Security experts not surprised the Mac was hacked

[rakeshishere]

April 26, 2007 (Macworld) -- Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division -- and took a lot of Mac users by surprise.


But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.
"Literally any piece of code is going to have vulnerabilities and the Mac is no exception," said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.


Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. "Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them," he said.


Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.
"If a hacker turned their attention to the Mac, it would suffer just as much as Windows," Wagner said. "Attacking the 95 percent of the market gets them more attention."


According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.


However, in light of last week’s proof-of-concept exploit, Mac users shouldn’t worry that hacks are going to start flooding the market. "Just because there has shown to be a hack, that doesn’t mean there will be all kinds of hacks showing up all of a sudden," Wagner said.
Dino Dai Zovi, the man that found the exploit, hopes for a safer operating system for all Mac users. "I hope the increased visibility due to the publicity surrounding this incident causes more people to search for and responsibly report vulnerabilities in the Mac to help make it a safer platform for everyone," he said.


Dai Zovi said he came up with the hack in about nine hours from the time he got the call from his friend Shane Macaulay, who was attending the CanSecWest conference.


"In this instance, breaking into the Mac was not particularly difficult," Dai Zovi said. "I got lucky and stumbled across a reliably exploitable vulnerability rather quickly. In many other times in the past, I have spent much longer looking without finding anything. It often comes down to luck and an intuition for where software weaknesses may lie."


A Mac user since the release of Mac OS X, Dai Zovi has discovered local and remote vulnerabilities affecting Windows, Mac OS X, and Unix operating systems. While modern Unix-based systems like Linux and FreeBSD present the most difficulty for hacking, he praised Apple and Microsoft for the security improvements both companies have made.


"Microsoft has made great strides in improving the security of their codebase and implementing proactive security defenses to make vulnerability exploitation more difficult," Dai Zovi said. "Apple has made some sound design decisions in Mac OS X, such as minimizing the number of default open network services, using non-executable writable memory segments and employing a well designed administrative user authorization system, that are also good security measures."
Dai Zovi said he is not currently working on any new Mac hacks, but he may start working on some new ones when he has some more time.



SOURCE

[anandk]

well, the security expert be damned ! a lot of guys on this forum sure must'v been shocked and embrsd !

v windows guys r used 2 it btw

loved his stmt though : "Literally any piece of code is going to have vulnerabilities..." now y do i get a sense of deja vu ven i read it

[rakeshishere]

@anandk

I did highlight that statement for which u had that feeling...LOL

[shantanu]

yeah same here... this is the truth which no one can change.. nothing is unbreakable.. that MAC users should now understand...

[praka123]

To all of Win fanboys here:
Windows Fans Are Marking Their Territory on Apple

Quote:

Windows Vista Fanboys have taken the Microsoft – Apple face-off at the next level. Here is an example of two Windows users that have succumbed to their most primitive instincts. From where
I'm standing, it looks that the news of Windows Vista running smoothly on Intel-based Mac computers courtesy of Apple's own Boot Camp has gone around. The two Windows fans are only marking the new territory that Windows has taken over Intel powered Mac computers.

The image, posted over at Canoe Live only reads “Ray Majoran and Andrew VanderPloeg leaving their mark on the Apple Store in Chicago. (Ray Majoran/Citizen contributor).” And it is obvious that it has been taken only for humorous purposes and that the two Windows fans depicted only simulate marking their territory.

The same cannot be said for Apple fans. In Toronto Canada, hardcore Apple fans have vandalized a Windows Vista ad by cutting the shape of the Apple logo in the “O” of the Windows Vista slogan the “Wow starts now.” I guess that Ray Majoran and Andrew VanderPloeg managed to prove that what goes around comes around.

Furthermore, the Windows Fanboys's approach falls in the lines of the “Get a Mac” commercials, as long as they are only simulating. But let's be honest. Mac computers are Windows Vista territory now and Apple has no opponent.

The Cupertino company has announced as of last week that the release date of its upcoming Mac OS X operating system Leopard was pushed to October 2007 from this spring. Apple has revealed that it was forced to borrow key developers from leopard in order to wrap up iPhone.

http://news.softpedia.com/news/Windo...go-52518.shtml

[mediator]

Quote:

yeah same here... this is the truth which no one can change.. nothing is unbreakable.. that MAC users should now understand...

Correct! All shud understand that software is developed by humans after all and he is bound to make errors! It depends on how well tested the software is and that governs its security and stability. It also depends on learning from past experiences and perfecting the development. And thats why its no wonder that Unix is called the most secure and stable OS. After all it has been under development, thorough testing and modifications since 1960s.

[aryayush]

And Mac OS X is built on top of that highly secure base, so there.

Quote:

"If a hacker turned their attention to the Mac, it would suffer just as much as Windows," Wagner said. "Attacking the 95 percent of the market gets them more attention."

This Wagner guy is certainly smoking something illegal. The first statement is pure bullshit and the second one is very funny, specially in light of the circumstances.

"If a hacker turned their attention to the Mac, it would suffer just as much as Windows,"... and yet, even after being the second most used operating system in the world, it is not suffering at all. So, according to him, not even a single hacker in this world is trying to hack Mac OS X. Whoa! That almost sounds like hackers respect the platform. Surely some people must be trying to hack Mac OS X. Then how can they explain the fact that there is not even a single virus for Mac OS X in the wild?

As for the second statement, how many such exploits are there on the Internet where opening a malicious web page will exploit a Windows operating system? Lots. How many of you know even one of the people who coded those exploits? Zero. And yet, Mr. Dino Dai Zovi just released a single exploit for Mac OS X and almost everyone who is interested in technology knows about it. That sounds like attention to me - that sounds like a lot of attention.

And as I have said it time and time again, at the end of the day, none of this matters. Mac OS X does not have a single virus out there in the wild, we do not need to run security programs, we do not need to run without administrative privileges - we are using the most secure operating system out there. Who cares for the reasons! It is the end product that matters - and that product is damn fine, thank you very much!

[gxsaurav]

You really don't know who ray wagner is right? Well, what can we expect from a macboy, no respect for any one who says the truth if it against the El Jobso or Mac

[infra_red_dude]

Quote:

Originally Posted by rakeshishere

"If a hacker turned their attention to the Mac, it would suffer just as much as Windows,"Wagner said.

shud be slightly modified. "if hackers turn attention...." mac is not god sent... everything in this world is flawed somewhere or the other. some may haf more flaws.. some may haf less... nothing is perfect!

Quote:

Originally Posted by aryayush

........ being the second most used operating system in the world, it is not suffering at all.

being the second most widely used OS is not the point. the point is, what percentage of users use it!

one point worth mentioning here is that, since *nix OSs are usually open source and community based, there haf been lotsa hacker contributions to the core system. its like a doc defending himself against diseases. its a plus point!

[mediator]

Quote:

mac is not god sent

Looks like u watch "heroes" a lot!

[infra_red_dude]

^^^ hehe.....