Hmmm...
Paul Richards
On Oct 23, 2009, at 1:35 PM, Sallie Bailey wrote:
> From the Nov. issue of Discover magazine.
I hate it when people say a Mac is hack-proof. Nothing is hack-proof.
Vulnerabilities exist because humans are not fool-proof. That doesn't
mean that a Mac isn't a good step in keeping secure. That same contest
also took down Internet Explorer 8 on Windows 7, as well as Firefox.
Paul Richards
Ambassador
Syracuse Macintosh Users Group
Syracuse, NY, USA
http://www.iSMUG.com
Paul Richards
On Oct 23, 2009, at 1:54 PM, Paul Richards wrote:
> That same contest also took down Internet Explorer 8 on Windows 7,
> as well as Firefox.
I would also like to add that the rules of the contest call for the
user to click on a link in each case in order to activate the hacks.
This is still largely an exploit of social engineering - taking
advantage of human weakness. The real lesson here is not that one
browser is better than another, but that everyone should use a big
dose of common sense in their use of the Internet.
Sallie Bailey
Cheers - Sallie
derekcurrie.deluxe
On Oct 23, 2009, at 10/23,2:40 PM, Paul Richards wrote:
> On Oct 23, 2009, at 1:54 PM, Paul Richards wrote:
>
>> That same contest also took down Internet Explorer 8 on Windows 7,
>> as well as Firefox.
>
>
> I would also like to add that the rules of the contest call for the
> user to click on a link in each case in order to activate the hacks.
> This is still largely an exploit of social engineering - taking
> advantage of human weakness. The real lesson here is not that one
> browser is better than another, but that everyone should use a big
> dose of common sense in their use of the Internet.
Added trivia:
There are a few master hackers in the Mac community. They all tend to
circle around Dr. Charlie Miller, who is probably the expert. He and
another fellow published a fairly malicious book about how to hack Mac
OS X this past March. I have a copy. They make it quite clear that the
Mac is NOT hack proof and that anyone who dared say so is a blithering
idiot.
Personally, I've never read or heard anyone say the Mac was
'invulnerable' except newbies and bad tech journalists like Enderle
who like to invent straw men they can knock down via their trolling
skills.
Paul, you nailed it on the head when you pointed out the need for
social engineering in order to 'crack a Mac'. None of the cracking
contests were successful in cracking Mac OS X itself unless a 'luser'
was able to access the Mac and let the cracker in by way of some
insecure procedure. To support this situation, we still find to this
day, 4 full years after the anti-Mac FUD era began, that there are
only Trojan horses for Mac. There are no other Mac malware, period.
Nonetheless, there have been proof-of-concept cracks in some Mac OS X
software. And sadly, there have been plenty of proven cracks in
QuickTime as well as Apple's implementations of Java and the
catastrophe known as JavaScript (aka Live Script and JScript), which
is a security risk no matter what computer OS you are using. If you
want to pick out one Apple technology that has a very bad security
reputation, it's QuickTime. For example, in December 2006 there was a
very bad QuickTime worm that infected a huge portion of MySpace.
Technically QuickTime is not part of "Mac OS X" per se, as Apple
provide it for Windows as well. If you search through Apple's security
updates over the last 4 years you'll find that the 'Biggest Loser' has
consistently been QuickTime. This is one reason Apple are in the
process of giving it a complete overhaul. We have seen the first steps
in their implementation of QuickTime X. Hopefully this coming year
Apple will finish QuickTime X and we will have a full and completely
safe implementation. Until then, the best thing to do is to keep up-to-
date with QuickTime updates.
Share and Enjoy,
:-Derek
===================
Derek Currie
derek...@mac.com
===================
http://Mac-Security.blogspot.com
http://MacSmarticles.blogspot.com