Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Apple and Microsoft get trashed by hackers again
The Inquirer (not the tabloid) ^ | 25 Mar 2010 | Nick Ferrel

Posted on 03/27/2010 11:48:17 AM PDT by for-q-clinton

DESPITE THE RABID CLAIMS of Apple fan boys that its software is more secure than anything else on the market, Jobs' Mob products were the first to be trashed again at a Pwn2Own hacking competition.

In fact flaws in the Iphone OS and zero-day vulnerabilities in Apple's Safari 4 web browser made a mockery of Apple's advertising.

Flaws were also found in Mozilla Firefox and Internet Explorer 8 but apparently hackers had some trouble getting around exploitation mitigations in Windows 7, although eventually they did.

Vincenzo Iozzo and Raif Weinmann were the first to successfully hack a mobile device, exploiting a flaw in the Iphone Safari browser to run SMS messages to a remote web server.

Researcher Charlie Miller, principal security analyst at Independent Security Evaluators, quickly exploited a vulnerability in the desktop version of Safari running on Mac OS X. He won $10,000 for the exploit, which was one of 20 zero-day bugs that Apple fanbois deny exist in OS X.

Miller's exploit opened up a remote shell, which he accessed and was able to run any malicious code he wanted. We guess it just worked!

Miller has said in the past that he is unhappy with Jobs' Mob's secure software development processes. While he will be telling them that the flaw that won the competition for him, he will be sitting on the other 19. Perhaps it will act as an incentive for Apple to get off its lazy arse and develop a security policy with some meaning rather than screwing around with punters while at the same time insisting they are safe.

Miller said discovering the 20 zero-day vulnerabilities took him only three weeks using three computers, so who knows what he would have found if he had kept looking.

Microsoft's Internet Exploder 8 eventually got turned over and Peter Vreugdenhil managed to get past its insecurity mitigation technologies. The flaw can be exploited if a user browses to a malicious website.

Fireferret was also successfully exploited by bypassing ASLR and DEP.

UK-based MWR Infosecurity targeted a memory vulnerability. It started a calculator on a laptop running Windows 7.

The most secure web browser out there was Google's Chrome 4 running on Windows 7.

No one bothered to take down Google's Nexus One, a RIM Blackberry Bold 9700 or a Nokia E72 device running Nokia's Symbian OS.


TOPICS: Crime/Corruption; Miscellaneous; News/Current Events
KEYWORDS: apple; hack; osx; spam; spamattack; spammityspam; spamtheforum; windows
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-71 next last
Wow it appears as if Windows 7 and IE8 were actually harder to hack then OSX with Safari 4.

Very interesting. Has Mac finally gotten enough of a userbase to make it worth attacking? If so, I can see a ton of Apple zealots eating a lot of crow. Well technically they should already be eating it.

Bottomline: All software is vulnerable and security by obscurity isn't security at all.

1 posted on 03/27/2010 11:48:17 AM PDT by for-q-clinton
[ Post Reply | Private Reply | View Replies]

To: ShadowAce; Swordmaker

ping


2 posted on 03/27/2010 11:49:02 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Macbots in 3...2...1...


3 posted on 03/27/2010 11:59:36 AM PDT by JRios1968 (The real first rule of Fight Club: don't invite Chuck Norris...EVER)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JRios1968

Nope. I had some other threads and they are staying miles away from these threads. They are either too busy eating crow or are too distraught to post/read as their savior Steve Jobs has let them down and lied to them.


4 posted on 03/27/2010 12:01:05 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 3 | View Replies]

To: for-q-clinton
Apple/Mac software has always been as hackable as anything else including Windows,

It's the target, not the OS, that decides the “popularity” of the victims.

With Apple holding a relatively small base of users vs. Microsoft and those users with few exceptions mainly using it for personal, or in the area of business, creative use, they were a small target economically or otherwise.

5 posted on 03/27/2010 12:01:26 PM PDT by ejonesie22 (Palin bashers on freerepublic, like a fart in Church...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ejonesie22

Exactly. So I wonder if Windows is really a much more secure platform now? I know MS has put a lot of time and money into improving their platform and their patching process.

Can apple’s update cycle match that of Microsoft’s?


6 posted on 03/27/2010 12:04:29 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 5 | View Replies]

To: for-q-clinton
If they can leverage the same server and bandwidth power for updates as they do I-Tunes, sure.

As far as secure, every OS goes through vulnerability cycles during it's life time, with the lowest most secure points being right before it goes End of Life of course.

Windows 7 does show MS first real effort at starting out secure. As it remains out on the market vulnerabilities will be exposed, it be less secure than competitors for a bit, get patched be more secure, etc. etc.

7 posted on 03/27/2010 12:10:50 PM PDT by ejonesie22 (Palin bashers on freerepublic, like a fart in Church...)
[ Post Reply | Private Reply | To 6 | View Replies]

To: for-q-clinton

What’s a “apple”?


8 posted on 03/27/2010 12:11:30 PM PDT by Huebolt (Some people are born to be slaves. They register as democrats.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Huebolt

The company that makes iPhone, Mac OSX, iPad, etc...


9 posted on 03/27/2010 12:14:20 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 8 | View Replies]

To: for-q-clinton

10 posted on 03/27/2010 12:27:02 PM PDT by James C. Bennett
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

I’m sure that this is a dumb question, but how does one know he has been hacked.

All my Macs seem to be working as usual.


11 posted on 03/27/2010 12:27:23 PM PDT by basil (It's time to rid the country of "Gun Free Zones" aka "Killing Fields")
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

This will be fun to see Swordmaker and the other Macbots or FR spins this one.


12 posted on 03/27/2010 12:50:18 PM PDT by Blue Highway ("Judge me by the people with whom I surround myself" Barack Obama, Oct 15, 2008 Presidential debate)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Swordmaker and ANtirepublicrat will be here but they will spin it. Wait for it...


13 posted on 03/27/2010 12:51:07 PM PDT by Blue Highway ("Judge me by the people with whom I surround myself" Barack Obama, Oct 15, 2008 Presidential debate)
[ Post Reply | Private Reply | To 4 | View Replies]

To: for-q-clinton

No, Windows isn’t a “much more” secure platform now.

One of the problems with these sorts of “analysis” by bystanders to computer security is that they don’t ponder the question of “what would happen if Charlie Miller decided to go after Windows?”

Let’s back up a sec. Charlie Miller worked for the NSA for five years. That sort of experience gives him a big leg up on many DIY hackers in that the NSA has a large internal base of experience on cracking systems of all sorts. Let’s just say that it is obvious that Miller learned a trick or two in his time at Ft. Meade.

Why is Miller focusing on OS X? Because he analyzed the contest and took the path which offers him the highest probability of getting the $10K payoff. There aren’t that many hackers looking at the Mac as an attack target, but there are a bunch of hackers who have looked at Windows, and a few more than the Mac who go after Unix-variant systems because they’re used as servers and back ends. Fewest competitors means highest probability of winning the contest and taking home some cash.


14 posted on 03/27/2010 1:03:36 PM PDT by NVDave
[ Post Reply | Private Reply | To 6 | View Replies]

To: James C. Bennett
27" iMac
15 posted on 03/27/2010 1:18:47 PM PDT by doc11355
[ Post Reply | Private Reply | To 10 | View Replies]

To: for-q-clinton
I am not a 'fanboy' of either Apple or MS. Taking an objective stance in this MS vs. Apple (and Linux) battle is quite liberating as I'm not married to any of the above.

As a student of info security issues (and a certification at the moment), I understand that hackers will target what feeds their need. That need might be money, fame (infamy), or any other impetus. Because that is the case, as the number of systems of a certain operating system/application increases, the risk increases.

There is NO such thing as a completely secure system unless it is powered off, smashed to pieces, and buried in the backyard.

16 posted on 03/27/2010 1:29:22 PM PDT by DesertSapper (God, Family, Country . . . . . . . . . . and dead terrorists!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: NVDave

So you are claiming Charlie Miller is the best hacker in the world and that he dwarfs all Windows hackers?

Get real. He’s a very good hacker but not the best. And he’s targeting OS X because Steve Jobs has been lying about their security and it’s footprint is now big enough worthy of a respsonse to protect its users. The NASA angle is stupid. I know many people that have worked for NASA, most are pretty smart, but not extremely smart. In most cases my IQ was higher than theirs (when that subject came up). So I’m not sure what working at NASA has to do with anything.

But you’re right there are a lot more script kiddies exploiting old vulnerabilities in windows than in OS X.


17 posted on 03/27/2010 1:43:06 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 14 | View Replies]

To: for-q-clinton
>"Jobs' Mob products were the first to be trashed again at a Pwn2Own hacking competition. "

What? WHAT? Say it aint so, Steve, you little Liberal Prick.


18 posted on 03/27/2010 2:43:05 PM PDT by scoobysnak71 (I'm light skinned with no negro dialect. Could you milk me?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

No, I’m not. And thanks for erecting such a fabulous strawman.

I read Miller’s reasons (which he openly disclosed) about why he’s targeting OS X and Safari a couple years ago when he started. It was as I said: He’s looking for the highest probability of getting the payoff - this is a contest, after all, with a tidy cash prize.

WTF are you talking about “NASA?” I said “NSA” - not “NASA.”

If you are at a level where you conflate the NSA with NASA, then you know nothing about computer security.


19 posted on 03/27/2010 2:43:56 PM PDT by NVDave
[ Post Reply | Private Reply | To 17 | View Replies]

To: NVDave

I misread your NASA point, but I too know people in NSA and once again the same argument holds true there as well ;-)

Typically it’s a few extremely bright people and then a lot of smart people who take that and put the message out.


20 posted on 03/27/2010 2:53:09 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-71 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson