I agree. For all the blustering of the security researchers, the TV commercials that tout OS X security, the "outrage" of the various Apple bashing websites you'd think SOMEBODY would develop a real nasty varmint just to take the platform down a notch. At this point in time the "not enough market share to matter" argument doesn't hold water anymore. There's something about OS X that makes it real hard to attack successfully.
There a reason for that.
Basically, Mac OS X is *NIX under the hood, with most (if not all) security features turned on in the typical user's (OS X default) installation.
Go ahead and turn off most (or all) of these defaults, surf the net a few days, buy some stuff online, and see what happens!
hmmm, now my function keys on my powerbook don't work
EDIT: Ah ha, com.apple.systempreferences.plist was the culprit
Glad I didn't have that problem! ... One of my Macs was done using Apple Desktop Remote and it is at a colocation site on a T1 and a long drive away. That would have been very nasty for me.
I am happy to report all 7 Macs ranging from G4s, iBooks, MacBooks, Duel G5s and Intel Macs including Server went flawlessly.
Heck of a long shut down during restart procedure I must admit, danger here that some folk panic, fail to wait and force a restart resulting in corrupt files. I very nearly did the first machine I updated.
Any company worth it's salt has a different product development and security department. This is not good news, this is expected performance. It would be shocking if it came out that Apple had drawn engineers away from the security group to work on products. We would all love to see leopard, but for Apple to gain any inroads in the market it is absolutely essential to be _and stay_ the safest commercial OS out there.
That said, the recent delays point out a shortage of qualified key engineers, so Apple had better start hiring actively and buff up its labour pool. It's been said that Apple is quite slow with security updates already compared to Microsoft and competing Linux vendors.
Let's see. Nobody has been able to hack the system. Little if any evidence of security breeches. But boy should Apple get faster updating security problems that don't seem to be happening. Wonder why Microsoft has to do security updates so often. Is it because they are getting issues faster on their Windows that we never get on Macs. Perhaps Apple should restructure OS X like Windows so that they can show how much faster they are at finding security problems.
And "Apple had better start hiring actively and buff up its labour pool." For what? To increase overhead so that they can up their prices to offset the additional cost?
Let's see. Nobody has been able to hack the system. Little if any evidence of security breeches. But boy should Apple get faster updating security problems that don't seem to be happening. Wonder why Microsoft has to do security updates so often. Is it because they are getting issues faster on their Windows that we never get on Macs. Perhaps Apple should restructure OS X like Windows so that they can show how much faster they are at finding security problems.
And "Apple had better start hiring actively and buff up its labour pool." For what? To increase overhead so that they can up their prices to offset the additional cost?
Love the had better attitude.
The mac is not getting hacked at the moment due to a combination of *nix roots and financial motives. It is far, far more profitable to hack a windows ecosystem.
However, mac sales are growing 30% year on year, and we've seen a plethora of stories lately about businesses considering the switch to mac.
If this trend materialises, it is absolutely essential that Apple keep on top of security, since the commercial viability of hacking a mac system will increase along with business uptake of the mac.
I am well aware that there are no current known and/or widespread hacks out there, but the system is not invulnerable, and the appearance of (ahum) invulnerability and hassle-free-maintenance is one of the driving forces between Apple's appeal to the market.
This means strong QA and security departments are a must.
None here - had a funky double-boot, but after that, all was good.
Not sure if this helps.
1. Ran the Update on first Mac (A). Had to double boot. Ran Disk Utility. Ran Verify Disk Permissions. One showed up. Repaired it.
2. Ran Disk Utility on a second Mac (B). Ran Disk Utility. Ran Verify Disk Permissions. One showed up. (Same one as found on Mac (A). Repaired it. Ran the Update. Relaunch quick. No double boot. Reran Disk Verify Disk Permissions. Volume ok.
3. Ran Disk Utility on a third Mac (C). Ran Disk Utility. Ran Verify Disk Permissions. None showed up. Ran the Update. Relaunched quickly. No double boot. Reran Disk Verify Disk Permissions. Volume ok.
Unfortunately, I didn't write down the incorrect permission message.
The mac is not getting hacked at the moment due to a combination of *nix roots and financial motives. It is far, far more profitable to hack a windows ecosystem.
However, mac sales are growing 30% year on year, and we've seen a plethora of stories lately about businesses considering the switch to mac.
If this trend materialises, it is absolutely essential that Apple keep on top of security, since the commercial viability of hacking a mac system will increase along with business uptake of the mac.
I am well aware that there are no current known and/or widespread hacks out there, but the system is not invulnerable, and the appearance of (ahum) invulnerability and hassle-free-maintenance is one of the driving forces between Apple's appeal to the market.
This means strong QA and security departments are a must.
just my opinion.
It has been tried. There is even a reward if somebody can do it. I would imagine that a thousand or so have or are attempting to produce the first one right now.
And if you don't think that Apple is working on security issues 24/7 you are in the wrong forum.
Does anyone know of any for OSX? Trojans, keyloggers, rootkits, adware, or etc?
There are about 30 known bits of malware for OS X that actually appear in the wild, most of which are keyloggers, rootkits, or backdoor/remote control setups. Some of the items have valid uses as well as uses as malware.
...for a list of about 20. They are not, however, widely distributed or well known. In general, they occur only as the result of a manual attack, and if you're specifically being targeted by someone with some expertise, OS X is really not the best solution. It is better than Windows and on par with the average Linux distribution. To stop a determined expert, you really should be running a hardened SELinux setup or OpenBSD or the like.
And if you don't think that Apple is working on security issues 24/7 you are in the wrong forum.
I expressly stated that _I believe_ the mac is safe at the moment, I commented on the fact that it is to be expected that security updates keep coming even in the iphone-era where key engineers are pulled off osX.
What I am saying is that I hope that Apple will learn from the leopard/iphone setback and start recruiting new engineers, because with a 30% annual growth rate the time will come that the mac will be a target. I'd rather see they're ready for that, since their current security bulletins are rather sketchy, and their patches take quite a while to come out.
I say this because I believe that security and ease of maintenance are two of the key succes factors and advantages that Apple has over Microsoft, and these need to be maintained actively.
Don't know, but if you read the rather short article you link to, you'll see that they relaxed the security on the 2nd day after failing the first day!
We'll probably know soon what the relaxed conditions were, I'd expect Apple to respond in either case.
When? Who knows!
Edit - They may have done it wirelessly, using something called KARMA.
Quote:
Dino A. Dai Zovi is a computer security consultant and developer for Matasano Security. Author of numerous papers and presentations on exploitation techniques, 802.11 wireless attacks, and OS kernel security, Dino comes to Matasano from the Attack and Exploitation Team at Bloomberg. Dino's career spans over 7 years and includes key roles at @stake, and the IDART Red Team at Sandia Labs. He has spoken at security conferences including IEEE, DEFCON, CanSecWest, and PACSEC.
Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.
Quote:
According to the security blog Matasano Chargen, Shane Macaulay and Dino Dai Zovi won the contest by gaining shell access to a Mac by pointing the Mac’s Safari browser at a specially-constructed Web page.
Quote:
The prize for the contest was originally one of the Macs. But on Thursday evening, TippingPoint put up the cash award, which may have spurred a wider interest in the contest. According to Matasano Chargen, Macaulay will keep the MacBook while Dai Zovi will pocket the cash prize.
Quote:
The vulnerability won’t be published. 3Com Corp.’s TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.
Personally, I've NEVER opened a email from anyone that, either 1) I don't know directly, or 2) from anyone where I didn't initiate the received email to begin with.
While not quite a non-event, (nasty hole in Safari there), the fact that it required a user to visit a malicious website puts this in an entirely different class of exploit than, say, plugging a pre-SP2 XP box into the LAN and having it compromised in less than 15 minutes just sitting there. (cf, my landlord's PC)
Can't wait for the ill-informed smugness on the intarwebs to start though. Where's Thurrot?
Still, this is bad enough hole that it need plugging ASAP.
While not quite a non-event, (nasty hole in Safari there), the fact that it required a user to visit a malicious website puts this in an entirely different class of exploit than, say, plugging a pre-SP2 XP box into the LAN and having it compromised in less than 15 minutes just sitting there. (cf, my landlord's PC)
Can't wait for the ill-informed smugness on the intarwebs to start though. Where's Thurrot?
Still, this is bad enough hole that it need plugging ASAP.
Yes. The really good news though is no root exploits.
Don't know, but if you read the rather short article you link to, you'll see that they relaxed the security on the 2nd day after failing the first day!
Let us not forget that the attackers were able to concentrate on a specific target which the owners knew was under attack. In spite of the fact that the administrators knew their machine was under attack, they lowered its defenses to make it easier for the attack to succeed. This is the opposite of real life. Hackers generally don't have the luxury of knowing that their efforts can be concentrated on a single target. Instead, they scan the 'Net for all machines hoping to compromise any that they can. Also in real life, administrators don't lower their defenses following a known attack. They raise their defenses. In the worse case, they do nothing. If they had done nothing in this case, then the machine would not have been compromised.
Quote:
Originally Posted by franksargent
We'll probably know soon what the relaxed conditions were, I'd expect Apple to respond in either case.
...
You make an extremely important point. For all we know, they enabled root and gave it an easily obtainable password.
the fact that an exploited mac at a security conference (resulting in free macbooks and $$$) is gaining notoriety tells you something. That something is that it is not easy to do.
Comments
I agree. For all the blustering of the security researchers, the TV commercials that tout OS X security, the "outrage" of the various Apple bashing websites you'd think SOMEBODY would develop a real nasty varmint just to take the platform down a notch. At this point in time the "not enough market share to matter" argument doesn't hold water anymore. There's something about OS X that makes it real hard to attack successfully.
There a reason for that.
Basically, Mac OS X is *NIX under the hood, with most (if not all) security features turned on in the typical user's (OS X default) installation.
Go ahead and turn off most (or all) of these defaults, surf the net a few days, buy some stuff online, and see what happens!
EDIT: Ah ha, com.apple.systempreferences.plist was the culprit
hmmm, now my function keys on my powerbook don't work
EDIT: Ah ha, com.apple.systempreferences.plist was the culprit
Glad I didn't have that problem! ... One of my Macs was done using Apple Desktop Remote and it is at a colocation site on a T1 and a long drive away. That would have been very nasty for me.
I am happy to report all 7 Macs ranging from G4s, iBooks, MacBooks, Duel G5s and Intel Macs including Server went flawlessly.
Heck of a long shut down during restart procedure I must admit, danger here that some folk panic, fail to wait and force a restart resulting in corrupt files. I very nearly did the first machine I updated.
Any company worth it's salt has a different product development and security department. This is not good news, this is expected performance. It would be shocking if it came out that Apple had drawn engineers away from the security group to work on products. We would all love to see leopard, but for Apple to gain any inroads in the market it is absolutely essential to be _and stay_ the safest commercial OS out there.
That said, the recent delays point out a shortage of qualified key engineers, so Apple had better start hiring actively and buff up its labour pool. It's been said that Apple is quite slow with security updates already compared to Microsoft and competing Linux vendors.
Let's see. Nobody has been able to hack the system. Little if any evidence of security breeches. But boy should Apple get faster updating security problems that don't seem to be happening. Wonder why Microsoft has to do security updates so often. Is it because they are getting issues faster on their Windows that we never get on Macs. Perhaps Apple should restructure OS X like Windows so that they can show how much faster they are at finding security problems.
And "Apple had better start hiring actively and buff up its labour pool." For what? To increase overhead so that they can up their prices to offset the additional cost?
Love the had better attitude.
Let's see. Nobody has been able to hack the system. Little if any evidence of security breeches. But boy should Apple get faster updating security problems that don't seem to be happening. Wonder why Microsoft has to do security updates so often. Is it because they are getting issues faster on their Windows that we never get on Macs. Perhaps Apple should restructure OS X like Windows so that they can show how much faster they are at finding security problems.
And "Apple had better start hiring actively and buff up its labour pool." For what? To increase overhead so that they can up their prices to offset the additional cost?
Love the had better attitude.
The mac is not getting hacked at the moment due to a combination of *nix roots and financial motives. It is far, far more profitable to hack a windows ecosystem.
However, mac sales are growing 30% year on year, and we've seen a plethora of stories lately about businesses considering the switch to mac.
If this trend materialises, it is absolutely essential that Apple keep on top of security, since the commercial viability of hacking a mac system will increase along with business uptake of the mac.
I am well aware that there are no current known and/or widespread hacks out there, but the system is not invulnerable, and the appearance of (ahum) invulnerability and hassle-free-maintenance is one of the driving forces between Apple's appeal to the market.
This means strong QA and security departments are a must.
just my opinion.
None here - had a funky double-boot, but after that, all was good.
Not sure if this helps.
1. Ran the Update on first Mac (A). Had to double boot. Ran Disk Utility. Ran Verify Disk Permissions. One showed up. Repaired it.
2. Ran Disk Utility on a second Mac (B). Ran Disk Utility. Ran Verify Disk Permissions. One showed up. (Same one as found on Mac (A). Repaired it. Ran the Update. Relaunch quick. No double boot. Reran Disk Verify Disk Permissions. Volume ok.
3. Ran Disk Utility on a third Mac (C). Ran Disk Utility. Ran Verify Disk Permissions. None showed up. Ran the Update. Relaunched quickly. No double boot. Reran Disk Verify Disk Permissions. Volume ok.
Unfortunately, I didn't write down the incorrect permission message.
The mac is not getting hacked at the moment due to a combination of *nix roots and financial motives. It is far, far more profitable to hack a windows ecosystem.
However, mac sales are growing 30% year on year, and we've seen a plethora of stories lately about businesses considering the switch to mac.
If this trend materialises, it is absolutely essential that Apple keep on top of security, since the commercial viability of hacking a mac system will increase along with business uptake of the mac.
I am well aware that there are no current known and/or widespread hacks out there, but the system is not invulnerable, and the appearance of (ahum) invulnerability and hassle-free-maintenance is one of the driving forces between Apple's appeal to the market.
This means strong QA and security departments are a must.
just my opinion.
It has been tried. There is even a reward if somebody can do it. I would imagine that a thousand or so have or are attempting to produce the first one right now.
And if you don't think that Apple is working on security issues 24/7 you are in the wrong forum.
Does anyone know of any for OSX? Trojans, keyloggers, rootkits, adware, or etc?
There are about 30 known bits of malware for OS X that actually appear in the wild, most of which are keyloggers, rootkits, or backdoor/remote control setups. Some of the items have valid uses as well as uses as malware.
Take a look at:
http://macscan.securemac.com/list.php
...for a list of about 20. They are not, however, widely distributed or well known. In general, they occur only as the result of a manual attack, and if you're specifically being targeted by someone with some expertise, OS X is really not the best solution. It is better than Windows and on par with the average Linux distribution. To stop a determined expert, you really should be running a hardened SELinux setup or OpenBSD or the like.
The double-boot seems to be universal. Occasionally an update will require that--and/or an unusually slow reboot the first time.
I didn't have a double-boot. In fact, I haven't had one for probably the last 7 or 8 updates. (I've had them before though).
I wonder if I should be worried?
- Mark
And if you don't think that Apple is working on security issues 24/7 you are in the wrong forum.
I expressly stated that _I believe_ the mac is safe at the moment, I commented on the fact that it is to be expected that security updates keep coming even in the iphone-era where key engineers are pulled off osX.
What I am saying is that I hope that Apple will learn from the leopard/iphone setback and start recruiting new engineers, because with a 30% annual growth rate the time will come that the mac will be a target. I'd rather see they're ready for that, since their current security bulletins are rather sketchy, and their patches take quite a while to come out.
I say this because I believe that security and ease of maintenance are two of the key succes factors and advantages that Apple has over Microsoft, and these need to be maintained actively.
What I am saying is that I hope that Apple will learn from the leopard/iphone setback and start recruiting new engineers
http://en.wikipedia.org/wiki/The_Mythical_Man-Month
http://en.wikipedia.org/wiki/The_Mythical_Man-Month
Thanks for the link. I have or had that book and somehow it has disappeared from my library. No truer words were spoken.
Incidently, it just doesn't apply to software development. All we have to do is look at government.
Does 2007-4 address this Safari exploit?
Don't know, but if you read the rather short article you link to, you'll see that they relaxed the security on the 2nd day after failing the first day!
We'll probably know soon what the relaxed conditions were, I'd expect Apple to respond in either case.
When? Who knows!
Edit - They may have done it wirelessly, using something called KARMA.
Dino A. Dai Zovi is a computer security consultant and developer for Matasano Security. Author of numerous papers and presentations on exploitation techniques, 802.11 wireless attacks, and OS kernel security, Dino comes to Matasano from the Attack and Exploitation Team at Bloomberg. Dino's career spans over 7 years and includes key roles at @stake, and the IDART Red Team at Sandia Labs. He has spoken at security conferences including IEEE, DEFCON, CanSecWest, and PACSEC.
Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.
According to the security blog Matasano Chargen, Shane Macaulay and Dino Dai Zovi won the contest by gaining shell access to a Mac by pointing the Mac’s Safari browser at a specially-constructed Web page.
The prize for the contest was originally one of the Macs. But on Thursday evening, TippingPoint put up the cash award, which may have spurred a wider interest in the contest. According to Matasano Chargen, Macaulay will keep the MacBook while Dai Zovi will pocket the cash prize.
The vulnerability won’t be published. 3Com Corp.’s TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.
Personally, I've NEVER opened a email from anyone that, either 1) I don't know directly, or 2) from anyone where I didn't initiate the received email to begin with.
Can't wait for the ill-informed smugness on the intarwebs to start though. Where's Thurrot?
Still, this is bad enough hole that it need plugging ASAP.
While not quite a non-event, (nasty hole in Safari there), the fact that it required a user to visit a malicious website puts this in an entirely different class of exploit than, say, plugging a pre-SP2 XP box into the LAN and having it compromised in less than 15 minutes just sitting there. (cf, my landlord's PC)
Can't wait for the ill-informed smugness on the intarwebs to start though. Where's Thurrot?
Still, this is bad enough hole that it need plugging ASAP.
Yes. The really good news though is no root exploits.
Don't know, but if you read the rather short article you link to, you'll see that they relaxed the security on the 2nd day after failing the first day!
Let us not forget that the attackers were able to concentrate on a specific target which the owners knew was under attack. In spite of the fact that the administrators knew their machine was under attack, they lowered its defenses to make it easier for the attack to succeed. This is the opposite of real life. Hackers generally don't have the luxury of knowing that their efforts can be concentrated on a single target. Instead, they scan the 'Net for all machines hoping to compromise any that they can. Also in real life, administrators don't lower their defenses following a known attack. They raise their defenses. In the worse case, they do nothing. If they had done nothing in this case, then the machine would not have been compromised.
We'll probably know soon what the relaxed conditions were, I'd expect Apple to respond in either case.
...
You make an extremely important point. For all we know, they enabled root and gave it an easily obtainable password.
Since installing the update, and rebooting (twice - to see if it made any difference) -- my Dock has disappeared.
Any attempt to show the dock or change the preferences has no effect.
Also, the 'About this Mac' option from the Apple menu no longer displays.
Anyone have any ideas?
try opt+apple key+d