Mac users are deluding themselves if they think they are immune to security issues. And when the time comes that Macs are hit hard, Apple will bear the brunt of the responsibility for fostering this false sense of security within their community. Apple has become public enemy #1 for many black hatters in no small part because of Jobs arrogant stance that his OS is immune to the security flaws, and in essence daring the black hatters to give it a go. Be careful what you ask for Steve.....
Gosh. Gee whillikers, Space. Do you think those black hatters might just like to "stick a cigarette in the eyes of Mac users" to show them how unsafe they are???
That cigarette quote came from just such crackers David Maynor and Jon Ellch, who, to demonstrate the fragility of Mac's security, found it necessary to create a HOAX video of a Macbook being taken over via WIFI. The video was shown with great glee at the last Black Hat convention. They refused to tell people how they did it or to demonstrate the exploit live. It turned out they used an EXTERNAL USB WIFI card and a third party driver despite the existence of a perfectly good (and secure) built in WiFi card and drivers. They also PRE-installed a script to run on the targeted Mac.
"Daring Fireball's" John Gruber bought a brand new MacBook and challenged Maynor and Ellch to crack his out-of-the-box MacBook... if they could, it was theirs, free and clear. John Gruber still has the MacBook.
Another Mac challenge DID get hacked. A guy in Sweden put up a Mac Mini as a server and it was cracked in under 30 minutes. BUT, this idiot gave everyone wanting to "rm-my-Mac" a Local User Account, opened every port that is normally closed in a default install, and then used extremely weak passwords for his administrator account. An Australian cracker named Gwerdna (I wonder if his first name is Andrew? I also wonder how hardened his passwords are.) broke in and defaced the web site by escalating his privileges to administrator.
David Schroeder, the senior Apple systems engineer at the University of Wisconsin's IT department put up a Mac Mini as a Web server, using it straight out of the box with no firewall, no AV, nothing, bare naked, and challenged the black hatters to crack into it. Thousands of attempts were made over a period of 37 hours (the University required him to pull the challenge because of bandwidth usage) and NOT ONE SUCCEEDED.
David Schroeder . . . set up his own contest inviting security researchers and hackers to attempt to breach a Mac with open SSH and HTML ports and two user accounts. A critic of the original contest, Schroeder stressed that his challenge is more fair, but that most users will not likely even have those ports open."Mac OS X is not invulnerable--it, like any other operating system, has security deficiencies in various aspects of the software," Schroeder wrote. "However, the general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system." - Source.
I think it is safe to say that the "black hatters" have given it a go and have failed miserably. Six years and counting... no malware!
So what is it? Do the black hatters ignore OS X because of its marketshare, or are they intent on nailing OS X because of Apple's arrogance?
Gotta read what Swordmaker finally confirmed...Mac has some exploits available. Looks like you and I were right...who knew you'd be proven so right so quickly?