If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Shane Macaulay and Dino Dai Zovi, a software engineer and security researcher taking part in the brilliantly named "PWN to Own" Hack-a-Mac contest at the CanSecWest conference in Vancouver, managed to hack into and take control of a MacBook by finding a security exploit that takes advantage of an open Safari browser window. Shane and his teammate Dino won the prize of a brand new MacBook -- presumably loaded with Firefox or some other browser variant -- for managing to find the hole on the second and final day of the contest. The hack wasn't exactly a breeze, since the pair admitted to a total of 9 hours in order to find and exploit the weakness. Apple has patched OS X four times over the last year to fix dozens of security updates, and only regurgitated the corporate line when asked for comment on this particular vulnerability. ("Apple takes security very seriously", well duh!) Even with the recent arousal of interest in Mac OS security, the world has yet to see any kind of exploit released into the wild world web; when / if one does, we'd probably expect the most damaging exploit to use good ol' social engineering rather than a complicated hack like this. Still, Mac users should take some form of satisfaction from knowing that the issue of Mac security is being investigated, rather than being taken for granted.
Shane Macaulay and Dino Dai Zovi, a software engineer and security researcher taking part in the brilliantly named "PWN to Own" Hack-a-Mac contest at the CanSecWest conference in Vancouver, managed to hack into and take control of a MacBook by finding a security exploit that takes advantage of an open Safari browser window
Jib says:
he isnt worth the water that splashes up into your asshole while you're shitting
Originally posted by ace_dl
Guys and Gals, I have to hurry/leaving for short-term vacations.
I won't be back until next Tuesday, so if Get Carter is the correct answer, I would appreciate of someone else posts a new cap for me
i think its really only a matter of time before mac becomes like pcs, as more macs appear on the scene the hacker "trade" will start to focus on exploits in a mac, the thing that gets me about it is that its not already happening at the present time
Yeah I always laugh if the Mac or Linux users I know tell me how stable and secure their computers are and how safe their OS is. Get a market share of over 90% and the hackers will show you how safe they really are......hackers look for the most impact and will always target an OS that is used most.
here a little more light on the subject. egadget is a little skewed and highly biased. They have no idea what is going on half the time. I highlighted the important information
The conference and contest took place between April 18-20th in Vancouver, British Columbia:
CanSecWest organizers will set up the MacBooks with their own access point and all security updates installed, but without additional security software or settings. Attendees will be able to connect to the machines via the access point through Ethernet or Wi-Fi, according to the CanSecWest Web site.
As originally planned, the rules for the hack a mac contest were relaxed on Friday after nobody had won the contest on the previous days. In the relaxed set of rules, a URL was provided that exposed Safari to a "specially-constructed Web page" which allowed the hacker to gain shell access to the MacBook.
The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Di Zovie used it to open a back door that gave him access to anything on the computer, Comeau said.
According to Matasano, Apple's most recent Security update does not address this specific issue with Safari.
Yeah I always laugh if the Mac or Linux users I know tell me how stable and secure their computers are and how safe their OS is. Get a market share of over 90% and the hackers will show you how safe they really are......hackers look for the most impact and will always target an OS that is used most.
exactly and for all we know the mac OS hasnt really been exploited by the worlds "best" in the way in which windows has for example and tbh i think that day has been a long time coming, for a hacker the most important thing is gain from the things they are doing and the gains are still the same on a mac OS as they are in windows if u take for example credit card fraud or something similar, tbh i think mac are being a little nieve about the whole security of macs in general as i'm thinking that there will be a day where someone will exploit it the the amount that mac will have to develope security things to combat it and by then it will be too late as windows is already 40 steps infront of them
Yeah I always laugh if the Mac or Linux users I know tell me how stable and secure their computers are and how safe their OS is. Get a market share of over 90% and the hackers will show you how safe they really are......hackers look for the most impact and will always target an OS that is used most.
Sorry, but linux *is* a secure os. They don't come much more secure than that.
"If not for Josh Wink, Sasha wouldn't own any Acid except for the paper stuff he dopes chicks with at clubs." - Jenks, 2004
^^ Exactly - OS10 / Tiger / Leopard are all built on a Linux Shell and Linux has been around as long as any Windows based OS - but you never see spyware / adware / etc. etc. killing off a Linux OS like you see windows drop to its knees just cause you visited www.infectme.com
Jib says:
he isnt worth the water that splashes up into your asshole while you're shitting
Originally posted by ace_dl
Guys and Gals, I have to hurry/leaving for short-term vacations.
I won't be back until next Tuesday, so if Get Carter is the correct answer, I would appreciate of someone else posts a new cap for me
the problem for lynux for me is the amount of appz that will run on it, i,ve been thinking of switching to another OS recently but i,m a little worried about what i,ll be able to run and what i wont be able to run
it is a bitch to learn. there are actually a lot of apps, but you need to know what you are doing and where to find them. the best thing about it is ... it is all free. if you have the time and effort ...
dang you're right..... MAC OSX is built on a XNU shell which is adapted from BSD
XNU contains code based on Mach, the legendary architecture that originated as a research project at Carnegie Mellon University in the mid 1980s (Mach itself traces its philosophy to the Accent operating system, also developed at CMU), and has been part of many important systems. Early versions of Mach had monolithic kernels, with much of BSD's code in the kernel. Mach 3.0 was the first microkernel implementation.
XNU's Mach component is based on Mach 3.0, although it's not used as a microkernel. The BSD subsystem is part of the kernel and so are various other subsystems that are typically implemented as user-space servers in microkernel systems. XNU's Mach is responsible for various low-level aspects of the system, such as:
Jib says:
he isnt worth the water that splashes up into your asshole while you're shitting
Originally posted by ace_dl
Guys and Gals, I have to hurry/leaving for short-term vacations.
I won't be back until next Tuesday, so if Get Carter is the correct answer, I would appreciate of someone else posts a new cap for me
This is the voice from planet love. Have no fear we are your friends. To bring peace and love to your world, we are sending you our very special agent. Her name is love love love...
We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.
By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.
Tweet
Comment