Ex-NSA security bod fanboi: Apple Macs are wide open to malware

The Register ^ | 5/8/15 | John Leyden

[Enlightened1]

'I love Apple products, I just wish they were secure'

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial.

Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from the Mac App Store.

Apple's built-in mechanisms - Gatekeeper, XProtect anti-malware, sandboxing and kernel code-signing requirements - are "easy to get around" and "trivially exploitable", according to Wardle.

Wardle said he worked closely with Apple's internal security teams describing them as "responsive" while noting the wider consumer electronics firm had yet to embrace a culture where “comprehensive security is baked into their OS X systems" from the onset. By contrast to OS X, iOS has solid security baked in, according to Wardle.

A bug bounty from Apple - along the lines of schemes introduced by Google, Microsoft and many others - would be beneficial, according to Wardle whose firm Synack would stand to benefit from such a scheme. "Google products have themselves, become more secure because of bug bounties," Wardle said. "Introducing them seems to be a no brainer."

[bicyclerepair]

Linux mint, fast and secure

[jjotto]

Sure, but they have built-in Gaydar.

[humblegunner]

So, kwai Chang..

http://www.freerepublic.com/focus/f-chat/3262821/posts

“It Appears There Are Hijacked Freeper Accounts”

Has you find more of these account and why not show to public?

Why you so quiet on this?

[Nervous Tick]

You’re not humblegunner. humblegunner doesn’t post stuff like this.

I think the humblegunner account has been hacked!!!

[Swordmaker]

An Ex-NSA security claims Apple Macs are wide open to malware . . . but from my reading of his claims, they are exactly the same we've been hearing from him for some time: Macs are insecure because someone could do this:

"Up until recently all Mac security software packages downloaded over unencrypted http connections, relying on Garekeeper for code verification. Because Wardle uncovered a way to bypass Gatekeeper, this opens the door to man-in-the-middle or other attacks.

"More advanced attackers, such as nation states, would be able to see a download in progress before injecting code into legitimate downloads,"

Wardle found that users could turn off the signed protections in OS X (actually a feature of Gatekeeper to allow users to not be limited to the Apple Mac App Store) to download any app they wanted. . . oh, the horrors of users choice. . . which he thinks should be prevented!

Wardle's complaints were covered in a previously posted article on FR last month when he made the same complaints before the RSA Conference in San Francisco. . . and roundly criticized there by other computer security experts. Wardle did find another way to do the Rootpipe, not the same as the original, which was extremely difficult to exploit in the first place, requiring physical possession of the computer as does Wardle's later vulnerability. Apple has closed that one too. PING!

Apple Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

The latest Freepathon is rushing to the wire, so let's put it over the top! I challenge the members of the Apple ping list to each donate at least $10 each to the latest Freepathon. I HAVE donated $100. Many members of the Apple Ping list are already rising to the challenge. Join them. Let's show the power of the Apple Ping list in supporting Freerepublic!

If you have ordered an Apple Watch,
MAKE A DONATION TO THE FREEPATHON!

[martin_fierro]

PROVE YOUR IDENTITY.

WHAT’S THE PASSPHRASE??

[Ethan Clive Osgoode]

But Apple malware has exquisite bevelled edges and handsome filigree work. The look and feel is impeccable. Every homo wants some.

[shibumi]

"I think the humblegunner account has been hacked!!!"

No way you could have found us out!
We have taken great pains to cleverly disguise our takeover of these FReeper accounts using the latest in stealth pirating technology.

Why, we even have a brand new state-of-the-art Interociter shipped here from Metaluna and hand assembled by Gunner and myself!

[BlueDragon]

Who is Jim Thompson

[BlueDragon]

ʇɐp oɥʍ ʎɐs oɥʍ ʇɐp oɥʍ

[amigatec]

Well it seems his software is just as bad. The only way to run his software is to change the Security settings in the System Preferences.

So he is trying to get you to do exactly what he claims is the problem. Downloading unauthorized software.

[Swordmaker]

So he is trying to get you to do exactly what he claims is the problem. Downloading unauthorized software.

BINGO!