A few days ago, there was some news titled "Myth crushed as hacker shows Mac break-in". That title was incorrect -- it should have been "Hackers fail to break into mac, so organizers changed the rule". That wasn't actually a hack for Mac OS X, as it only compromised a user account. The Mac remained unhacked for many tries, and it wasn't until the event organizers opened the contest to non-attendees that one successful attack was made.

But now the bug that helped security researcher Dino Dai Zovi claim a $10,000 prize at last week’s CanSecWest security conference affects Windows systems too.

The flaw that Dai Zovi exploited actually lies in the way Apple’s QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com’s TippingPoint division, which put up the $10,000 prize. QuickTime runs on both Windows and the Mac.

When first reported (http://www.thinkdigit.com/forum/showthread.php?t=55704), last week Dai Zovi’s bug was thought to lie in Apple’s Safari browser, a standard component of Mac OS X. But users of Firefox — which supports QuickTime on both Windows and the Mac — are also at risk, Forslof said Tuesday.


In terms of seriousness, the bug is comparable to the animated cursor vulnerability that was recently patched in Windows, Forslof said. The bug “is the equivalent to a click-and-you're-owned vulnerability,” she said.



Initially, contestants were invited to try to access one of two Macs through a wireless access point without any programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs (uniform resource locators) via e-mail.


Dai Zovi, who lives in New York, sent a URL that exposed the hole. Since the contest was only open to attendees in Vancouver, he sent it to a friend who was at the conference and forwarded it on.

Source (http://www.macworld.com/news/2007/04/25/qthack/index.php)

Just apply the latest patches to QuickTime, and you should be safe.

Wait, an user opens an OS & can he work without any application running? That hack did affected Safari which is again made by Apple to hack in MacOS X, whats the difference then one available for Windows using some bug in IE? Aren't they both the same things...? Ways to hack in an OS.

Anyway, this new flaw which affects windows is a flaw in quicktime java, & again Quicktime is made by Apple.

arre gx ... woh bina safari k hi internet use browse karta hai .... hey nepcker a news flash for u .... use an Out of box windows vista/xp dont use any application and just boot and keep it it wont get hacked

arre gx ... woh bina safari k hi internet use browse karta hai .... hey nepcker a news flash for u .... use an Out of box windows vista/xp dont use any application and just boot and keep it it wont get hacked

lolz

not sure par agar 98 ko bhi boot kar k, use no appz i think it wont get hacked :D

Speaking of that old hack, umm...is it possible to hack a system on LAN with no file sharing or printer sharing or sharing available? I don't think so cos to hack a system on LAN that system must be shown in LAN or network neighbourhood or whatever the place is in your OS

This just in from neowin. That quicktime bug which was the reason for this hack affects all the other browsers. Apple should start fixing bugs in there existing products first.

kya!! bina browser ke internet...

hey nepcker !! a fact for you!!! you know 90% hackers can hack MAc os.. but then they would be called crackers.. so they dont want to get their hands dirty.. and as a point of hack... nothing is the world is uncrackable and or unhackable...

so better keep the fanboyism low.. :D

nothing is the world is uncrackable and or unhackable...

my line exactly. its just whter its worth hacking. and whats worthwhile for a hacker? recognition! positive or negative ! its just that 90%+ users use windows and thats whom he is therefore going to be targetting for thats where he is going to get more attention.

my line exactly. its just whter its worth hacking. and whats worthwhile for a hacker? recognition! positive or negative ! its just that 90%+ users use windows and thats whom he is therefore going to be targetting for thats where he is going to get more attention. In fact they'd get more recognition and fame for hacking a platform that is considered more secure. So, they'd rather target mac/linux then windows for fame and recognition.
And hackers attack windows......lolz
it's more like script kiddies who do.

@tech_y_f do you really mean this , or just said it without any backup... this is not a script kid who hacks windows... and even in hacking Linux, no one will get anything.. as it is itself open.. and its not hard for a windows user who is having 1% knowledge of UNIX platform to hack into it.. here script works... i dont say it will take 3 mins or 5 or 25, but hacking linux, macs is not a big deal... infact if someone does it, then it wont be much difficult.. for windows... you must be remembering the BLASTER worm... that guy became famous overnight.. why ? coz he made a VIRUS for WINDOWS, and windows is the greatest platform of attraction to hackers for getting fame...

and kids dont make scripts... specially hacking ones...

and windows is the greatest platform of attraction to hackers for getting fame...

not many will understand this ! and even if they do; they'd prefer to play the ostrich :D but then, each to his own !

In fact they'd get more recognition and fame for hacking a platform that is considered more secure. So, they'd rather target mac/linux then windows for fame and recognition.
And hackers attack windows......lolz
it's more like script kiddies who do.

I used to think of u as a sensible & helpful linux user, not a fanboy. But the truth is reveled today. You are a fanboy :mad:.

Just see above, a hacker just hacked Mac, how much recognition he got?

Hmm.. He's getting a lot of attention aint it! Its NEWS that someone hacked a mac.. Suppose there are 2 threads.. "Mac hacked" and "Windows Hacked", which one would most of the people open first? And i find no fanboyism in mehul's post..

May be we should Organise a Windows Vista Hack fest:)) and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites:lol::lol:.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
http://whylinuxisbetter.net
http://www.livingwithoutmicrosoft.org/

May be we should Organise a Windows Vista Hack fest:)) and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites:lol::lol:.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
http://whylinuxisbetter.net
http://www.livingwithoutmicrosoft.org/

Troll alert, who fed him

Again for no reason you are bashing Vista in this thread. Mind staying to the topic plz

And i find no fanboyism in mehul's post..Of course you don't. You are a normal person after all. :)

well as Recently published in a magazine , hacking is nowadays more of a profession than an obsession . Hackers target windows coz it's used by the majority and also Zero-Day Exploits for Windows fetch $30,000 - $50,000 per exploit :shock: , this is not the case with Mac/GNU Linux . Which Adware company will pay u to find a hack in these OS ? :rolleyes:

May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
http://whylinuxisbetter.net
http://www.livingwithoutmicrosoft.org/

well as for u mate , let me tell u that i Use Windows XP and i DON'T have any Antivirus/Firewall installed n i haven't been affected by a single worm/adware/trojan/virus since 2 years. it's mostly the fault of the User not the OS who is respnsible for compromising his privacy , etc . now even if a person got folled by a phishing mail people would blame the OS :rolleyes:

Well mate in that case you'll like to read this post:
http://www.thinkdigit.com/forum/showpost.php?p=481647&postcount=2
UNIX like OS are more secure.

you must be remembering the BLASTER worm... that guy became famous overnight.. why ? coz he made a VIRUS for WINDOWS, and windows is the greatest platform of attraction to hackers for getting fame...
What does a virus (http://www.microsoft.com/athome/security/viruses/intro_viruses_what.mspx) has to do with hacking? Don' confuse trojans with viruses! I feel really annoyed, when anti-viruses show trojans,malwares,adwares,spywares as viruses tooo making no room for user's enlightenment so that he can understand the differences!
And...script kiddies (http://en.wikipedia.org/wiki/Script_kiddie) doesn't mean kids! :D:D


That blaster guy got famous coz his work affected millions of windows PCs. Surely he wudn't have got famous if only a few PCs got affected! For that very reason the techies and forum phreaks like me know only about blaster,nimda and a few more and not the rest of the millions in the anti-virus's virus definitions!

Neways, I agree hacking windows isn't easy. Its no script kiddie task, not in the light of 3rd party security softwares! Security majorly depends on security/network admin. Its his work to customize, patch up and secure the system. A poorly administered system can be hacked easily "irrespective" of the OS. The network/system admin may not secure the system and leave it with the default settings. He may not be so technogically sound and may have taken that job in desperation without having interest in that field at all. So he might not be patching up the system daily either, leaving plenty of room for "zero day exploits (http://en.wikipedia.org/wiki/Zero_day)" and with that its possible to hack into any system!!


this is not the case with Mac/GNU Linux
Being open source is the key here!

Prakka123,

Would u mind not hijacking the thread. None of us here is a windows fanboy we give proper reason for any flaw in Windows & acknoledge if it is bad, however we do not sing the same tune again & again that Windows is most user friendly, runs on millions on hardware configuration & what not. Then why do u show yourself as a Linux fanboy & for no reason advertise Linux. Those links you gave are just nonsence & FUD against Windows OS.

There are so many users in this forum using Windows OS without any 3rd party security software. Get over it dude & stop being a smug.

Mediator is right, I have seen Linux systems getting hacked & pwned on LAN using Linux OS runing on the hacking computer, just cos the system was not well maintained & set, also I have myself seen Linux users unable to hack in Windows Vista systems with security settings properly maintained. Now how those IGNOU BIT students did it is beyond my knowledge, i just set up the drivers & computers & provided Ubuntu ultimate & Vista, while configuring Vista.

Well mate in that case you'll like to read this post:
http://www.thinkdigit.com/forum/showpost.php?p=481647&postcount=2
UNIX like OS are more secure.

my point is , the OS is as secure as the user using it .

so if the user is a fool then i think there's no sense blaming an OS .

and i didn't say nything of the sort that Unix was les secure , bla bla i only said it all deepended on the user , get it ?

At that event, nobody was able to break into mac. Several attempts, no success. Then the contest was open to non-attendees. Again, no success. Only one successful hack occurred after sending URLs via e-mail was allowed too.

As for fame and recognition, the Blaster worm guy got recognition because it was a serious threat. But this hack for OS X is not a serious threat.

http://www.macworld.co.uk/macsoftware/news/index.cfm?newsid=17871

Organizers of last week's MacBook Pro hack challenge Thursday disputed accounts that the QuickTime exploit that won the $10,000 prize was nicked from a wireless network and is now in circulation.

"Not likely," said Dragos Ruiu, one of the CanSecWest and hack contest organizers. "Everything went over a wired network. It was in a locked cabinet, so it would have to have been physically compromised."

When asked about the chance that the exploit could now be in the hands of anyone other than 3com TippingPoint – the company that paid $10,000 for the code; its creator, Dino Dai Zovi; and Apple, Ruiu said: "Slim."

Hackers target windows coz it's used by the majority and also Zero-Day Exploits for Windows fetch $30,000 - $50,000 per exploit
Nah, you'll only get a few transcaucasian rubles (http://en.wikipedia.org/wiki/Transcaucasian_ruble) if you find a exploit in Windows, for they are so common. But if you found an exploit in Mac OS X, you'll be awarded with $10,000 (as like Dino Dai Zovi, who found an exploit in QuickTime, and got rewarded for that).

At that event, nobody was able to break into mac. Several attempts, no success. Then the contest was open to non-attendees. Again, no success. Only one successful hack occurred after sending URLs via e-mail was allowed too.
is it possible to hack a system on LAN with no file sharing or printer sharing or sharing available? I don't think so cos to hack a system on LAN that system must be shown in LAN or network neighbourhood or whatever the place is in your OS

;) now what to say.
But this hack for OS X is not a serious threat.
Yup it is not a serious threat despite of the fact that the hacker was able to access the user folder, was able to copy or delete or replace files there. Here is the thing, he was able to access the user files & he could have created havoc...still u say this is not a serious threat. Ya right. Whats more of a serious damage to u, your OS files getting curropt which can be fixed by simply reinstalling it or someone deleting the pics of your gf :D.

Even blaster worm was not a serious threat then, it only rebooted the machine on connecting to windows update, for those who don't use Windows Update it was not a serious threat either :-"

Nah, you'll only get a few transcaucasian rubles (http://en.wikipedia.org/wiki/Transcaucasian_ruble) if you find a exploit in Windows, for they are so common. But if you found an exploit in Mac OS X, you'll be awarded with $10,000 (as like Dino Dai Zovi, who found an exploit in QuickTime, and got rewarded for that).

well then i suggest u read the latest issue of CHIP mag , also u get money for finding exploits in windows coz adware/spyware companies can then use these exploits to market their product , etc . these companies r the ones that pay u for finding explots .

as for $10k for finding an exploit in mac , then well events like these happen once a year man , n u can't possible make a living earning $10k a year :cool:

Simple Random questions. Anyone can answer them?

1. They were having trouble hacking the "Macs"?
2. They changed the rules?
3. They allowed the Safari browser?
4. You had to load a plug-in for Safari for this to work?
5. Would I have been asked for permission to load the plugin?
6. If I didn't allow or load this plug-in would it still have worked?
7. They paid out money for a misleading media con against Apple?
8. Does anyone believe that anything man made is infallible?

And yeah, you can't make a living by finding exploits on OS X -- they're way too less on OS X when compared to Windows.

^^ and your point is ... please read i have given a news flash for u on the first page itself ... read that and then revel in the macs past glorious

8. Does anyone believe that anything man made is infallible?


really.. i think this was the first thing every body said.. except you.. and thank god , now you youself commited this...

@mAV3 (http://www.thinkdigit.com/forum/member.php?u=12027):[/URL]
I just meant to say that they cheated and lowered the security levels. Before the security levels were lowered no one could break in. So this break in is null and void as a real world break in. This seems to be a trend that has played out itself over and over again. People pretend to break in and create a big headline, but in the end the story is unfounded. The truth comes out later that, like in this case, they had to cheat in some way or another to get in.

Thanks for the news flash. It works with Windows 98 too. 98 ran without any BSOD/error boxes/security threats for over 30 minutes. A new world record, I guess.

@[URL="http://www.thinkdigit.com/forum/member.php?u=20608"]shantanu_webmaster (http://www.thinkdigit.com/forum/member.php?u=12027):
You were the one that said it, not every body. But I guess you were right.

But I've already accepted that Macs are indeed hackable, and that hacking a mac is easier the hack than hacking Windows. I've posted it before, but since you seem to have missed it, I'm posting it again:

Yes, macs are hackable.:sad: What's more, hacking a mac is way too easier than hacking a Windows PC. Here are the steps which you can follow to hack a mac: :wink:

Step 1: Find a dude with a mac running.
Step 2: Tap on his shoulder, and state something like "Hey, is that Steve Jobs over there using an iPhone?".
Step 3: Quickly rip the Mac from his hands, and run like hell.
Step 4: Pray that he was logged on as an admin, so you can change the rights.

See? It is crystal clear that the mac is more hackable. In my attempts with Windows systems, I had to perform Step 2 several times over to try and get the driver disks, Service Pack 2, the anti-virus program manual, et cetera. I have also noticed that the mac I own, the Mac Pros are more secure, as the hacker will probably fail in the step 3 process.

Seriously, I know there are holes in the Mac OS X, as there would be with any. The line about Mac not spending enough time on security when compared to Windows is a crock, as they (and the UNIX developers) started working on security about twenty years before Windows even considered it. I think it would be very interesting to see the code behind the hack, as I suspect it actually may be more like my "comedic code" above than a true, and grave threat.

UNIX is much more secure by design itself my dear poor winblows users:lol::lol:
be it mac os x,freebsd,linux any UNIX like OS.take it :))

UNIX is much more secure by design itself my dear poor winblows users:lol::lol:
be it mac os x,freebsd,linux any UNIX like OS.take it :))

well freebird , i clearly see that u r a FANBOY , pls keep ur comments to urself or we'll have to call GX ;)

1. If you boot up and surf the Web using a Windows PC without installing or configuring any security tools, it will likely pick up some piece of spyware, some adware, or a virus on it pretty quickly. By contrast, you can surf the Web using a Mac without changing any of the default install settings for months without problems. This is what most people point to as proof that Mac OS X must be more secure.

What really makes this example seem like evidence of Mac OS X as a perfectly secure operating system is that there are very few viruses or other forms of malware that have been created to exploit flaws in Mac OS X.

There are multiple reasons for this; chief among them the fact that there are far fewer Macs in the world than there are Windows PCs. As a result, most malicious code writers choose to target Windows so that they can have a much wider impact.

2. Another factor is that until recently Mac OS X was designed to run only on Power PC processors, which use different instruction sets and assembly language than Intel or AMD processors. Although not an impossibly large hurdle to malicious users, this meant that malware needed to be coded with a payload specific to Power PC hardware rather than simply converting an existing payload to work with exploitable flaws in Mac OS X. Combined with the smaller user base, it historically resulted in far less interest in targeting Mac users.

Security by obscurity, however, is not proof of a secure operating environment. It might not even be a comforting thought because it can lead to a general lackadaisical attitude toward security and widespread infection should a rapidly propagating virus or other malware be developed. The truth is that although there have been few instances of malware or widespread attacks targeting Mac OS X, the platform is not perfectly secure. In fact, it does have a variety of vulnerabilities.

Kernel Weakness

One of the weaknesses in Mac OS X is its combination of BSD Unix with the Mach kernel. The BSD nature of Mac OS X offers several security advantages: securelevels, a multiuser access control model, and the ability to limit the access that applications have to the kernel and other core operating components. All this offers improved security compared with most Windows releases.But Windows Vista makes this go its own way, by enhancing the kernel to be more secure.

However, the fact that the BSD architecture sits on top of the Mach kernel presents a weakness because it’s possible to use Mach-specific kernel services to circumvent BSD security features by passing system calls and instructions into the kernel itself. This could allow a malicious user with knowledge of the Mach kernel to carry out a number of normally restricted activities.

There are also a number of known vulnerabilities to the Mach kernel. As with most kernel vulnerabilities, they are primarily related to system calls. Some of them have been used in the past to develop rootkits capable of patching the kernel and allowing a malicious user to infiltrate a system without detection. Apple has prevented known rootkits from being used to compromise the current release of Mac OS X. However, there continue to be ways in which malicious users or code can infiltrate the kernel and, by extension, compromise the entire operating system.

I think this can clear some myths and facts.

All it did was further drive the point home that Macs are highly secure. Yes, it did warn that it might start getting infected by viruses in future. LOL! Haven't we been hearing that since ages?

I use my Mac with the default settings and the firewall turned on. I use the administrator account (which is password protected) and I do not use any security software. I open every link I come across without any fear and I use P2P software. I will believe that Macs are not as secure as they are touted to be the day I get hit with virus or spyware. I couldn't care less about the reasons why Mac OS X is secure.

And your post has been reported for not mentioning the source. You keep doing that all the time.

i dont think i did it any time.. report it and get as rude as you can

now you have to mention my each and every post coz you have said all the time.. plz mention the proof for that...

Simple Random questions. Anyone can answer them?

1. They were having trouble hacking the "Macs"?
2. They changed the rules?
3. They allowed the Safari browser?
4. You had to load a plug-in for Safari for this to work?
5. Would I have been asked for permission to load the plugin?
6. If I didn't allow or load this plug-in would it still have worked?
7. They paid out money for a misleading media con against Apple?
8. Does anyone believe that anything man made is infallible?

And yeah, you can't make a living by finding exploits on OS X -- they're way too less on OS X when compared to Windows.

1) Yup, we don't know the reason why. Maybe file & print sharing was disabled cos if it was enabled then it sure would have been possible or something like that. Just assuming cos i was not there

2) They changed the rule cos no one there was able to hack.

3) Obviously, can u expect any user in this world to work without a browser or without any application runing like I mentioned in post 2

4) For your kind info, Quicktime plugin is loaded in Safari or all browsers in Mac automatically.

5) Nope, it is a Apple browser plugin from Apple Quicktime, it comes under trusted plugins.

6) If u disable Quicktime plugin Safari then it will have 0 Multimedia capabilities in it.

7) They paid moeny for succesfully hacking Mac. Stop being such a bad defender.

^^^^ arya, what if unlike u he actully wrote it from his own experience

@shantanu' quote source @:
http://www.informit.com/articles/article.asp?p=712742&rl=1

^^^ bhai, u got lots of useless time to dig things on Net. :D

^^ Now some useful eyeopener for U and many Win users:
Why is Linux more secure than Vista? (http://cmars.wordpress.com/2007/02/14/why-is-linux-more-secure-than-vista/)

In Vista Security A Joke? : Executables Install As Administrator Because It’s More Convenient (http://dmiessler.com/archives/1141/trackback/), Vista gets dinged for prompting users to run installer executables as Administrator.
The article gets it wrong though. How many Linux users out there have done this?
sudo make install
sudo yum install my-favorite-app
tar xzvf my-favorite-app.tar.gz; cd my-favorite-app; sudo ./install.shI don’t know a popular distro that doesn’t also prompt the user to install software or modify system settings as root. So, on the surface, the Vista model and the Linux model are the same. Installing software requires elevated privileges, and comes down to a judgement call on the part of the user.
Where Linux security differs is in the nature of the software installed. The majority of software on Linux, virtually all the software that the typical end-user will use, is open-source software.
Open source is a different world. You won’t see open-source malware-infected spyware. Open source software sells itself its merits to the user, rather than by being a gatekeeper to what the user wants to do, like play a movie, a game or edit a photo.
The motivation behind open source is to make something useful, build a community around it, and then profit from the market generated by that community, rather than put a cover charge on the party.
This is the antithesis of spyware/malware/adware, which tries to pose itself to the potential user as a solution, and then feed off of the user as a parasite. This parasite cannot survive when exposed and publicized. Parasites don’t get invited to the party, and they get found out and kicked out pretty quick.
Its been argued that Linux security is only due to the fact that there isn’t enough Linux marketshare to make attacking it worthwhile. I disagree, I think the open source model scales. Even if Linux and Windows marketshare were equal, I would argue that malware would be virutally non-existent on Linux. Open source communities that meet the popular needs of users would be even more motivated to do so, as the communities around them would be more profitable. They would receieve even more corporate sponsorship, and distribution to end users, audited and certified by the distros, would have more choices.
It is probably a good idea to have the OS install software in a semi-restricted environment, or provide different levels of security, but I don’t know of *any* popular distribution that does this. But no OS will ever be able to make the final security judgement call for the user, unless the computer is reduced to the restricted environment of a game console.




source:
http://cmars.wordpress.com/2007/02/14/why-is-linux-more-secure-than-vista/#comment-103
Open Source rules!

So, for open source we have to assume that the guy coding is a nice guy & not a hacker & he is giving his code for free without any benifits from him & all for charity.

freebird, you should be hired by linux companies for best marketing methodology by spreading FUD. :D. Are yaar we know all this Unix thing...kuch naya bol. Vista has fixed the security learning things fron the past, why don't u accept that.

Microsoft - Damned if they do, Damned if they don't.

it is a matter of self pride and an elevation to an individuals rather insecure state of mind by saying that i use mac or linux ... coz windows being so widely used ppl feel its below their dignity to use it and those using it are considered to b fools for some absurd reason

^^ ur avatar says.I also believes the same.I cant buy Vista or for that matter any windows.so that means the only other way(if not gifted) is to Pirate for most average ppl.

Yes.dont feel that there wont be jobs for software professionals when M$ lost its monopoly.You can make money from FOSS.the options as of now are growing.
We,The Open SOurce users are way better in keeping away from piracy unlike many of our forum users themself.have some respect even though i know u hate the growth of Open SOurce atleast we r not pirating ur windows os.:o

Why do i post the virutes of Open source here?do u know what is FUD,patent warfare and other things this huge monopoly does to Linux and FOSS.if u r not taking sides.U'll understand.this is not insecurity-it is a war against MSFT to save Open SOurce.
if u regularly read linux.slashdot.org or some other sites,u'll understand what is monopoly M$ doing for us.
BTW:
I dont even want vista or mac even if anyone give it FREE.:)) can use it as a kitchen TV

@freebird: we are not fighting wars here, then it is not our windows and your linux.. Dont own it.. use it.. and who are you to save open source and we to save windows.. just think before you post..

BTW:
I dont even want vista or mac even if anyone give it FREE.:)) can use it as a kitchen TVYeah, no one is going to give them to you for free, so you don't have to worry about that. Buy a separate kitchen TV.

1) Yup, we don't know the reason why. Maybe file & print sharing was disabled cos if it was enabled then it sure would have been possible or something like that. Just assuming cos i was not there
No, file-sharing and print sharing was not disabled. The security of macs were actually lowered. The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.


2) They changed the rule cos no one there was able to hack. That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.

4) For your kind info, Quicktime plugin is loaded in Safari or all browsers in Mac automatically. I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source (http://www.macdailynews.com/index.php/weblog/comments/quicktime_vulnerability_found_in_mac_hack_challeng e_exploitable_in_internet/))

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.


6) If u disable Quicktime plugin Safari then it will have 0 Multimedia capabilities in it. Even if I disable QuickTime, Flash will always be there, and sites like YouTube, Google Videos, etc. use Flash. I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.

But I don't think that I will ever disable Quick Time.

dude y dont u understand for a fact that like the mac if u disable all the things u are saying the windows is also as secure in that case ...

it is a matter of self pride and an elevation to an individuals rather insecure state of mind by saying that i use mac or linux ... coz windows being so widely used ppl feel its below their dignity to use it and those using it are considered to b fools for some absurd reason

great point dude :D :D :D

I dont even want vista or mac even if anyone give it FREE.:)) can use it as a kitchen TV

seems like the poor guy never played ny good games :)

Yeah, no one is going to give them to you for free, so you don't have to worry about that. Buy a separate kitchen TV.

i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible , there's no way he can use such a TV , sheesh ;)

No, file-sharing and print sharing was not disabled. The security of macs were actually lowered.
I mentioned that I have no proof that it was enabled or disabled. Do you have a proof that it was not disabled? Plz provide source.

The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.
:rolleyes: How what to say. If I know your IP address & got a backdoor in Mac obviously I can start a remote desktop session.

That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.
Isn't this how most of the Computers get hacked, like Windows. They get a mail with some malicious link which on clicking gives problems. So this is close to a real world sceneario.

Now if you think that in Windows just opening up a website will hack your computer without clicking on any link....then u r.....<censored> :D

the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language
Yup, bug in Apple Quicktime Media Player. How different it is then some bug in WMP with JAVA? I mean the player is flawed in both cases, so this doesn't makes the Mac automatically secure. You have it disabled, WIndows doesn't even comes with JAVA Runtime by default then considering that Windows is more secure with this flaw compared to Mac. There are many Mac users who have in enabled by default.

I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.
No U cannot, Mac uses Quicktime engine to play mp3, midi or whatever embeded in Webpage not just Flash. You cannot experience lot, yes.

dude y dont u understand for a fact that like the mac if u disable all the things u are saying the windows is also as secure in that case ...
:D R U kidding me, how can he understand this. He browses the internet without a browser. He works on Mac pro without running any application.

i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible , there's no way he can use such a TV , sheesh
Lolz....tooo good chote nawab

No, file-sharing and print sharing was not disabled. The security of macs were actually lowered. The mac is incredibly secure. No one could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.

That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.

I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source (http://www.macdailynews.com/index.php/weblog/comments/quicktime_vulnerability_found_in_mac_hack_challeng e_exploitable_in_internet/))

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.

Even if I disable QuickTime, Flash will always be there, and sites like YouTube, Google Videos, etc. use Flash. I can experience multimedia experience without QuickTime, but I'll just miss a lot of multimedia contents.

But I don't think that I will ever disable Quick Time.

what do you know about hacking, methods and techniques, what scripts or port access is used.. what are the perfect ways..

if you did some research , then clear this also that when last time to tried to break something..

and just saying remotely and all cant make sense that you are even understanding the point and technique which the hacker used...

I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source (http://www.macdailynews.com/index.php/weblog/comments/quicktime_vulnerability_found_in_mac_hack_challeng e_exploitable_in_internet/))

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it. Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.

^^^ valid point eddie. disabling javascript will surely impair website compatibility.

Most importent of them all,,,....orkut won't work :D

Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.AFAIK, and I might be wrong on this one, that hack is only for JAVA, not for JavaScript, which is completely different from JAVA.

AFAIK, and I might be wrong on this one, that hack is only for JAVA, not for JavaScript, which is completely different from JAVA. You are wrong.

Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.

Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there.

You are wrong.Care to elaborate? What am I wrong about? That the hack is only for JAVA or that JavaScript is not the same as JAVA?

hey nepcker and other mac fanboys this from mac world link posted in other thread on the same topic:

Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division—and took a lot of Mac users by surprise.

But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.

“Literally any piece of code is going to have vulnerabilities and the Mac is no exception,” said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.

Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. “Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them,” he said.

Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.

“If a hacker turned their attention to the Mac, it would suffer just as much as Windows,” Wagner said. “Attacking the 95 percent of the market gets them more attention.”

According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.

Care to elaborate? What am I wrong about? That the hack is only for JAVA or that JavaScript is not the same as JAVA? he means the hack extends to java script

The article you posted has already been posted, most probably in this topic itself (or in the "myth crushed" topic).

no wonder after reading it fellow members decided to tone their attitude down a little in the thread .. o! well its straight from the horse's mouth as u once said arya ... mac world the mac experts ... until offcourse u claim that MS bought them as well

well as far as i know JAVA n javascript r ENTIRELY different things .

java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .

I have iTunes running all the time. Safari is open when I'm browsing the net, and at other times, I'm using Photoshop, Final Cut Pro, Aperture, Keynote, or some other applications like games, etc.

You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.

There's absolutely nothing to do with JavaScript. Java and Javascript are two different things. The hack will only work if you have Java enabled. Whether JavaScript is enabled or not is not the matter of concern.

As I said before, disabling Java shouldn't be a problem, since very few sites today use Java. I only enable Java when I have to play certain online multiplayer games.

If I had to disable JavaScript, then it would have been a problem. Disabling it is almost like being disconnected from the internet.

You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.

U seem to be an expert on hacking. Can u give step by step instructions on how to hack windows....i.e XP with latest updates? Also, I want to hack Microsoft site u know!

Oops... messed up again... Here's what I really intended to say:
You can hack Windows which has no application running.

I didn't mean that you can hack Windows by just staring at your computer, without usinf any programs, but what I wanted to say was that you can hack Windows even if it isn't running any programs.

You can hack Windows which has no application running.

Wow, & how do u do that? cos by default the file & print sharing is enabled in windows only for the same workgroup with disabled public share & no application is running, Plz enlighten us.

You can hack Windows which has no application running.
"No applications" further means that no server application is running i.e no print and file sharing services, no telnet,http,ftp,ssh,daytime,snmp,smtp server etc. How will u even connect to windows then when such kind of applications aren't running?
BTW, "windows" itself is a software. How will u hack windows when windows isn't running?


but what I wanted to say was that you can hack Windows even if it isn't running any programs.
Hmm.....then hacking windows system running all kinds of server apps must be a child's play? Why don't we see Microsoft sites getting hacked each day then?

Please do provide some tutorials as I want to refine my hacking skills so as to "hack Windows which isn't even running any programs." ......i.e to hack an up-to-date windows systems in wateva way u mean!!

For those who are discussing the JavaScript thing. I had read this thing on ITWeek and PCAuthority but I am sorry to say that I have not been able to locate it again. Since I can not mention any sources...I take those words back and apologise if I hurt any feelings. I still stand by what I read though. The vulnerability does involve JavaScript but in lack of sources...it is for every individual to believe what they want.

well as far as i know JAVA n javascript r ENTIRELY different things .

java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .There you go. I did not know the exact difference but I was fairly certain that JAVA and JavaScript are entirely different languages.

And I was also right about the fact that this recent hacks exploits JAVA, not JavaScript. :)

"No applications" further means that no server application is running i.e no print and file sharing services, no telnet,http,ftp,ssh,daytime,snmp,smtp server etc. How will u even connect to windows then when such kind of applications aren't running?
BTW, "windows" itself is a software. How will u hack windows when windows isn't running?

Hmm.....then hacking windows system running all kinds of server apps must be a child's play? Why don't we see Microsoft sites getting hacked each day then?

:D

There you go. I did not know the exact difference but I was fairly certain that JAVA and JavaScript are entirely different languages.

And I was also right about the fact that this recent hacks exploits JAVA, not JavaScript. :)

JAVA Script - Language to call JAVA applets in a web browser or to link those Java applets running in a web browser to external plugins or decoders.

Suppose this is a hack of Javascript, even then Javascript function calls quicktime using JAVA, means if u disable java even then u will be exploited cos quicktime will require this JAVA applet (qtjava) to work.

If it comes to disabling, you can disable anything :D.

JAVA Script - Language to call JAVA applets in a web browser or to link those Java applets running in a web browser to external plugins or decoders.
May i know from where you got this? Cuz this is pure BS.

Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.
Oh boy.. What to say now.. You've left me speechless.. :rolleyes:

Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.

Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there. I am totally dumbfounded by your supreme knowledge. Well I will archive it somewhere so I can recollect this whenever I try to learn java or javascript.

LOL! You won't have to learn both of them individually, mate - because both of them are the same. :lol:

I am totally dumbfounded by your supreme knowledge.And here I was, thinking you'd be used to it by now. I am always confident that I can fall back on certain people on this forum whenever I need the opinion of a genius. :D

May i know from where you got this?I would tell you the source but then I would risk being indecent. Well, here's a hint anyway: that place is not generally used for speech and it is nearer to the brain of the person in question (compared to the mouth)! :lol:

You won't have to learn both of them individually, mate - because both of them are the same.

?


For @all!

So... what is the difference between Java and JavaScript anyway?

They are both similar and quite different depending on how you look at them. First their lineage:

Java is an Object Oriented Programming (OOP) language created by James Gosling of Sun Microsystems. JavaScript was created by the fine people at Netscape. JavaScript is a distant cousin of Java. It is also an OOP language. Many of their programming structures are similar. However, JavaScript contains a much smaller and simpler set of commands than does Java. It is easier for the average weekend warrior to understand.

You may be wondering what OOP means by now. Object Oriented Programming is a relatively new concept, whereas the sum of the parts of a program make up the whole. Think of it this way: you are building a model car. You build the engine first. It can stand alone. It is an engine and everyone can see it's an engine. Next you build the body. It can also stand alone. Finally, you build the interior including the seats, steering wheel, and whatnot. Each, by itself is a object. But it is not a fully functioning car until all the pieces are put together. The sum of the objects (parts) make up the whole.

Continuing with the model car example, when you built the engine, you didn't use any of the parts that would later build the seats (a 350 four-barrel engine with a seat belt sticking out if the piston would look pretty silly). The point is that all the parts that made up the engine were of a certain class of parts. They all went together. Ditto with the body and then the interior.

The point is that in these languages, you build objects out of classes of commands to create the whole. Understand the terminology? Good. Moving along...

Now let's talk about how Java and JavaScript differ.The main difference is that Java can stand on its own while JavaScript must be placed inside an HTML document to function. Java is a much larger and more complicated language that creates "standalone" applications. A Java "applet" (so-called because it is a little application) is a fully contained program. JavaScript is text that is fed into a browser that can read it and then is enacted by the browser.

Another major difference is how the language is presented to the end user (that's you when you're surfing). Java must be compiled into what is known as a "machine language" before it can be run on the Web. Basically what happens is after the programmer writes the Java program and checks it for errors, he or she hands the text over to another computer program that changes the text code into a smaller language. That smaller language is formatted so that it is seen by the computer as a set program with definite beginning and ending points. Nothing can be added to it and nothing can be subtracted without destroying the program.

JavaScript is text-based. You write it to an HTML document and it is run through a browser. You can alter it after it runs and run it again and again. Once the Java is compiled, it is set. Sure, you can go back to the original text and alter it, but then you need to compile again.

Java applets run independent of the HTML document that is calling for them. Sure, they appear on the page, but the HTML document did little more than call for the application and place it. If the programmer allows it, oftentimes parameters can be set by the HTML document. This includes the background color of the applet of the type of text it displays, etc. The delivery of the applet is done through a download. The HTML document calls for the application, it downloads to the user's cache, and waits to run. JavaScript is wholly reliant on the browser to understand it and make it come to life.

So, what are the benefits of using one over the other? There are several. If you can understand Java, it is amazingly versatile. Because of the size and structure of the language, it can be used to create anything from small Web page events to entire databases to full browsers. The program I use to track my advertising banners is Java.

In my opinion, JavaScript's main benefit is that it can be understood by the common human. It is much easier and more robust than Java. It allows for fast creation of Web page events. Many JavaScript commands are what are known as Event Handlers: They can be embedded right into existing HTML commands. JavaScript is a little more forgiving than Java. It allows more freedom in the creation of objects. Java is very rigid and requires all items to be denoted and spelled out. JavaScript allows you to call on an item that already exists, like the status bar or the browser itself, and play with just that part. JavaScript is geared to Web pages. Java is geared toward where it is needed most at the time.

Both will create great Web page events. Both can offer interaction between the user and your Web page. But they are not created equally by any means.

So to answer the question of which to use where... use whichever fits your needs. That sounds like a cop-out answer, but remember that the applets and JavaScript are most often offered on the Net as fully functioning items. You simply grab them from the Net and use them on your page (provided you are given permission). There are many, many sites out there that do nothing more than hand out applets or JavaScript. Gamelan.com is a good one for applets. Take a look at javascripts.com for over 2300 free JavaScript scripts. The HTML Goodies Applet and JavaScript Tutorials will teach you how to implement these items on your pages. They will not teach you to write the languages, but rather instruct you on placing functioning applets and JavaScript scripts on your Web pages. It is a good introduction to the formats. Once you know how to get these pups on your pages, you'll understand more about their structures and can then more easily attempt to learn the language and create functioning JavaScripts or applets yourself.

http://www.htmlgoodies.com/beyond/javascript/article.php/3470971
Google for more to find out!

There are major differences between JAVA and JavaScript and the most important thing, in this context, is that a vulnerability discovered in QuickTime's handling of JAVA does not mean that JavaScript is also affected. Both Mac and Windows users can easily disable JAVA and they will be immune from this exploit.

That said, why should I have to do that! I won't. And Apple had better release a patch for it ASAP, as I am sure they will.

@mediator,
That reply was to a conversation we'd been having for the past few posts and it was a sarcastic comment. I know that JAVA is very different from JavaScript unlike some of the adults among us immature children who have "supreme knowledge".

My reply wasn't specific to u brother. That's why I requested @all to read it and get their confusion cleared out. For a simple thing people r fighting and some r giving their expert opinions! That's why I quoted the whole thing coz first people ask for source and when u give it then they don't even bother to read the links either! :oops: