anything extraordinary. Many hacks are perpetuated by people getting lured into connecting with a malicious site or opening a malicious email. If that's all that's required to let someone into my computer, it does make me sit up and pay a little attention.

03-28-2008, 03:19 AM

I hope they shut this stuff down quick. Safari has become my browser of use.

03-28-2008, 06:54 AM

Quote:

Originally Posted by D3v1L80Y

Take note, that no person was able to actually 'hack' into the Mac until the rules were changed. Just like last year. They couldn't touch the Mac until the rules were changed and severely improbable situations were allowed to take place.

Unfortunately this is something Windoze users really like to just overlook when they see news like this (and it p****s me off) and then have a bash at our choice of computer/OS.

Notice that the article says that the judges were tricked into visiting this website with the attack code, but I guess that was what you meant with this not being hacking, but social engineering.

03-28-2008, 08:36 AM

Before the exploit could be executed, did OS X ask for a password?

03-28-2008, 08:43 AM

OSX is not the weakness. It's Safari/Webkit that failed. Since Apple followed Microsoft and made a rendering engine part of the OS, it looks like OSX as a whole is vulnerable.

PS:
http://www.mac-forums.com/forums/sho...ostcount623629

03-28-2008, 09:43 AM

i think it is funny how the windows and the ubantu hardware isnt mentioned but the fact it is a mba came up several times

03-28-2008, 09:59 AM

Quote:

Originally Posted by andersmj

Notice that the article says that the judges were tricked into visiting this website with the attack code

They weren't even tricked. They were told to go to the website. There was no trickery involved here.

Quote:

Originally Posted by jram

Before the exploit could be executed, did OS X ask for a password?

The use of Antivirus is recommended

03-28-2008, 11:30 AM

Quote:

Originally Posted by D3v1L80Y

Again, same as last year's fiasco of fallacies.... nothing was "hacked".

That isn't hacking, that is social engineering. Take note, that no person was able to actually 'hack' into the Mac until the rules were changed. Just like last year. They couldn't touch the Mac until the rules were changed and severely improbable situations were allowed to take place.

This story is nothing more than sensationalism. Use buzzwords like "hack" and a new product release with as much pomp and fanfare as the MacBook Air... and, well... you get the picture. It's just fodder for fanboyz.

Well he owns a new laptop either way. When he can take full control of the system that's not good, no matter how he did it. Visiting a malicious website is something that can happen to a lot of people. Mac users (my self included) can be a little cocky, and we just got B%$#$ slapped, learn to live with it .

Joe

03-28-2008, 12:31 PM

Quote:

Originally Posted by gunnerjoe

Mac users (my self included) can be a little cocky, and we just got B%$#$ slapped, learn to live with it .

Quote:

Originally Posted by MacGal

Yeeiiiks!!! That is really scary! And I thought that my Mac was safe from things like that.

Being b%$#$ slapped is more likely if the person is relatively new to Macintosh after switching from Windows.

Those who have used Macs for years — some approaching decades and who might have never used Windows — are not among the Windows shell-shocked. They are not b%$#$ slapped and they don't live with it.

This stunt is as old as the Mac platform. Even pre-OS X, when "exploits" were reported and real viruses were possible and a new one was discovered, the trumpets would blare, the flags would unfurl and fingers would point as the doze crowd crowed, despite 100,000 viruses for doze vs. 52 or 84 or whatever the final tally is for pre-OS X.

And pre-X, when an exploit was reported, came the same result with the same aftermath — the exploit was contrived when it wasn't fiction. And there's nothing like a well-publicized event complete with prizes to make the doze crowd crane their necks and rub their hands together in anticipation of watching the walls of Jericho tumble down.

It never happens. This stunt was as contrived as last year's stage-managed farce. This year's was a lesson in social engineering. Next year's, if it happens, probably will be a lesson in hacking with a hammer and chisel.

It's an annual affair because if it was held any more often, even the crickets would be silent. It takes a year to work out another attack — after the defences have been lowered before the press sees something else shiny and/or heads for the bar.

I'm going back to sleep.

03-28-2008, 02:07 PM

So what if 'hacked' is the wrong term. A machine should not be compromised just by visiting a webpage. That's just ridiculous. Apple deserves all the trumpet blaring and attention.

03-28-2008, 02:17 PM

Either some people are just ignorant to the facts, or plain blind. Regardless how the hack was pitched it still worked. Yeah so, it was crafted as a social engineered attempted. The results and the out come was the same. We all know Windows is vulnerable, what's the joy in reporting old news, and who really cares anymore... It's not new. Apple exploits on another had are more exciting because it's die hard users act like it's impenetrable. Please... Reality check... Even if the OS is secure, the applications running on it could have a vulnerabilities to allow escalated assess.

Now I credit Apple. They are pretty fast in fixing these holes when they get wind of them. So while todays hackers show off at security conferences, it allows Apple to fix them and closing the doors for leveraged malicious use.

Also I read Apple has risen in market share... What is it now? Anyone? I think I read today it's just over 15% from about 8% last year. Yeah... Give it a few more years. Change is coming... Just understand while there's really nothing to do today, tomorrow might be different.


"Know the enemy and know yourself; in a hundred battles you will never be in peril. When you are ignorant of the enemy, but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and yourself, you are certain in every battle to be in peril." - Sun Tzu ("Art of War")

03-28-2008, 03:01 PM

Can someone explain to me how visiting a website constitutes being "tricked" or "lured"?

Nothing I've seen yet suggests it was "social engineering", if that term means tricking the user into doing something stupid or unusual. Visit a website, get infected, pwned, hacked, whatever.

IOW, a drive-by.