Hey, I love Apple. But I don't need these spin pieces by Apple Insider to tell me that Apple is better than Microsoft on security.
And this is pure spin. We are supposed to be happy because Apple issued more patches? If they had issued fewer patches, we would be told it was proof they had fewer flaws.
The fact is, both Apple and Microsoft have vulnerable systems. Apple is safer because it's such a small percentage of the installed base that hackers don't stand to profit much from it. Also, a lot of malware comes from countries where Macs are very expensive and thus rare.
Another reason is that Mac users tend to update their software more. You can find Windows boxes with Windows 95, 98, or Me in many homes even today.
Glad I caught this post before posting mine as it's dead on right. As much as I love the Mac and feel it's more secure I still have to realize that if Mac's owned 90% of the market we'd be seeing much of the same thing Windows users go through. Maybe less, but still much of the same. Attacks are less for a number of reason, but market share is definitely #1.
This reminds me of a really funny quote I read in an article last year I believe from Joe Wilcox of eWeek Microsoft Watch. ?Enterprises should be concerned about rogue browser installations, for reasons I shouldn?t have to state. Safari is fairly new to Windows and has yet to really show that it has can muster the security to withstand the associated attacks. Mac OS X is a quaint neighborhood where little Safari was safe. By comparison, Windows is a gang-ridden ghetto: life is survival, and it?s tough going.?
Now this quote was obviously aimed at Safari being available on Windows and the challenges Apple faces with security, but one can't help think it's much the same when it comes to OS'. So far Apple has been living happily in their quaint little neighborhood where security is great, but intruders and thieves wonder around much less. While Windows has been living in a tough, mean, take what you can however you can ghetto where thieves, hackers, and criminals of all kinds constantly lurk and look for even the smallest exploit.
To me it really all comes down to numbers. Although Apple's Mac OS X probably is more secure... it really hasn't been tested by the masses just yet. If growth continues on this path we just might see it get tested sooner than we once thought. I for one enjoyed being part of a small % of people who used this alternative platform, but as Apple grows so will the "evil" looking to take it down.
Last year, Miller's winning attack on Safari actually targeted the open source Perl Compatible Regular Expressions library used by WebKit?s JavaScript engine, an exploit he also made headlines with for using against the iPhone. Apple's extensive use of open source software makes it far easier for researchers to discover exploits for at their leisure, compared to closed proprietary software. It wasn't Apple's proprietary code in Safari that was cracked.
Come on, So apple dont see what source code is using in OSX... So so lame comentary...
Safari was cracked no matters witch part of it, Safari is a all, incluing the open source library that it use, is Apple responsability to do an review of that code too!
the frustrating part of this annual event is we don't learn in detail exactly what was achieved by the hacker. the website says the target computers are running with out-of-the-box default settings. so the Mac is in its initial Admin user account, which of course makes any attack easier than a Standard user account. Ok, a lot of people run their Macs with admin privileges turned on. but would the attack have worked if not? we don't know. then the attacker was able to install and run something. but what? getting control of the system takes more than adding a widget or something simple like that. would they still have to crack the password too to modify system settings, or did they find some way around that? we don't know.
This is just my opinion, but I do believe the Mac is a safer OS. The Mac was designed from day one to not allow external processes without user intervention. Unlike, Microsoft's unwise attempt, from the beginning, to allow marketing concern to push it's wares to the Windows user base. Microsoft saw a cash cow in serving ads through programs like chat and games et. al. using active X. They allowed developers to run wild over the low level system processes, that it became commonplace, and this is the main reason the Window code base is less secure.
Apple took the closed approach and, when it comes to security, is enjoying the fruits of that decision. For those who believe the Mac platform isn't a large enough target for hackers, you miss a very important human point. The hacker's ego. It's the challenge that drives most extreme sports. I believe if the black hat's could penetrate Mac OSX's defenses easily, they would have by now, just to claim the prize of being King for a Day. Social engineering exploits aside, some system designs are just harder to crack.
Apple chose to keep its system closed and is winning the security argument. Microsoft saw a way to make money and it's paying the price now.
If Charlie Miller gained root access (the claim is that after executing the exploit by clicking a link on a website, he "owned" the computer), Mac OS X is certainly lacking in security.
Even if the account he used had administrator rights, it cannot be used to get access to other accounts on the machine or to install software or to run 'sudo bash' etc. Not without a password, that is.
So this means that at least two security exploits must exist, one in Safari to get hold on the user (or administrator) account, and one to elevate the account to root level.
J.
If it's an exploit in Safari, it's within WebKit, which is open source and thus gives the hacker months upon months of running edge case tests to find any and all exploits.
Now, instead of hardening up Webkit and submitting back to the community he goes to a hackfest to win a laptop. Now that's a real stud.
Fix the exploits and get a job with Apple Engineering. You'll get the laptop you want and paid well.
If it's an exploit in Safari, it's within WebKit, which is open source and thus gives the hacker months upon months of running edge case tests to find any and all exploits.
Now, instead of hardening up Webkit and submitting back to the community he goes to a hackfest to win a laptop. Now that's a real stud.
Fix the exploits and get a job with Apple Engineering. You'll get the laptop you want and paid well.
Conclusion: He's a Moron.
The details of the exploit are not released until apple has patched this exploit. So yes, he is giving back to the community.
Ok, a lot of people run their Macs with admin privileges turned on. but would the attack have worked if not? we don't know. then the attacker was able to install and run something. but what? getting control of the system takes more than adding a widget or something simple like that. would they still have to crack the password too to modify system settings, or did they find some way around that? we don't know.
anyone have the facts?
It doesn't matter what the facts are or if you're in an admin account or anything about cracking passwords. All it takes is being able to run some code outside the sandbox of the browser by clicking on a link (which is what they did).
Simply being able to run code outside the browser is plenty powerful enough ... as in delete all the user's files perhaps? Or if the hacker decides to run a program that pops up a window which looks exactly like Software Update and prompts you to enter an admin username/password ... game over.
You don't have to spend time and money and update virus and malware apps daily. For one those apps update themselves and it's not something you have to spend time on. Second, if you aren't a moron you don't even need them. I run without antivirus and malware protection and have never had a problem.
Antivirus programs are a lesson in hindsight regardless of platform. On the Mac, I use it only to scan my downloads folder for known problems because all anti-virus programs need to be aware of the problem. They're always one step behind. It's not worth using a lot of system resources 24/7 to catch a new virus.
I'm no moron, I do use Little Snitch, because you never know what programs, that call home, are sending. It's amazing how Little Snitch has made me aware of a lot of things going on out of sight without my permission. Using program like these makes me less a moron and more security conscious.
I'm no moron, I do use Little Snitch, because you never know what programs, that call home, are sending. It's amazing how Little Snitch has made me aware of a lot of things going on out of sight without my permission. Using program like these makes me less a moron and more security conscious.
I'm still trying to figure out what my iPhone was doing on my wireless network this morning ... when I have WiFi turned OFF in the system preferences.
OSX has been hacked twice now, two years in a row. In a matter of minutes. That sort of speaks for itself. It's not as secure as you think and there are vulnerabilities that can be exploited.
You can't disprove security through obscurity until the OS is no longer obscure. And you certainly can't do it with opinion pieces.
Neither case was a matter of minutes; he had a prepared exploit before he walked into the contest. There's no telling how long it took him to find the exploit, but it was NOT as if he discovered these exploits within minutes (to say nothing of the fact that he needed to be logged in with admin privileges as others have pointed out). And it was Safari, not OSX.
Your other examples—trojan horses and keylogging—are not real security exploits, either (on either platform). They're idiot-user exploits.
The "security through obscurity" argument is absolute crap because of all the Windows-loving, Mac-bashing trolls that you can see on the internet. Being the first person to REALLY (not like this bullshit) hack Mac OSX would be a badge of fucking honor to a hacker. But where is this all-star Mac-myth-dispelling demigod? Nowhere.
The fact is, it IS more secure, not because people haven't tried to (for instance) write a virus for it, but because they can't do it.
Neither case was a matter of minutes; he had a prepared exploit before he walked into the contest. There's no telling how long it took him to find the exploit, but it was NOT as if he discovered these exploits within minutes (to say nothing of the fact that he needed to be logged in with admin privileges as others have pointed out). And it was Safari, not OSX.
Your other examples—trojan horses and keylogging—are not real security exploits, either (on either platform). They're idiot-user exploits.
The "security through obscurity" argument is absolute crap because of all the Windows-loving, Mac-bashing trolls that you can see on the internet. Being the first person to REALLY (not like this bullshit) hack Mac OSX would be a badge of fucking honor to a hacker. But where is this all-star Mac-myth-dispelling demigod? Nowhere.
The fact is, it IS more obscure, not because people haven't tried, but because they can't do it.
It is a real hack, believe it or not. Safari is installed on all macs. Comes standard with OSX and is the browser most OSX users use. So it is a completely valid hack.
If I found a hack for OSX I wouldn't tell everyone about it. In fact I wouldn't tell anyone about it. I'd let the OSX users carry on with their head in the sand and reap the benefits of my creation.
Yes, you can write a virus for OSX. The trick is getting it on the system with the permission to do it's thing. And as you put it, it would involve idiot users. Which would define a great deal of mac users with a false sense of security.
But then the same thing applies to Vista and 7. The only way to infect them is via a button pushing moron. OSX is no more secure.
He got 10k and a laptop. Seems pretty smart to me.
I responded earlier that 10k and a laptop is pittance compared to a job at Apple Engineering, a laptop and stock.
Conclusion: He's a moron. I can guarantee you his "attitude" has shot any chance for a job inside Apple Corporate. I sure as hell would never hire such a person.
I responded earlier that 10k and a laptop is pittance compared to a job at Apple Engineering, a laptop and stock.
Conclusion: He's a moron.
You assume he would even be offered a job at apple. Or that the job he has now isn't better. Just because you find an exploit doesn't mean you get a job.
Simply being able to run code outside the browser is plenty powerful enough ... as in delete all the user's files perhaps? Or if the hacker decides to run a program that pops up a window which looks exactly like Software Update and prompts you to enter an admin username/password ... game over.
Well, in Windows I take care of this kind of thing by using a unique color scheme. Any time I see a dialog with the standard blue scheme, I know it's fake.
On the Mac I don't really have simple, obvious way of doing the same thing. Still, I've been using computers for a long time, and you can usually tell something is off, not quite right with these sorts of social engineering exploits.
You assume he would even be offered a job at apple. Or that the job he has now isn't better. Just because you find an exploit doesn't mean you get a job.
Not only that, since his identity isn't exactly a secret, Apple could offer him a job without him asking for it. If they don't, he has no obligation whatsoever to give Apple, or anybody else, the product of his work for free.
Amazing how using hard-earned knowledge to obtain something in return makes you a moron in the eyes of some people.
Winblows was also hacked, and I believe that new Winblows in particular, the one that tries to be an upside-down, ass-bakwards copy of OS X. Again. It's the allegedly fixed version of Vista. LOL, we'll see.
Besides, if you have to click on a link, the whole challenge is auto-FAIL.
And for those of us that are a bit worried . . .
WINDOWS VIRUSES/MALWARE (but just the appetizer menu):
Windows PC worm infection numbers skyrocket; Macintosh unaffected - January 19, 2009
Dangerous new sleeper virus exposes millions of Windows PCs to hijack; Macintosh unaffected - January 16, 2009
Zero-day attack targets all versions of Internet Explorer; Mac users unaffected - December 12, 2008
Windows worm loose on International Space Station; Mac-using astronauts unaffected - August 27, 2008
Microsoft inflicts Internet Explorer 8 Beta; Mac users unaffected - March 05, 2008
Gathering ?Storm? superworm poses grave threat to Windows PCs; Apple Macs unaffected - October 19, 2007
Windows virus cripples Florida newspaper; Mac-based publishers unaffected - March 02, 2007
Insidious Windows virus threatens business networks worldwide; Macintosh unaffected - March 01, 2007
Windows ?Storm Worm? rages across globe; Apple Macintosh unaffected - January 19, 2007
Sony, Gracenote sound alarm over Microsoft flaw; Macintosh unaffected - September 19, 2006
PowerPoint zero-day attack compromises data in infected Windows PCs; Mac OS X unaffected - July 21, 2006
Windows PC users infected with worm face loss of all Microsoft, Adobe files; Mac users unaffected - January 31, 2006
Microsoft Windows? Zero-Day WMF flaw threats widespread; Macintosh unaffected - December 29, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected - November 28, 2005
Windows users fall victim to huge ID theft ring, 50 banks in danger; Apple Mac users unaffected - August 25, 2005
Quickly spreading Microsoft Windows worm affects CNN, ABC, NY Times; Apple Macintosh unaffected - August 16, 2005
?Zotob? worm rapidly infects Microsoft Windows; Macintosh unaffected - August 15, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs - June 15, 2005
Microsoft warns of critical Windows flaws; unaffected Mac users just continue working - June 15, 2005
Michael Jackson suicide spam hides Windows virus; Macintosh unaffected - June 10, 2005
Windows Sober.p poised to attack this Monday; Macintosh unaffected - May 21, 2005
Microsoft Windows Sober.P worm shows ?epidemic? spread; Macintosh unaffected - May 03, 2005
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected - December 28, 2004
Windows Mydoom worm variant spreading in the wild; Macintosh unaffected - November 09, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected - September 13, 2004
Millions of Windows PC?s hijacked by hackers, turned into zombies; Macintosh unaffected - September 08, 2004
Windows ?Zindos? virus spreads, attacks Microsoft.com; Macintosh unaffected - July 29, 2004
New Windows Bagle virus variants spread; Macintosh unaffected - July 16, 2004
Windows Lovegate worm variant renders computers useless; Macintosh unaffected - July 08, 2004
Windows Scob virus collects passwords, financial data; Macintosh unaffected - July 05, 2004
Windows ?Scob? virus designed to steal financial data, passwords; Macintosh unaffected - June 26, 2004
Windows users warned of infectious Web sites that take over computers; Mac users unaffected - June 25, 2004
Windows Korgo virus ?aggressively stealing? credit card numbers; Macintosh unaffected - June 04, 2004
First Windows 64-bit virus appears; Macintosh unaffected - May 27, 2004
Windows Wallon virus wipes out Microsoft Media Player on infected PCs; Macintosh unaffected - May 12, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected - May 04, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected - May 04, 2004
Windows Sasser net worm spreading rapidly; Macintosh unaffected - May 03, 2004
Sen. Edward Kennedy?s Apple Mac-based office totally unaffected by viruses - March 22, 2004
Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected - March 19, 2004
Windows worm, virus outbreaks intensify; Macintosh unaffected - March 03, 2004
Destructive MyDoom.F virus deletes Windows users? files; Macintosh unaffected - March 01, 2004
Netsky-D Windows worm spreading; Macintosh unaffected - March 01, 2004
Windows users suffer five new Bagle worm variants; Macintosh unaffected - March 01, 2004
New MyDoom Windows worm deletes random files; Macintosh unaffected - February 25, 2004
Windows NetSky e-mail worm spreading; Macintosh unaffected - February 18, 2004
Windows virus ?Bagle.B? spreading; Macintosh unaffected - February 17, 2004
?Doomjuice? worm emerges, targets Microsoft; Macintosh unaffected - February 10, 2004
New version of Mydoom Windows virus appears, attacks Microsoft; Macintosh unaffected - January 28, 2004
Latest Windows virus ?MyDoom? sets new infection records worldwide; Macintosh unaffected - January 27, 2004
?MyDoom? Windows virus spreads rapidly; Macintosh unaffected - January 26, 2004
New Windows worm spreading ?hard and fast? worldwide; Macintosh unaffected - January 19, 2004
Florida students patch 360 PCs in marathon session due to Blaster virus; their Macs unaffected - October 01, 2003
Pennsylvania school district?s PCs infected with virus; their Macs unaffected - October 01, 2003
New ?Swen worm? masquerades as Windows Security Update; Macintosh unaffected - September 19, 2003
University of Illinois still patching all Windows machines; Macintosh unaffected - September 05, 2003
Montana school district?s Windows computers offline due to worm; Macintosh computers unaffected - September 03, 2003
A tale of two school systems: Windows schools crippled while Mac schools unaffected - August 21, 2003
SoBig virus variant rapidly inflecting Windows machines; Macintosh unaffected - August 19, 2003
Windows Blaster worm to attack Microsoft on Saturday; Macintosh unaffected - August 13, 2003
MBlast Worm spreads through flaw in Windows; Macintosh unaffected - August 11, 2003
Hackers hijack Windows PCs for porn serving; Macintosh unaffected - July 11, 2003
Palyh Worm strikes Windows users worldwide; Macintosh unaffected - May 19, 2003
Microsoft bug exposes millions to attack; Macintosh unaffected - November 20, 2002
Don't worry, it's only a partial list. There's thousands more where that came from.
OS X VIRUSES/MALWARE IN THE WILD:
Like 2. Maybe. In over 7 years. But make sure to click on the obvious links, though, otherwise nothing will happen. With OS X, "infection" is a two-way street. You need to put in the effort!
That's really all we need to know.
Why would you think anyone would give a shit about the opinion of someone who says "winblows" twice in one sentence?
Comments
Hey, I love Apple. But I don't need these spin pieces by Apple Insider to tell me that Apple is better than Microsoft on security.
And this is pure spin. We are supposed to be happy because Apple issued more patches? If they had issued fewer patches, we would be told it was proof they had fewer flaws.
The fact is, both Apple and Microsoft have vulnerable systems. Apple is safer because it's such a small percentage of the installed base that hackers don't stand to profit much from it. Also, a lot of malware comes from countries where Macs are very expensive and thus rare.
Another reason is that Mac users tend to update their software more. You can find Windows boxes with Windows 95, 98, or Me in many homes even today.
Glad I caught this post before posting mine as it's dead on right. As much as I love the Mac and feel it's more secure I still have to realize that if Mac's owned 90% of the market we'd be seeing much of the same thing Windows users go through. Maybe less, but still much of the same. Attacks are less for a number of reason, but market share is definitely #1.
This reminds me of a really funny quote I read in an article last year I believe from Joe Wilcox of eWeek Microsoft Watch. ?Enterprises should be concerned about rogue browser installations, for reasons I shouldn?t have to state. Safari is fairly new to Windows and has yet to really show that it has can muster the security to withstand the associated attacks. Mac OS X is a quaint neighborhood where little Safari was safe. By comparison, Windows is a gang-ridden ghetto: life is survival, and it?s tough going.?
Now this quote was obviously aimed at Safari being available on Windows and the challenges Apple faces with security, but one can't help think it's much the same when it comes to OS'. So far Apple has been living happily in their quaint little neighborhood where security is great, but intruders and thieves wonder around much less. While Windows has been living in a tough, mean, take what you can however you can ghetto where thieves, hackers, and criminals of all kinds constantly lurk and look for even the smallest exploit.
To me it really all comes down to numbers. Although Apple's Mac OS X probably is more secure... it really hasn't been tested by the masses just yet. If growth continues on this path we just might see it get tested sooner than we once thought. I for one enjoyed being part of a small % of people who used this alternative platform, but as Apple grows so will the "evil" looking to take it down.
Come on, So apple dont see what source code is using in OSX... So so lame comentary...
Safari was cracked no matters witch part of it, Safari is a all, incluing the open source library that it use, is Apple responsability to do an review of that code too!
anyone have the facts?
Apple took the closed approach and, when it comes to security, is enjoying the fruits of that decision. For those who believe the Mac platform isn't a large enough target for hackers, you miss a very important human point. The hacker's ego. It's the challenge that drives most extreme sports. I believe if the black hat's could penetrate Mac OSX's defenses easily, they would have by now, just to claim the prize of being King for a Day. Social engineering exploits aside, some system designs are just harder to crack.
Apple chose to keep its system closed and is winning the security argument. Microsoft saw a way to make money and it's paying the price now.
If Charlie Miller gained root access (the claim is that after executing the exploit by clicking a link on a website, he "owned" the computer), Mac OS X is certainly lacking in security.
Even if the account he used had administrator rights, it cannot be used to get access to other accounts on the machine or to install software or to run 'sudo bash' etc. Not without a password, that is.
So this means that at least two security exploits must exist, one in Safari to get hold on the user (or administrator) account, and one to elevate the account to root level.
J.
If it's an exploit in Safari, it's within WebKit, which is open source and thus gives the hacker months upon months of running edge case tests to find any and all exploits.
Now, instead of hardening up Webkit and submitting back to the community he goes to a hackfest to win a laptop. Now that's a real stud.
Fix the exploits and get a job with Apple Engineering. You'll get the laptop you want and paid well.
Conclusion: He's a Moron.
If it's an exploit in Safari, it's within WebKit, which is open source and thus gives the hacker months upon months of running edge case tests to find any and all exploits.
Now, instead of hardening up Webkit and submitting back to the community he goes to a hackfest to win a laptop. Now that's a real stud.
Fix the exploits and get a job with Apple Engineering. You'll get the laptop you want and paid well.
Conclusion: He's a Moron.
The details of the exploit are not released until apple has patched this exploit. So yes, he is giving back to the community.
Ok, a lot of people run their Macs with admin privileges turned on. but would the attack have worked if not? we don't know. then the attacker was able to install and run something. but what? getting control of the system takes more than adding a widget or something simple like that. would they still have to crack the password too to modify system settings, or did they find some way around that? we don't know.
anyone have the facts?
It doesn't matter what the facts are or if you're in an admin account or anything about cracking passwords. All it takes is being able to run some code outside the sandbox of the browser by clicking on a link (which is what they did).
Simply being able to run code outside the browser is plenty powerful enough ... as in delete all the user's files perhaps? Or if the hacker decides to run a program that pops up a window which looks exactly like Software Update and prompts you to enter an admin username/password ... game over.
You don't have to spend time and money and update virus and malware apps daily. For one those apps update themselves and it's not something you have to spend time on. Second, if you aren't a moron you don't even need them. I run without antivirus and malware protection and have never had a problem.
Antivirus programs are a lesson in hindsight regardless of platform. On the Mac, I use it only to scan my downloads folder for known problems because all anti-virus programs need to be aware of the problem. They're always one step behind. It's not worth using a lot of system resources 24/7 to catch a new virus.
I'm no moron, I do use Little Snitch, because you never know what programs, that call home, are sending. It's amazing how Little Snitch has made me aware of a lot of things going on out of sight without my permission. Using program like these makes me less a moron and more security conscious.
The details of the exploit are not released until apple has patched this exploit. So yes, he is giving back to the community.
It's been an "exploit" for months. Instead of furthering a career he targeted a hack fest, 10k and a laptop.
Conclusion: He's a moron.
I'm no moron, I do use Little Snitch, because you never know what programs, that call home, are sending. It's amazing how Little Snitch has made me aware of a lot of things going on out of sight without my permission. Using program like these makes me less a moron and more security conscious.
I'm still trying to figure out what my iPhone was doing on my wireless network this morning ... when I have WiFi turned OFF in the system preferences.
It's been an "exploit" for months. Instead of furthering a career he targeted a hack fest, 10k and a laptop.
Conclusion: He's a moron.
He got 10k and a laptop. Seems pretty smart to me.
OSX has been hacked twice now, two years in a row. In a matter of minutes. That sort of speaks for itself. It's not as secure as you think and there are vulnerabilities that can be exploited.
You can't disprove security through obscurity until the OS is no longer obscure. And you certainly can't do it with opinion pieces.
Neither case was a matter of minutes; he had a prepared exploit before he walked into the contest. There's no telling how long it took him to find the exploit, but it was NOT as if he discovered these exploits within minutes (to say nothing of the fact that he needed to be logged in with admin privileges as others have pointed out). And it was Safari, not OSX.
Your other examples—trojan horses and keylogging—are not real security exploits, either (on either platform). They're idiot-user exploits.
The "security through obscurity" argument is absolute crap because of all the Windows-loving, Mac-bashing trolls that you can see on the internet. Being the first person to REALLY (not like this bullshit) hack Mac OSX would be a badge of fucking honor to a hacker. But where is this all-star Mac-myth-dispelling demigod? Nowhere.
The fact is, it IS more secure, not because people haven't tried to (for instance) write a virus for it, but because they can't do it.
Neither case was a matter of minutes; he had a prepared exploit before he walked into the contest. There's no telling how long it took him to find the exploit, but it was NOT as if he discovered these exploits within minutes (to say nothing of the fact that he needed to be logged in with admin privileges as others have pointed out). And it was Safari, not OSX.
Your other examples—trojan horses and keylogging—are not real security exploits, either (on either platform). They're idiot-user exploits.
The "security through obscurity" argument is absolute crap because of all the Windows-loving, Mac-bashing trolls that you can see on the internet. Being the first person to REALLY (not like this bullshit) hack Mac OSX would be a badge of fucking honor to a hacker. But where is this all-star Mac-myth-dispelling demigod? Nowhere.
The fact is, it IS more obscure, not because people haven't tried, but because they can't do it.
It is a real hack, believe it or not. Safari is installed on all macs. Comes standard with OSX and is the browser most OSX users use. So it is a completely valid hack.
If I found a hack for OSX I wouldn't tell everyone about it. In fact I wouldn't tell anyone about it. I'd let the OSX users carry on with their head in the sand and reap the benefits of my creation.
Yes, you can write a virus for OSX. The trick is getting it on the system with the permission to do it's thing. And as you put it, it would involve idiot users. Which would define a great deal of mac users with a false sense of security.
But then the same thing applies to Vista and 7. The only way to infect them is via a button pushing moron. OSX is no more secure.
He got 10k and a laptop. Seems pretty smart to me.
I responded earlier that 10k and a laptop is pittance compared to a job at Apple Engineering, a laptop and stock.
Conclusion: He's a moron. I can guarantee you his "attitude" has shot any chance for a job inside Apple Corporate. I sure as hell would never hire such a person.
I responded earlier that 10k and a laptop is pittance compared to a job at Apple Engineering, a laptop and stock.
Conclusion: He's a moron.
You assume he would even be offered a job at apple. Or that the job he has now isn't better. Just because you find an exploit doesn't mean you get a job.
Simply being able to run code outside the browser is plenty powerful enough ... as in delete all the user's files perhaps? Or if the hacker decides to run a program that pops up a window which looks exactly like Software Update and prompts you to enter an admin username/password ... game over.
Well, in Windows I take care of this kind of thing by using a unique color scheme. Any time I see a dialog with the standard blue scheme, I know it's fake.
On the Mac I don't really have simple, obvious way of doing the same thing. Still, I've been using computers for a long time, and you can usually tell something is off, not quite right with these sorts of social engineering exploits.
You assume he would even be offered a job at apple. Or that the job he has now isn't better. Just because you find an exploit doesn't mean you get a job.
Not only that, since his identity isn't exactly a secret, Apple could offer him a job without him asking for it. If they don't, he has no obligation whatsoever to give Apple, or anybody else, the product of his work for free.
Amazing how using hard-earned knowledge to obtain something in return makes you a moron in the eyes of some people.
Winblows was also hacked, and I believe that new Winblows in particular, the one that tries to be an upside-down, ass-bakwards copy of OS X. Again. It's the allegedly fixed version of Vista. LOL, we'll see.
Besides, if you have to click on a link, the whole challenge is auto-FAIL.
And for those of us that are a bit worried . . .
WINDOWS VIRUSES/MALWARE (but just the appetizer menu):
Windows PC worm infection numbers skyrocket; Macintosh unaffected - January 19, 2009
Dangerous new sleeper virus exposes millions of Windows PCs to hijack; Macintosh unaffected - January 16, 2009
Zero-day attack targets all versions of Internet Explorer; Mac users unaffected - December 12, 2008
Windows worm loose on International Space Station; Mac-using astronauts unaffected - August 27, 2008
Microsoft inflicts Internet Explorer 8 Beta; Mac users unaffected - March 05, 2008
Gathering ?Storm? superworm poses grave threat to Windows PCs; Apple Macs unaffected - October 19, 2007
Windows virus cripples Florida newspaper; Mac-based publishers unaffected - March 02, 2007
Insidious Windows virus threatens business networks worldwide; Macintosh unaffected - March 01, 2007
Windows ?Storm Worm? rages across globe; Apple Macintosh unaffected - January 19, 2007
Sony, Gracenote sound alarm over Microsoft flaw; Macintosh unaffected - September 19, 2006
PowerPoint zero-day attack compromises data in infected Windows PCs; Mac OS X unaffected - July 21, 2006
Windows PC users infected with worm face loss of all Microsoft, Adobe files; Mac users unaffected - January 31, 2006
Microsoft Windows? Zero-Day WMF flaw threats widespread; Macintosh unaffected - December 29, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected - November 28, 2005
Windows users fall victim to huge ID theft ring, 50 banks in danger; Apple Mac users unaffected - August 25, 2005
Quickly spreading Microsoft Windows worm affects CNN, ABC, NY Times; Apple Macintosh unaffected - August 16, 2005
?Zotob? worm rapidly infects Microsoft Windows; Macintosh unaffected - August 15, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs - June 15, 2005
Microsoft warns of critical Windows flaws; unaffected Mac users just continue working - June 15, 2005
Michael Jackson suicide spam hides Windows virus; Macintosh unaffected - June 10, 2005
Windows Sober.p poised to attack this Monday; Macintosh unaffected - May 21, 2005
Microsoft Windows Sober.P worm shows ?epidemic? spread; Macintosh unaffected - May 03, 2005
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected - December 28, 2004
Windows Mydoom worm variant spreading in the wild; Macintosh unaffected - November 09, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected - September 13, 2004
Millions of Windows PC?s hijacked by hackers, turned into zombies; Macintosh unaffected - September 08, 2004
Windows ?Zindos? virus spreads, attacks Microsoft.com; Macintosh unaffected - July 29, 2004
New Windows Bagle virus variants spread; Macintosh unaffected - July 16, 2004
Windows Lovegate worm variant renders computers useless; Macintosh unaffected - July 08, 2004
Windows Scob virus collects passwords, financial data; Macintosh unaffected - July 05, 2004
Windows ?Scob? virus designed to steal financial data, passwords; Macintosh unaffected - June 26, 2004
Windows users warned of infectious Web sites that take over computers; Mac users unaffected - June 25, 2004
Windows Korgo virus ?aggressively stealing? credit card numbers; Macintosh unaffected - June 04, 2004
First Windows 64-bit virus appears; Macintosh unaffected - May 27, 2004
Windows Wallon virus wipes out Microsoft Media Player on infected PCs; Macintosh unaffected - May 12, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected - May 04, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected - May 04, 2004
Windows Sasser net worm spreading rapidly; Macintosh unaffected - May 03, 2004
Sen. Edward Kennedy?s Apple Mac-based office totally unaffected by viruses - March 22, 2004
Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected - March 19, 2004
Windows worm, virus outbreaks intensify; Macintosh unaffected - March 03, 2004
Destructive MyDoom.F virus deletes Windows users? files; Macintosh unaffected - March 01, 2004
Netsky-D Windows worm spreading; Macintosh unaffected - March 01, 2004
Windows users suffer five new Bagle worm variants; Macintosh unaffected - March 01, 2004
New MyDoom Windows worm deletes random files; Macintosh unaffected - February 25, 2004
Windows NetSky e-mail worm spreading; Macintosh unaffected - February 18, 2004
Windows virus ?Bagle.B? spreading; Macintosh unaffected - February 17, 2004
?Doomjuice? worm emerges, targets Microsoft; Macintosh unaffected - February 10, 2004
New version of Mydoom Windows virus appears, attacks Microsoft; Macintosh unaffected - January 28, 2004
Latest Windows virus ?MyDoom? sets new infection records worldwide; Macintosh unaffected - January 27, 2004
?MyDoom? Windows virus spreads rapidly; Macintosh unaffected - January 26, 2004
New Windows worm spreading ?hard and fast? worldwide; Macintosh unaffected - January 19, 2004
Florida students patch 360 PCs in marathon session due to Blaster virus; their Macs unaffected - October 01, 2003
Pennsylvania school district?s PCs infected with virus; their Macs unaffected - October 01, 2003
New ?Swen worm? masquerades as Windows Security Update; Macintosh unaffected - September 19, 2003
University of Illinois still patching all Windows machines; Macintosh unaffected - September 05, 2003
Montana school district?s Windows computers offline due to worm; Macintosh computers unaffected - September 03, 2003
A tale of two school systems: Windows schools crippled while Mac schools unaffected - August 21, 2003
SoBig virus variant rapidly inflecting Windows machines; Macintosh unaffected - August 19, 2003
Windows Blaster worm to attack Microsoft on Saturday; Macintosh unaffected - August 13, 2003
MBlast Worm spreads through flaw in Windows; Macintosh unaffected - August 11, 2003
Hackers hijack Windows PCs for porn serving; Macintosh unaffected - July 11, 2003
Palyh Worm strikes Windows users worldwide; Macintosh unaffected - May 19, 2003
Microsoft bug exposes millions to attack; Macintosh unaffected - November 20, 2002
Don't worry, it's only a partial list. There's thousands more where that came from.
OS X VIRUSES/MALWARE IN THE WILD:
Like 2. Maybe. In over 7 years. But make sure to click on the obvious links, though, otherwise nothing will happen. With OS X, "infection" is a two-way street. You need to put in the effort!
That's really all we need to know.
Why would you think anyone would give a shit about the opinion of someone who says "winblows" twice in one sentence?
I sure as hell would never hire such a person.
I'm sure he's losing sleep about it...