INCREASED MAC OS X HACKING ACTIVITY

TruSecure ^ | 4/26/2005 | Trusecure

[Swordmaker]

EXCELLENT article on the current state of Mac OSX security PING!

If you want on or off the Mac Ping List, Freepmail me.

[Mount Athos]

If I was really conspiracy minded I would say MS is paying them. :)

[cmsgop]

Thanks

[MaryFromMichigan]

I appreciate your pings and often forward them to my hubby!

[Maceman]

If I were a hacker I would target MAC OS just to wipe the self satisfied complacent smile of smug superioroty of the faces of MAC users everywhere.

[solitas]

The root (superuser) account should not be enabled.

WTF??? One of the first things you should do on a new install is to enable the root account and give it a secure password - better that YOU do it before someone ELSE figures out how to do it remotely.

They must mean that you should not be internet-connected while you're the root user.

[tubebender]

Thanks for the ping...

[Salo]

If you were good enough to hack it, you'd have a right to be proud.

[ikka]

WTF??? One of the first things you should do on a new install is to enable the root account and give it a secure password

I think they mean "lock" the root password, so that there is not a way to login as the root user. This way you must first log in as a normal user and then type the root password to do certain operations - thus two accounts need to compromised, not just one.

[Frumious Bandersnatch]

Yeah, that's what I though too. I really think that they mean that you don't access the Internet as a root user (or with root privs. I would also say that they should avoid net access with operator's privs).

That said, Accessing the net with root privs can be okay - as long as you are careful and hit only trusted sites.

[Army Air Corps]

Okay. All systems whether mechanical or biological have weaknesses and flaws. With enough interest and effort, it is bound to happen. Returning to news.

[Maceman]

If you were good enough to hack it, you'd have a right to be proud.

Well, not being a geek, I wouldn't know about that. But I seriouly doubt that any sytem is unhackable, given enough determined hackers with enough incentive to do it.

I think a lot of knowldgeable people will agree that one reason Macs have been spared thus far is because of its limited market penetration -- especially in the business world.

[zeugma]

I think a lot of knowldgeable people will agree that one reason Macs have been spared thus far is because of its limited market penetration -- especially in the business world.

You might be interested in reading this post. It applies to your claim as well.

[UseYourHead]

Users should not open unexpected email attachments or untrusted applications

Don't make me laugh so hard!!!

Herein lies the problem - the end user. This is how 90% or more of the worst problems occur as a general rule.

[Woahhs]

If I were a hacker I would target MAC OS just to wipe the self satisfied complacent smile of smug superioroty of the faces of MAC users everywhere

If you were a girl. would you throw acid in the face of anyone prettier than you?

[Maceman]

If you were a girl. would you throw acid in the face of anyone prettier than you?

I take your point, but personally I think your analogy fails on several levels.

But thanks for playing.

[Swordmaker]

I think a lot of knowldgeable people will agree that one reason Macs have been spared thus far is because of its limited market penetration -- especially in the business world.

A "knowledgable" person was quoted by a leading magazine as saying "While it is probably possible to create an OSX virus. on a scale of one to ten the degree of difficulty is a nine." When asked where Windows was on that one to ten scale he replied "About two."

As to the "security by obscurity" canard... in the past year, hackers have targeted a router with fewer than 25,000 installed base and a cellular phone with fewer than 100,000 installed base. There are currently about 14,000,000 OSX Mac users... Newsweek cited 25,000,000 in an article last week... and there has never been a OSX virus seen in the wild. OSX has been out over 4 years... and no viruses or worms. Only two trojans have been reported. No spyware aside from tracking cookies has been discovered.

The real problem with writing a self-propagating virus or worm is the vector... how does it spread? Macs are designed to prevent this.

[Salo]

The arguement has been made and debunked. For instance, IIS does not have the penetration that Apache does, but since it is easy to hack, it is targeted more.

I think a lot of knowldgeable people will agree that one reason Macs have been spared thus far is because of its limited market penetration -- especially in the business world.

You are correct: no system is unhackable - not even OpenBSD. That being a given, OSX is a very secure OS.

I seriouly doubt that any sytem is unhackable

[SunkenCiv]

Hackers are just sociopaths; the reason for our smiles is that hackers are naturally attracted to that other platform.