New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

Has The Mac Been Hacked......


Thread Closed

 
Thread Tools
MaDDoG

 
MaDDoG's Avatar
 
Member Since: Jan 01, 2007
Location: Oz.....near the Wizards home
Posts: 1,918
MaDDoG is just really niceMaDDoG is just really niceMaDDoG is just really niceMaDDoG is just really nice
Mac Specs: iMac 24' 7 Snow Leopard + Parallels and Win 7 | 30 Gb iPod | Canon EOS 400D

MaDDoG is offline
Got this out of this morning paper......

Has the Mac been hacked?
May 02, 2007 02:00am

Conference offered $12,000 to successful hacker
Hacker only succeeded when Safari web-browser enabled
Flaw linked to QuickTime software

HAS the Mac finally been hacked? Yes and no, depending on how you look at it.

A computer security conference in Vancouver recently uncovered a flaw that saw a hacker gain control of a MacBook Pro.

The security hole was discovered by New York security researcher Dino Dai Zovi, participating in a hacking challenge at the CanSecWest Applied Security Conference.

A MacBook Pro and $US10,000 ($12,000) were up for grabs for anyone who could take over the MacBook Pro via a wireless connection.

Participants failed to hack the Mac on the first day, when it had no applications running.

So organisers relaxed the rules and allowed them to attempt to exploit any security flaws they could find in Apple's Safari web browser.

Nine hours later one hacker succeeded, by emailing a link to a malicious website that enabled him to gain access to the MacBook Pro's administrator account and hence control the Mac.

While it was initially reported as a Mac flaw, it turned out to be a bug in Apple's QuickTime software that affects any web browser, Mac or Windows, that has Java enabled.

The simple solution is to disable Java on one's browser, but a more permanent QuickTime patch from Apple should be forthcoming.

The hack created headlines because of the Mac's unblemished security record and Apple's boasts of Mac OS X having no viruses.

But while finding a flaw is one thing, exploiting it is another.

The QuickTime vulnerability was just the latest in a line of "proofs of concept" of how a Mac might be taken over, not an actual real-world case.

It was limited to a particular Mac in a particular situation, and there was no danger of Mac virus spreading across the internet.

Mac OS X remains virtually impregnable because, by default, applications cannot be installed without authentication by the user.

The CanSecWest challenge followed the "Month of Apple Bugs" earlier this year that aimed to showcase a Mac flaw every day for a month, and several proof-of-concept trojan horses that have relied more on users' gullibility than actual Mac security weaknesses.

There also was an alleged MacBook wireless hack that turned out to be a vulnerability in a third-party wi-fi card.

So while Mac users are yet to face a serious security threat while surfing the internet, they should not be complacent.

In addition to its regular operating system updates, Apple routinely releases security patches for all aspects of the system software, which you can download at www.apple.com/support/downloads, or via your Software Update utility.

As if to confirm Mac users still don't have that much to worry about, the BBC reported last week that viruses and spyware were an ever-increasing problem for Windows users, but not Mac or Linux users.

Security firm Sophos had identified nearly 25,000 pieces of Windows malware circulating on the internet in the first quarter of 2007, up nearly 10,000 on the same time last year, and nearly 5000 infected web pages were identified each day.

However, non-Windows users remained immune.

"While malware is a growing problem for users of Windows operating systems, there is little evidence of the problem affecting users of Apple Macs running OS X or PCs installed with Linux," the BBC said.

Microsoft is hoping Windows Vista will be the answer to PC users' security woes, but already hackers are probing its defences.

"Life isn't about waiting for the storm to pass. It's about learning to dance in the rain."
MaDDoG's Photo Gallery - http://mcarfa.smugmug.com/
Thyamine

 
Thyamine's Avatar
 
Member Since: Apr 23, 2007
Location: Coatesville, PA
Posts: 377
Thyamine will become famous soon enough
Mac Specs: MBP 15", 2.33 GHz, 2Gb

Thyamine is offline
You're just making it all up. It's only May 1st, and you posted the article from May 2nd.

Wait.. what? What do you mean 'Austrailia'? ;-)
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,599
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
This is somewhat old news - and it's really more of a headline grabber than a legitimate concern. The hack only occurred when the rules were relaxed, the hacker was able to build a specialized web site dedicated to exploiting a particular vulnerability - and even then, he could only open the console as a user with normal (non-elevated) permissions.

We discussed this previously in this thread.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
steven11

 
steven11's Avatar
 
Member Since: Nov 04, 2006
Location: Louisville, KY
Posts: 709
steven11 has a spectacular aura about
Mac Specs: MacBook 2.4Ghz 4Gig Ram 250Gig HD

steven11 is offline
it took two guys 9 hours and thats after apple allowed them to basically send an invite to a bogus site they developed to hack. after the first day of the two day conference no one had even came close. So Apple gave them a huge helping hand. AND wa la the super hackers got the job done. Bravo! I'm not too terribly concerened and always remember to verify the url before you charge off to questionable sites and you should be a ok.
D3v1L80Y

 
D3v1L80Y's Avatar
 
Member Since: Feb 02, 2004
Location: PA
Posts: 12,459
D3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond reputeD3v1L80Y has a reputation beyond repute
Mac Specs: MacBook

D3v1L80Y is offline
Please continue any discussion in the original thread here:

Safari exploited

__________________________________________________
Posting and YOU|Forum Community Guidelines|The Apple Product Cycle|Forum Courtesy

mac: a waterproof raincoat made of rubberized fabric
MAC: a data communication protocol sub-layer, also known as the Media Access Control
Mac: a brand name which covers several lines of personal computers designed, developed, and marketed by Apple Inc.

Kar98

 
Kar98's Avatar
 
Member Since: Mar 17, 2006
Location: Texas
Posts: 312
Kar98 has a spectacular aura about
Mac Specs: Mac mini i5, 2.3Ghz dual core, 8 GB RAM, OSX 10.8.2

Kar98 is offline
Quote:
Originally Posted by Thyamine View Post
You're just making it all up. It's only May 1st, and you posted the article from May 2nd.
And nonetheless too late. Run software update, get QuickTime 7.1.6 and the "vulnerability" is fixed.

I has a signijer.

Thread Closed


« Leopard hardware requirements, does anyone know yet? | spoof mac adds »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Window users that are MAC WANNA BE'S! jdoverkill Switcher Hangout 47 10-12-2006 03:48 PM
Switcher Article in Today's Times studio34 Switcher Hangout 9 08-11-2006 04:10 PM
Upgrade/buy new/sell old Mac questions: Dennis.G Apple Desktops 3 08-07-2006 12:06 AM
It's called a Mac iSheep Schweb's Lounge 22 10-13-2004 06:35 PM

All times are GMT -4. The time now is 06:21 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?