- Joined
- Mar 11, 2004
- Messages
- 1,964
- Reaction score
- 174
- Points
- 63
LOL!
Common sense is all you can use because there are no virus definitions for any Mac anti-virus app.
-
This forum is for posting news stories or links from rumor sites. When you start a thread, please include a link to the site you're referencing.
THIS IS NOT A FORUM TO ASK "WHAT IF?" TYPE QUESTIONS.
THIS IS NOT A FORUM FOR ASKING QUESTIONS ABOUT HOW TO USE YOUR MAC OR SOFTWARE.
This is a NEWS and RUMORS forum as the name implies. If your thread is neither of those things, then please find the appropriate forum to ask your question.
If you don't have a link to a news story, do not post the thread here.
If you don't follow these rules, then your post may be deleted.
MBA hacked in 2 minutes while Vista and Ubuntu stand strong
- Thread starter fleurya
- Start date
- Joined
- Mar 11, 2004
- Messages
- 1,964
- Reaction score
- 174
- Points
- 63
That's the best story of the lot.
That's another reason I don't use Safari, other than it's lack of extensions.
OP
- Joined
- Nov 18, 2006
- Messages
- 4,934
- Reaction score
- 207
- Points
- 63
- Location
- Anytown, USA
- Your Mac's Specs
- 27" iMac 2.7GHz Core i5, iPhone 6, iPad Air 2, 4th gen Apple TV
Exactly! That's my only concern. I could care less about the fanfare behind it. I just don't want to be compromised by simply visiting a website. LAst year and this year are very different. LAst year they basically had to hand the hackers the keys. This year they didn't give them anything. They just had to go to a website; something we all do every day.
Anyway, I for one am glad they make a huge deal out of it. That just makes Apple more motivated to fix the problem, which makes things safer for me. I couldn't care less what the fanboys in either camp say or think.
- Joined
- Jun 15, 2006
- Messages
- 87
- Reaction score
- 3
- Points
- 8
Just wondering, how many of you here work in with IT security on a daily basis. By that I mean work with AV companies, US-Cert, or equivalent entities that deal with malicious code or network analysis on a global scale?
I would like to say everything I've read about this Mac exploit is legitimate, and is very consistent with how malicious code is introduced to systems. I had the opportunity to attend Dino Dai Zovi briefing at 2006 Black Hat Vegas. This was before he took the 10K from CanSecWest in 2007. These people are no joke, and the stuff they write deserves more respect than the pettily crap I'm reading in this forum. The hype your reading is the media making it out to be something glamours, which in it's own right is.
On to delivery: Malicious binaries can be delivered several ways. One method is to embedded it within a file (document, image, pdf, flash, etc..). Once the file is opened the binary is executed. The delivery can be something as simple as a download, file share, or an attachment in an email. The second and probably the most popular method consists of crafted malicious code that's called upon from web browsers. Usually via obfuscated IDS evading Javascript or iFrame exploitation methods, which is executed within the browsers cache or temp directories. Persistent code can and will run without use acknowledgment if it's written properly. If the developer can get it to run as the system/adm/root level the OS would likely never ask for a authentication to run - assuming it's a legit file. The malicious code probably was imbedded in Javascript or an iFrame, which was launched as soon as the OP visited the URL. In the real world people don't know what sites are malicious, but for the purpose of replicating the real "ignorant" world there must be some compromise during these kinds of demonstrations. The OP probably had to play ignorant, and pretend to stumble on a site that was infected only after being tipped. They probably knew this at the start. Most forensic and security analysts know this since it's a popular method of delivery and it happens everyday to thousands of people on PC's. So... Why would this be any different for Mac OS X? It wouldn't... As for AV, most the time AV stops these kinds attacks, but it important to know AV's are only as good as the signatures that's written for them.
-Jay
I would like to say everything I've read about this Mac exploit is legitimate, and is very consistent with how malicious code is introduced to systems. I had the opportunity to attend Dino Dai Zovi briefing at 2006 Black Hat Vegas. This was before he took the 10K from CanSecWest in 2007. These people are no joke, and the stuff they write deserves more respect than the pettily crap I'm reading in this forum. The hype your reading is the media making it out to be something glamours, which in it's own right is.
On to delivery: Malicious binaries can be delivered several ways. One method is to embedded it within a file (document, image, pdf, flash, etc..). Once the file is opened the binary is executed. The delivery can be something as simple as a download, file share, or an attachment in an email. The second and probably the most popular method consists of crafted malicious code that's called upon from web browsers. Usually via obfuscated IDS evading Javascript or iFrame exploitation methods, which is executed within the browsers cache or temp directories. Persistent code can and will run without use acknowledgment if it's written properly. If the developer can get it to run as the system/adm/root level the OS would likely never ask for a authentication to run - assuming it's a legit file. The malicious code probably was imbedded in Javascript or an iFrame, which was launched as soon as the OP visited the URL. In the real world people don't know what sites are malicious, but for the purpose of replicating the real "ignorant" world there must be some compromise during these kinds of demonstrations. The OP probably had to play ignorant, and pretend to stumble on a site that was infected only after being tipped. They probably knew this at the start. Most forensic and security analysts know this since it's a popular method of delivery and it happens everyday to thousands of people on PC's. So... Why would this be any different for Mac OS X? It wouldn't... As for AV, most the time AV stops these kinds attacks, but it important to know AV's are only as good as the signatures that's written for them.
-Jay
- Joined
- Feb 22, 2006
- Messages
- 39
- Reaction score
- 0
- Points
- 6
- Your Mac's Specs
- Intel mini early 2011 4GB
I agree with what you say, but wonder about this. The link posted above by eggo refers to last year, the page is dated April 2007.
Quote:
"Macaulay pwned the Mac by sending it an e-mail that directed a user to a malicious site. Upon visiting the site, the user—a CanSecWest organizer perched on the machine to protect it from physical assault—was infected with malware, without clicking on anything within the site."
What worries me most is that no one seems to know anything for sure. I have this queasy feeling that secrecy and obscurity are all we have.
Is the flaw in Safari, or somewhere else? Were they in a user account or admin? Many questions, no answers.
OP
- Joined
- Nov 18, 2006
- Messages
- 4,934
- Reaction score
- 207
- Points
- 63
- Location
- Anytown, USA
- Your Mac's Specs
- 27" iMac 2.7GHz Core i5, iPhone 6, iPad Air 2, 4th gen Apple TV
I think the most amazing thing from this whole event is not that Safari was exploited, but that Internet Explorer could not be! Microsoft must be doing something right lately, because I think easy exploitation was one of the main reason people stopped using IE. Eventually the only way hackers could gain control of Vista was after the rules were further relaxed to allow third party programs where an exploit through an Abode program was found.
- Joined
- Mar 11, 2004
- Messages
- 1,964
- Reaction score
- 174
- Points
- 63
So, the hole is fixed (Software Update). Was anyone affected by it? Who even remembers it?
Snore.
On Apple's site:
Snore.
On Apple's site:
The TippingPoint blog.
- Joined
- Aug 2, 2005
- Messages
- 1,229
- Reaction score
- 75
- Points
- 48
- Your Mac's Specs
- 2.6GHz Core i7 15" MacBook Pro - 8GB DDR3 SDRAM - 750GB 7200 RPM HDD - GeForce 650M GT 1GB VRAM
I only hope this means Apple releases an update for Safari soon. In addition to being the most RAM-hoggish browser possibly ever, Safari 3.1 for Leopard isn't even as secure as Internet Explorer. Wonderful, Apple.
- Joined
- Feb 22, 2006
- Messages
- 39
- Reaction score
- 0
- Points
- 6
- Your Mac's Specs
- Intel mini early 2011 4GB
My neighbor sometimes goes away and leaves a door to his house standing wide open. No one has entered yet, so does that mean he's safe?
- Joined
- Jan 27, 2007
- Messages
- 5,658
- Reaction score
- 159
- Points
- 63
- Location
- *Brisvegas*
- Your Mac's Specs
- 17 inch 2 GHz C2D imac (5,1) with 3GB DDR2 RAM, X1600 (128MB memory) GPU - OSX 10.6.3
Really to make a virus or something all you'd have to do is make look and install exactly the same as a popular game or program of the times. And make the file size the same. And people would gladly put in their admin password thinking it's an app installer. But when the thing is installed it goes to work eating your system. Not really the standard definition of a virus I think as it still requires user input for it to work. But that's one way of doing things.
- Joined
- Apr 7, 2008
- Messages
- 113
- Reaction score
- 4
- Points
- 18
- Your Mac's Specs
- Macbook Pro: 7200 RPM 250 HD, 2 gig Ram, 2.4 Gig processor... IPHONE 3g
I only read the first page but I'd have to say from what I read everyone is missing the point. It doesn't matter what kind of operating system, how it occured, whether it was hacking or social engineering technology always has loopholes, and it's the never ending job of a hacker either malicious or good to continue to hack anything they can.
Mac seems to be by far the most secure, but do we mac users really expect a company which is small, in comparison to millions of hackers who spend their lives doing these things to stay secure forever, without any attacks, or without changes being made to the mac os.
This isn't anything to blare or freak about. The contest as a whole sounds like a good thing. They now know what was exploited and can fix it, so that hackers can go and find more loopholes lol. It's a never ending cycle.
I'm appreciative that not all hackers are drawn to attacking mac, and usually go for windows. Who cares about these exploits anyway. If you are an intelligent system user, you are going to stay safe from these problems anyway.
Usually the worst case scenario for virus's is you lose all your information and are forced to put in a fresh install and use time machine to put everything back (if it wasn't attacked that is) Main thing being it's not the end of the world. You live you learn. I've very rarely seen the smoke being let out of a computer and if by chance it does, you learned a big lesson, and you repair or buy a new one.
Mac seems to be by far the most secure, but do we mac users really expect a company which is small, in comparison to millions of hackers who spend their lives doing these things to stay secure forever, without any attacks, or without changes being made to the mac os.
This isn't anything to blare or freak about. The contest as a whole sounds like a good thing. They now know what was exploited and can fix it, so that hackers can go and find more loopholes lol. It's a never ending cycle.
I'm appreciative that not all hackers are drawn to attacking mac, and usually go for windows. Who cares about these exploits anyway. If you are an intelligent system user, you are going to stay safe from these problems anyway.
Usually the worst case scenario for virus's is you lose all your information and are forced to put in a fresh install and use time machine to put everything back (if it wasn't attacked that is) Main thing being it's not the end of the world. You live you learn. I've very rarely seen the smoke being let out of a computer and if by chance it does, you learned a big lesson, and you repair or buy a new one.
- Joined
- Aug 2, 2005
- Messages
- 1,229
- Reaction score
- 75
- Points
- 48
- Your Mac's Specs
- 2.6GHz Core i7 15" MacBook Pro - 8GB DDR3 SDRAM - 750GB 7200 RPM HDD - GeForce 650M GT 1GB VRAM
That's been done, except it was disguised as an image file for people who foolishly keep file extensions hidden in the Finder. And somehow people didn't find it suspect when clicking on the image file prompted a request for the Admin password. OS security can only go so far before expecting some level of common sense on the user's part.
Also, Leopard has a measure of sorts against what you're suggesting, which that it keeps information about where it was downloaded from and warns the user of this before he can run the program. I'd certainly hope the average user would know that Adium downloaded from megaupload.com is probably not the real thing.
- Joined
- Nov 25, 2007
- Messages
- 51
- Reaction score
- 1
- Points
- 8
Eh, Apple probably has several hundred people working on the OS every day and yes changes are being made. Since Leopard came out, there's been two major updates: 10.5.1 and 10.5.2. And someone on the forum mentioned that 10.5.3 was just around the corner.
And to comment on the hacking a Macbook in 2 minutes issue once again: of course he chose to hack the Macbook Air, it's a sweet little box and he had a chance of getting it for free, compared to the Vista machine for instance. Who would possibly want that? Well, I guess one could erase Vista and install a Linux server and use it as a server.
From Computerworld:
Miller targeted the Mac for a simple reason --- breaking in was like taking candy from a baby.
"It was the easiest one of the three," he told Computerworld. "We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X."
Shop Amazon
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.