Macbook Hacked in 2 Minutes!

[Gary2MBz]

Only reason its said that OS X/Linux users are safer from hackers than windows users, is because the amount of people that use windows and dont have a clue what they are doing with a computer, thus makin them a easy target for hackers

I forgot that as well, you nailed it in the head

[Miuku.]

If anything, I'd say Windows users are a little better protected - not only do the browsers try and pick up on stuff (like phishing or fake sites), but they are also probably running Anti-Virus software and have a reasonable firewall in place - something which is rare on Mac OS X or Linux.

OS X has firewall up by default (as does almost every Linux), Firefox is available for both platforms hence you have the same "anti-phishing" filter and techniques available not to mention both OS' run "single user" mode as opposed to "god admin" on XP and previous Windows systems.

As for "UAC" protecting Vista users - I'm yet to see a Vista user who hasn't turned it off as the first thing they've done on the OS.

On that note, AV does not protect you against crafted attacks or browser vulnerabilities - thinking you're protected because you run an antivirus is delirious.

[Borbus]

Only reason its said that OS X/Linux users are safer from hackers than windows users, is because the amount of people that use windows and dont have a clue what they are doing with a computer, thus makin them a easy target for hackers

No that is not the only reason...

[Borbus]

The way domain names work is like a hierarchy. the part all the way to the right of the domain name is the top level, and the part all the way to the left is at the bottom. So in the example us.abc.com, com is at the top, and us is at the bottom.

com

|

abc

/ | \

jp us uk

So, in order for someone to create the domain usa.abc.com, they would have to gain control over the abc domain. If someone were to gain control over the abc domain, they could cause a lot more damage than just creating a new URL to trick people.

Actually in the example us.abc.com., us is the host name, not a domain name, abc is a domain name and com is a top level domain name. us.abc.com. is a fully qualified domain name (note the dot at the end). Using regular domain names (not fully qualified) is actually a security risk.

[.kvn]

Apple are already at work patching the exploit.

Topic diminished.

[LTD]

Apple are already at work patching the exploit.

Topic diminished.

We've seen this before. And we're still waiting for something, anything, to show up in the wild.

It's been nothing but lab experiments and contests. Since March (I think) 2001.

Pretty much like taking your own sister to the prom. Technically, you're with a girl, but dude . . . . .

[majortom1981]

Apple are already at work patching the exploit.

Topic diminished.

Actually since you provided no proof what so ever that apple is working on patching the exploit how can you say that the topic is diminished?

[Miuku.]

Actually since you provided no proof what so ever that apple is working on patching the exploit how can you say that the topic is diminished?

The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem

Sometimes reading TFA and related news helps.

[tsupersonic]

Ha proof that Mac OS is in fact vulnerable. I tell my Mac friends that it is possible to hack a Mac. They never believe me.

:victory dance:

[.kvn]

That'll be a very short victory dance.

On a serious note.

There were three OS's up for cracking - OSX, Vista and Linux. OSX was cracked first. So ask yourselves why? Why not the Vista or Linux OS?

Well it's quite simple. Cracking Vista would amount to nothing more than yet another exploit in Vista. It would be non-newsworthy and that would be it.

Cracking Linux would find itself on serious tech news pages and have Linux enthusiasts dribbling with pride in the acknowledgement that it was an exploit triggered through a webpage that let the attacker in. Easy to fix.

But cracking OSX! Oh now, that's good news. That's deliciously great news. That's headline stuff.

Therefore have a crack at the big one, get in through an exploit and then watch the Microsoft world rejoice as they proclaim the current Apple ads a joke.

Meanwhile the rest of us who are not perturbed by such nonsense go about their lives in the same way they have since buying a Mac. Not worried.

Edited March 28, 2008 by .kvn

[BajiRav]

For those defending "physical access"...this is the way I would guess, 99% Windows exploits worked.

OS X has firewall up by default (as does almost every Linux), Firefox is available for both platforms hence you have the same "anti-phishing" filter and techniques available not to mention both OS' run "single user" mode as opposed to "god admin" on XP and previous Windows systems.

As for "UAC" protecting Vista users - I'm yet to see a Vista user who hasn't turned it off as the first thing they've done on the OS.

On that note, AV does not protect you against crafted attacks or browser vulnerabilities - thinking you're protected because you run an antivirus is delirious.

Meet me and many neowinians sometimes. Not everyone is ignorant to turn it off.

We've seen this before. And we're still waiting for something, anything, to show up in the wild.

It's been nothing but lab experiments and contests. Since March (I think) 2001.

Pretty much like taking your own sister to the prom. Technically, you're with a girl, but dude . . . . .

The amount of denial in your posts is amazing. The exploit did not go in the wild because he was under a contract. If this was somebody selling underground and reaching through spam/adware and god forbid Neowin! , it would be game over for you.

For once try to see that your beloved OS X is "secure" only because nobody cares writing viruses for such a small group.

[NateB1]

That'll be a very short victory dance.

On a serious note.

There were three OS's up for cracking - OSX, Vista and Linux. OSX was cracked first. So ask yourselves why? Why not the Vista or Linux OS?

Well it's quite simple. Cracking Vista would amount to nothing more than yet another exploit in Vista. It would be non-newsworthy and that would be it.

Cracking Linux would find itself on serious tech news pages and have Linux enthusiasts dribbling with pride in the acknowledgement that it was an exploit triggered through a webpage that let the attacker in. Easy to fix.

But cracking OSX! Oh now, that's good news. That's deliciously great news. That's headline stuff.

Therefore have a crack at the big one, get in through an exploit and then watch the Microsoft world rejoice as they proclaim the current Apple ads a joke.

Meanwhile the rest of us who are not perturbed by such nonsense go about their lives in the same way they have since buying a Mac. Not worried.

Ah, the spin. Loving that Reality Distortion Field yet?

If you haven't noticed, Apple releases massive security patches, sometimes 80 or more, per update. Once a month, on Vista, I get maybe one or two minor patches - there has been only one major exploit discovered, and that was dealing with TCP/IP across multiple versions of Windows. OS X is much, much easier to hack than Vista. That is why it was hacked first. If they could hack Vista first, then you could bet that all the Mac sites would trumpet that fact, that it was more proof that OS X was more secure.

I think this thread shows that some people are still trying to come to grips that the OS they adore is more vulnerable than Windows (less exploited, definitely, but still more vulnerable). Us Windows users will be laughing when some major virus surfaces on OS X and decimates all those computers that don't have antivirus apps running, and whose users believe they are invulnerable.

[Hell-In-A-Handbasket]

personally it isnt hacking, dont think technically it is either. Personally using commands from 1 computer to another and sitting some code somewhere that somebody else wrote that you copy pasted are 2 different things

You're an idiot. Please learn to know what you're talking about before spewing uneducated ignorance from your pie hole.

You basically just said that phishing, browser exploiting, etc isn't hacking.

[Imran Hussain]

My opinion, if a human makes it, there is always another human who can break it. Whether it's Linux, Windows or OS X. So, I see no surprise in this. P.S. that guy already had hacked the iPhone last year, which runs the same browser, so no wonder he did it in 2 minutes.

[Hell-In-A-Handbasket]

there was a viri couple months ago

OSX.RSPlug.A and OSX/Puper ( both same thing i think ) that was gotten by goign to a Porn site and installing a Codec to watch a movie ( required user to give it access via their admin password )

also OSX.Exploit.MetaData.B ( Info )

dont know how legit either of them are as both companies that found them, also sell Anti-Viri that make their users immune

Us Windows users will be laughing when some major virus surfaces on OS X and decimates all those computers that don't have antivirus apps running, and whose users believe they are invulnerable.

i wonder if he used the iPhone Jailbreak exploit

P.S. that guy already had hacked the iPhone last year, which runs the same browser, so no wonder he did it in 2 minutes.

Edited March 28, 2008 by Hell-In-A-Handbasket

[.kvn]

Ah, the spin. Loving that Reality Distortion Field yet?

You didn't just utter those words did you :blink:

After reading through some of the stinking turds that masquerade as knowledgeable I better go and turn off my Mac as I don't want it to get exploited by a piece of code that doesn't exist in the wild as I don't have any virus protection to fend off the thousands and thousands of current exploits that exist for Windows.

Oh wait. I don't have Windows so I guess I'm okay again.

[Miuku.]

Ah, the spin. Loving that Reality Distortion Field yet?

If you haven't noticed, Apple releases massive security patches, sometimes 80 or more, per update. Once a month, on Vista, I get maybe one or two minor patches - there has been only one major exploit discovered, and that was dealing with TCP/IP across multiple versions of Windows.

I'm not quite sure why I bother to respond but this'll be my last post on the subject.

A few reasons why Apple and most Linux vendors ship so many patches for their products is that they also ship tons more software with the operating system that Vista simply does not have without paying extra or acquiring the server version of the OS. Some things that come to mind are an LDAP server, a web server that supports PHP and other languages, a grid processing server (in other words a node in Windows talk), a fully blown development environment (XCode) and many - MANY more programs, in facts there are hundreds of utilities and free software that ships with every OS X.

Most of these are inert and not enabled unless you explicitly go and turn them on which?in?turn?"protects"?the?system?from?any?security?flaws?in?the?said?software.

Now, if you were to acquire the same software for Windows, then count ALL the flaws and patches in those programs the amount would grow ludicrously, just look at the amount of patches you have for Office and other Microsoft software that implements the same functionality as you'd find in a generic Linux distribution or even OS X.

As for the "Reality Distortion Field", perhaps you should step out of the "Ignorance Field" and study and experience computing a little more before you start making blanket statements about anything related to it.

Although I have to be grateful as well - all the Windows specialists and MCSE kids are one of the biggest sources of income for a consultant - after all I get to clean up the mess these people build, then make a whole ton of money out of it. Me and my house + car thank you all.

[NateB1]

It doesn't matter if the exploit applies to a disabled program or not, it is still there. It's great Apple can add all sorts of free utilities to their OS (if Microsoft did that, they'd be sued out of business), but it is their responsibility to patch it when exploits are discovered. Apple has ignored security for so long it has to play catch up - we'll see if Apple gets more marketshare who's correct. Apple wrote their code poorly, and now has to patch it up. Spinning it around is just that, spin. What annoys me more than anything is the arrogance of some Mac users - thinking that they know it all and that Windows users are simply clueless about security and what's "really" going on. I'm sorry, but that simply isn't the case.

Oh, and viruses and Windows? I currently have not yet installed my antivirus for Vista x64 I installed a couple weeks ago - I'll bet I'm more secure than someone running a Mac. I have a router that serves as a firewall, I know what I'm doing online, plus I'm browsing with Protected Mode on and UAC on. As of today, there is not a single exploit that can get around UAC. I could browse all the shoddy sites I wanted and still not get infected (I might have to dismiss a couple dozen UAC prompts, but that is beside the point).

99.999999999999999999999999% of the malware today takes advantage of social engineering and the cluelessness of people to get themselves installed (on Vista). It only takes one mistake to start the infection. Cluelessness and stupid people are not confined to a single OS. I'll bet any sum of money that if OS X's marketshare was as high as Window's, there would be the same, if not more infections on OS X.

[hapbt]

That'll be a very short victory dance.

On a serious note.

There were three OS's up for cracking - OSX, Vista and Linux. OSX was cracked first. So ask yourselves why? Why not the Vista or Linux OS?

Well it's quite simple. Cracking Vista would amount to nothing more than yet another exploit in Vista. It would be non-newsworthy and that would be it.

Cracking Linux would find itself on serious tech news pages and have Linux enthusiasts dribbling with pride in the acknowledgement that it was an exploit triggered through a webpage that let the attacker in. Easy to fix.

But cracking OSX! Oh now, that's good news. That's deliciously great news. That's headline stuff.

Therefore have a crack at the big one, get in through an exploit and then watch the Microsoft world rejoice as they proclaim the current Apple ads a joke.

Meanwhile the rest of us who are not perturbed by such nonsense go about their lives in the same way they have since buying a Mac. Not worried.

It's so painfully obvious that you own a Mac, I really feel for you. If I had spent that much money on a PC I would want to feel like there was something about it that differentiated it from other, half as expensive machines.

[hapbt]

Now, if you were to acquire the same software for Windows, then count ALL the flaws and patches in those programs the amount would grow ludicrously, just look at the amount of patches you have for Office and other Microsoft software that implements the same functionality as you'd find in a generic Linux distribution or even OS X.

As for the "Reality Distortion Field", perhaps you should step out of the "Ignorance Field" and study and experience computing a little more before you start making blanket statements about anything related to it.

1. What extra software does OS/X come with that Windows does not? Last I checked the default stuff shipped with OS/X was pretty minimal.

2. OS/X is built on Darwin which has its own security team. I recall something about Apple failing to provide source code for their additions and changes to Darwin causing the x86 versions development to be stalled for some time in protest, but that is neither here nor there.

3. What makes you think that, for example, an FTP client written for Windows vs. and FTP client written for OS/X would be less secure?

MS already made all these mistakes once, they shipped XP without a firewall, you'd think Apple would have learned and shipped OS/X with one too initially, you'd think ALL of them would have learned from Unix which is 30 years old and not keep re-inventing things like restricted user permissions.