Mac hacked in 2 minutes

[EduardValencia]

We a company called MSI in our hospital this week, doing security checks via DDOS attacks, etc on our network to see how secure we our, we run a strict MS network and so far they've managed to bring down 5 systems since Monday

Windows is scary.

Well i wasn?t saying that Windows is completely secure,by the other hand you say that only 5 systems has been compromised

Of how many?

In other instance the unknown is more scary,since OSX is unknown to security threats from the hacking and cracking community.Simply OSX isn?t designed for this payload.

Do you know why many hackers give propaganda to install linux or other non operating system?

Answer: Beacuse they know more possible vulnerabilites than Windows

You can take that for granted si:):)

[Eric Veteran]

We a company called MSI in our hospital this week, doing security checks via DDOS attacks, etc on our network to see how secure we our, we run a strict MS network and so far they've managed to bring down 5 systems since Monday

Windows is scary.

A DDOS will bring down anything.

[Hell-In-A-Handbasket]

removed

[Eric Veteran]

wouldnt a hospital network topology have servers and routers between the machine and the outside net, and a DDOS take down the routers first ?

Probably, so that would mean routers are scary, not Windows. :)

[vincent]

Well i wasn?t saying that Windows is completely secure,by the other hand you say that only 5 systems has been compromised

Of how many?

In other instance the unknown is more scary,since OSX is unknown to security threats from the hacking and cracking community.Simply OSX isn?t designed for this payload.

Do you know why many hackers give propaganda to install linux or other non operating system?

Answer: Beacuse they know more possible vulnerabilites than Windows

You can take that for granted si:):)

If you could follow Bill gates around with a roll of toilet tissue you would huh?

[Hell-In-A-Handbasket]

agreed, but was meaning along the lines of they would have to be doing something other then just a DDOS to bypass the router/Gateway and hit the machine in question.

wouldnt a DDOS would bring the whole network down, not just an individual machine not touching the others ( when they said it brought down 5 systems since monday ) may be reading into his post to much though

Probably, so that would mean routers are scary, not Windows. :)

[.kvn]

Two threads for the 'single' Mac Crack!

[abcdefg]

If you could follow Bill gates around with a roll of toilet tissue you would huh?

Just ask how far. :laugh:

[EduardValencia]

If you could follow Bill gates around with a roll of toilet tissue you would huh?

Nahh Microsoft has comitted various mistakes in my opinion

The only difference between you and me,is that i?m based on facts,given here in neowin in other threads.Obviously i prefer Windows because the broader range of applications that can be installed,this security topic is a plus given for my criteria.

If you want to talk about Microsoft and Apple zealots,who do you think has more ego,and kneels more in front of their desired system?

you asnwre is the Mac zealots,hated for that sole reason.

[Hell-In-A-Handbasket]

If you want to talk about Microsoft and Apple zealots,who do you think has more ego,and kneels more in front of their desired system?

you asnwre is the Mac zealots,hated for that sole reason.

id have to disagree and say Linux Zealots, lol, with Mac close behind, but Mac VS Windows, yea Mac

[techbeck]

My sister wanted to get a Mac because she said she heard they were a hell of a lot more secure than windows. I set her straight...

What people do not realize is that Macs are not more secure that Windows. In fact, they can quit possibly be less secure. This article is proof of that. 2 minutes and the Mac was hacked. Hahaha...that is pathetic. And for all you Mac fanboys and people looking for flame bait, I said it is possible Macs can be less secure...not that they are.

People are getting in to a false sense of security with the Macs. Saying they dont need antivirus is a BIG mistake as there are viruses for Macs as well.

And it is all about the Market as well. If Macs control the majority of the market, they will be nailed left and right like a $2 hooker. Its that simple and its common sense. If Macs start to control more and more of the market, you can bet you will see them getting hacked.

[Eros]

Here's a picture of Charlie (in the foreground) exploiting the MacBook Air from his own laptop, while Aaron from TippingPoint verifies the pwnage in real time.

http://dvlabs.tippingpoint.com/blog/2008/0...er-with-picture

[Hell-In-A-Handbasket]

*Edit* mistook the yellow Network cable as the older PPC Power cable

Here's a picture of Charlie (in the foreground) exploiting the MacBook Air from his own laptop, while Aaron from TippingPoint verifies the pwnage in real time.

http://dvlabs.tippingpoint.com/blog/2008/0...er-with-picture

Edited March 28, 2008 by Hell-In-A-Handbasket

[EduardValencia]

id have to disagree and say Linux Zealots, lol, with Mac close behind, but Mac VS Windows, yea Mac

lol :)

[hotdog666al]

:rolleyes:

Whoever said were Macs immune to hacking?

I'm pretty sure it says "No Viruses" everywhere, nothing about hacking now.

[abcdefg]

Macs are not more secure that Windows. In fact, they can quit possibly be less secure.

Wrong. Currently they are a lot more secure because there just aren't nowhere near as much real security threats circulating for Mac. Infact the number of those is close to ZERO.

Saying they dont need antivirus is a BIG mistake as there are viruses for Macs as well.

Have they ever spread very far or were able to do anything harmful?

And it is all about the Market as well. If Macs control the majority of the market, they will be nailed left and right like a $2 hooker. Its that simple and its common sense.

So if Vista will reach the marketshare XP has (won't happen :woot: ) it will be as unsecure as XP?

[Chicane-UK Veteran]

So he found an unpatched vulnerability. Am I missing some groundbreaking revelation here, or are the Microsofties just glad to have the heat off them for a while?

[Hell-In-A-Handbasket]

so those security updates on my Software Update are just bandwidth filler, i want my bandwidth back.

Wrong. Currently they are a lot more secure because there just aren't nowhere near as much real security threats circulating for Mac. Infact the number of those is close to ZERO.

I love my Mac dont get me wrong, but to say there are close to 0 threats is not true, there are threats, just notobody willing enough to put the effort to target a small user base,, heck this dude did it cause he wanted a new Macbook+10 Grand

because somewhere it said he did the iPhone jailbreak, he might have used the same exploit as iPhone/iPod ( im assuming the jailbreak is done by injecting code in the Safari TIFF exploit, last jailbreak i did was 1.1.1 iPod touch, but i had to Tiff crack it, then SSH the installer into it. dont know how its done now

[hapbt]

Right :rolleyes: and Vista and UAC is bulletproof too.

UAC is bulletproof in the sense that it attempts to absolve Microsoft of any liability by giving them the out that THEY ASKED YOU if you wanted your computer hacked and you said yes, I think that is the only real function of UAC.

But yeah, Mac security sucks because Apple has never proactively tested it, they have no idea how, MS has been doing this for years out of necessity.

[XerXis]

It was social engineering however so the cracking contest doesn't really count - this is no different than me putting up an iFrame vulnerability that exists in IE6/IE7 even today.

Anyone using MSN yesterday should be very aware how easy it's to blow up your IE because I kept getting messages from people asking me to click a certain link that opened an iframe and affects all IE6 and IE7 (Also Vista, because most of the people on the list who sent me the message were Vista users).

So you say you know a way to exploit a vulnerability in IE7 in such a way that UAC stops working and IE7 isn't in protected mode anymore? show me...

[.kvn]

But yeah, Mac security sucks because Apple has never proactively tested it, they have no idea how, MS has been doing this for years out of necessity.

I think I've drank too little wine to get past this one.

[Azmodan]

Name an OS? I can tell you how to pull data.

FreeBSD 8, ZFS. You have one day. :laugh:

[.kvn]

Now that's going to be fun to watch.

You see, one exploit in Safari has its good points. It provides discussion and fixes. Maybe not here on Neowin where this thread seems to have taken a turn towards the usual 'mine's bigger than yours' philosophy but good will come of this exploit and Mac users and probably any other OS user that uses Safari will benefit.

This is not a game of this is better than that, but one where every OS wins and long may these sort of competitions and events run. They will make our enjoyment of any OS and the internet a better experience in the long run.

[Cormier6083]

I personally think this is a good thing. This will allow Apple to find these exploits and fix them. :)

[Hell-In-A-Handbasket]

would this work Buffer Overflow via Web Page lists FreeBSD as probably vunerable, because its via Nvidia Grafix driver, i dont think the Filesystem would make a diffrence as with the injected code you could have the OS do anything

there is also a proof of concept included

took me a 10 second search in google

*Edit* unknown if it will as its dated Oct 06, should have been fixed by now i would think

FreeBSD 8, ZFS. You have one day. :laugh:

Edited March 28, 2008 by Hell-In-A-Handbasket