Re: Deer Apple

Chris Bellomy wrote:
xyzzy wrote, On 11/17/09 8:55 AM:
On Nov 16, 8:15 pm, Huck Kennedy <tempeh...@xxxxxxxxx> wrote:
Nowadays, all they say is, "Buy ours,
it won't get a virus or crash!" They never do say what else postitive
they may have to offer besides the not negative.

That's a big positive but it's a self-defeating one. There aren't a
lot of viruses/worms/malware for Macs for the same reason there aren't
a lot of viruses/worms/malware for Lotus Notes -- too small a
footprint for the serious cyber criminals to bother with. If Mac ever
really caught on, you can bet this would change.

This argument is really starting to piss me off. Apache is the
most popular web server application in the world, yet IIS is
the most security-riddled. It's not just a matter of the
installed base. The entire security model is different in a
way that makes compromising a Mac more difficult than owning
a Windows host. It can definitely be done but not nearly as
easily.

cb


I wish you'd expand on the statement "the entire security model is different in a way that makes compromising a Mac more difficult than owning a Windows host". - I think I've made that request before. You realize that in the newer versions of Windows, the default account isn't wide open in terms of permissions, right?

Having said that -

What was the first OS and browser compromised at this year's pwn2own, Chris? In under 2 minutes, IIRC - Mac/Safari is the answer.

"Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative. "

He claimed he went after the MacBook because it was "the easiest".

"Apple had a rough security week. Vista was hacked. And Linux is unhackable. Those takeaways appear to be the consensus view following the Pwn2Own contest but it’s not that simple.

Under the contest rules, organizers offered the Sony Vaio (Ubuntu 7.10), Fujitsu U810 (Vista Ultimate), and the MacBook (OS X 10.5.2) as prizes. Sure, the MacBook fell first at the Pwn2Own contest at CanSecWest last week. And yes, the MacBook was fully patched and still fell. But the odds were strong that the MacBook would have been the first to fall no matter what Apple did.

Why?

Glory. Taking down a MacBook gets the headlines. It’s sexy. It’s a blogger’s dream. The more prominent Apple becomes the more hackers want to attack it. Simply put, security by obscurity isn’t an option for Apple anymore. Why wouldn’t hackers target the MacBook first?

Based on that aforementioned theory MacBook’s fate was sealed.

I reckon that Vista actually had a good week at the Pwn2Own contest. As Nate dutifully noted Vista was hacked, but the rules had to be tweaked and hackers used an Adobe flaw to take the Vista laptop. I’d count that as a moral victory for Microsoft. What’s a hacking contest without a Vista hack?

And that brings me to the Ubuntu laptop. Linux made it out of Pwn2Own unscathed. Does that mean that Ubuntu is unhackable? Not quite. It just means that hackers didn’t see the glory in taking down Ubuntu, which is a small sliver of the desktop OS market. Rest assured, if Pwn2Own ran another day Ubuntu would have stumbled too.

When you see Ubuntu hacked repeatedly you know the Linux OS has hit the big leagues. Vulnerabilities follow success."

http://blogs.zdnet.com/security/?p=995

It's also a more complicated issue than "this OS is more secure than that OS". A Windows box becomes more secure just by running any browser other than Explorer, with it's @#$%ed up ActiveX applet system, for instance.

To a certain degree, it isn't the OS itself that is exploited, it's some service running through that OS.

Cheers.
.

Relevant Pages

  • Re: Deer Apple
    ... He claimed he went after the MacBook because it was "the easiest". ... the MacBook fell first at the Pwn2Own contest at CanSecWest last ... I reckon that Vista actually had a good week at the Pwn2Own contest. ... And that brings me to the Ubuntu laptop. ...
    (rec.sport.football.college)
  • Re: Deer Apple
    ... way that makes compromising a Mac more difficult than owning ... He claimed he went after the MacBook because it was "the easiest". ... the MacBook fell first at the Pwn2Own contest at CanSecWest last ... And that brings me to the Ubuntu laptop. ...
    (rec.sport.football.college)
  • Re: MacBook PRO + Linux
    ... (MacBook PRO + Linux) ... Io vorrei provare e mi hanno consigliato Ubuntu, ... Grazie:) ...
    (it.comp.macintosh)
  • Re: Boot a mac from a USB port?
    ... Hence, trying it again, this time with Ubuntu on a USB. ... hoping to siphon the files off of her Macbook onto the USB drive. ... mac into firewire target mode by holding down the 't' key. ... hard drive directory or run hardware diagnostics. ...
    (comp.sys.mac.misc)