@techlord As annoying as Apple's claims have been over the years with misleading ads claiming or implying Macs don't get malicious software, hacking goes after dollars and I am sure they will continue to target marketshare and go after computers with Windows. As delusional as Engadget is, the truth still remains desktop sales for Windows PCs absolutely kill OSX and this can in large be seen in the business to business sector of computer sales. Even after the upswing in Mac in the last few years it is at best ~90% Windows and ~10% OSX. Not saying one is better than the other at all here but just saying it doesn't make sense to see hacking target Mac more now than it has.
hacking indeed goes after dollars, which is why it's interesting that despite hackers being offered $10,000 to hack into a Mac at cansecwest, none of them could do it.
Not one. Not even for $10,000. $10,000 does count as "dollars", right? So how do you explain that?
@Jack Safari gets hacked every year at Pwn to Own (I believe that is the competition's name) faster than any other browser, IE included. My point, however, is, keeping in trend with hacking, common sense, and malicious software, the news seems to be referring to iTunes and Safari on WINDOWS based machines which keeps in line with the notion that hackers benefit effort and cost wise by focusing on the marketshare leader. Was being logical.
Always fun to feed the trolls. And I will have to say Jack, you are by far the worst troll here. Not in terms of actual trolling but in the quality of the troll. If I were you I would sit down..........play some WoW.......sit in Trade Chat........get on some forums.......and learn to troll better! Right you you are just sad........but it is really enjoyable to watch at work!
I feel what jack is saying. I was with the fruit company when this happened. We werent very happy with it. Thats when all the updates came out like crazy. Also dont forget about the person that did the bluetooth keyboard hack. I give him props for that.
Do you idiots just not understand what "hack" means? A hack is remotely breaking into a system. Nobody at cansecwest was able to do that. And yes, that is specifically why I mentioned cansecwest FIRST, before you linked to it. Which you did anyway.
The whole "2 minute" thing was actually 6 months and 2 minutes, and it was the same type of thing. Safari had to be directed to a malicious web site in order for anything to happen. You know how they did that? They had somebody PHYSICALLY sitting in front of a Mac, who had to enter the ADMIN PASSWORD before Safari would do anything or go anywhere.
That is why I said it's more about how to GET to the vulnerability, not that there IS one. Please fucking educate yourself. Tell me how this vulnerability is exploitable by any method either than manipulating the user, otherwise known as a trojan or phishing. Which every platform is vulnerable to.
@Jack First - You have to enter your ADMIN password to visit websites? Damn... what have I been missing without superuser permissions while web surfing?!?! OSX 10.6.4 here if you're wondering. Mac user, just not a Mac apologist.
Second - NONE of the systems were able to be hacked on the first day when people were only allowed network access to them. So, using your logic, your original argument would apply to all the OSs presented.
No, you're actually right - NONE of the systems were able to be hacked. Which is a direct contradiction of what all the Apple hating tools in this thread actually believe. Or didn't you see them all saying "Mac was hacked in 2 minutes"?
The other systems are irrelevant. My point, which you just supported, was that nobody can hack into a Mac, and you have to misdirect a user to a malicious web site if you want anything bad to happen to one.
You apparently missed the word "unauthorized". A guy physically sitting in front of a mac giving explicit permission for a script to run doesn't count as "unauthorized". Misdirecting a user to a web site doesn't count as "unauthorized".
Do you just not understand the part about not being able to do ANYTHING unless the user gives it permission? What is so hard to understand about that for you?
@Jack Christ Jack ease down. Go have some tea or something. I already said I thought this was an attack on Windows machines with Apple software. Get a hobby or weed or something.
@Jack Are you sure about that? Because where I work, we have a ton of Dell PowerEdge servers, and 14 Apple Xserve servers running osx server edition 10.4.11 to 10.6.4. Wanna take a guess which ones constantly get hacked by dumbass Romanians? I'll give you a big hint - it's not the Dells. I'll give you another big hint, it has something to do with a fruit company that takes their precious sweet time to release server software updates, even after vulnerabilities are acknowledged.
You can pretend Apple are infallible all you want, but you're only hurting yourself.
@Jack Dude, it's not that hard to find vulnerabilities for prior versions of osx, if that's what you're trying to challenge me on. Go do a search on securiteam.com or something (something you should be doing regularly as a server admin anyway, which I assume you are from your xserve comment). Most of the ones we've had with our servers were php based attacks, since Apple insists on providing their own port of it, and it's always lagging a few versions behind the official release.
@Seven2k Yeah, it's terrible where I work too because we're under constant pressure to keep the software up to date. If it drops below some minimum version, the server automatically gets kicked of the network, which we can't prevent if Apple doesn't push the updates out quick enough.
BZZT wrong answer. I said give me the details. What's wrong, suddenly you don't know how it happened? Also, "vulnerability" is not the same thing as a "hack". Is there a reason you don't seem to know the difference? For example, if somebody hacked an XServe, you literally could not have prevented it. Because it was "hacked".
A vulnerability is something entirely different, as is the case with vulnerability discussed in this article. Just because something has a vulnerability does not mean it's in any way accessible to any outside source. Cansecwest is a good example of that. Safari had a vulnerability, but it was not able to be exploited remotely. At all.
So I'll ask you again, give me the details of these alleged "hacks".
@Jack Just to set the record straight, the vulnerability that Safari fell to in the PW2OWN contest did not require the user to enter a password. All it required was for the user to visit a web site. Nothing else, no password, no installing anything just simply to visit a web site. The vulnerability enabled remote code execution which allowed the hackers to access a file off the local hdd which is what is required to win the contest. No other machines were susceptible to this. The windows machine fell the next day when the rules were opened up more to allow software like flash to be installed. The Windows machine actually fell because of a vulnerability in flash.
Having to enter a password before a hack can work is actually counted as a win for the OS because it is a security measure that stopped the attack. You cannot win the contest if your hack requires an admin password entered to work.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Hacker no longer interesting hacking windows, now they all eyes at apple.
@techlord
Yeah - it's a good thing those smarmy "I'm a Mac" commercials are no longer on the air...
@techlord
As annoying as Apple's claims have been over the years with misleading ads claiming or implying Macs don't get malicious software, hacking goes after dollars and I am sure they will continue to target marketshare and go after computers with Windows. As delusional as Engadget is, the truth still remains desktop sales for Windows PCs absolutely kill OSX and this can in large be seen in the business to business sector of computer sales. Even after the upswing in Mac in the last few years it is at best ~90% Windows and ~10% OSX. Not saying one is better than the other at all here but just saying it doesn't make sense to see hacking target Mac more now than it has.
@VAVA Mk 2
hacking indeed goes after dollars, which is why it's interesting that despite hackers being offered $10,000 to hack into a Mac at cansecwest, none of them could do it.
Not one. Not even for $10,000. $10,000 does count as "dollars", right? So how do you explain that?
@Jack
umm you are on crack http://www.macworld.com/article/132733/2008/03/hack.html
@Seven2k
LOL @Jack.
@Jack
Safari gets hacked every year at Pwn to Own (I believe that is the competition's name) faster than any other browser, IE included. My point, however, is, keeping in trend with hacking, common sense, and malicious software, the news seems to be referring to iTunes and Safari on WINDOWS based machines which keeps in line with the notion that hackers benefit effort and cost wise by focusing on the marketshare leader. Was being logical.
@Jack
http://news.cnet.com/8301-27080_3-20001126-245.html
Always fun to feed the trolls. And I will have to say Jack, you are by far the worst troll here. Not in terms of actual trolling but in the quality of the troll. If I were you I would sit down..........play some WoW.......sit in Trade Chat........get on some forums.......and learn to troll better! Right you you are just sad........but it is really enjoyable to watch at work!
@Jack Reading the comment below you, yes, $10,000 does count as dollars.
@VAVA Mk 2
I feel what jack is saying. I was with the fruit company when this happened. We werent very happy with it. Thats when all the updates came out like crazy. Also dont forget about the person that did the bluetooth keyboard hack. I give him props for that.
@Jack pwned! enjoy oblivion, I hear they have free bingo.
@Jack lol FAIL.
@Seven2k
Do you idiots just not understand what "hack" means? A hack is remotely breaking into a system. Nobody at cansecwest was able to do that. And yes, that is specifically why I mentioned cansecwest FIRST, before you linked to it. Which you did anyway.
The whole "2 minute" thing was actually 6 months and 2 minutes, and it was the same type of thing. Safari had to be directed to a malicious web site in order for anything to happen. You know how they did that? They had somebody PHYSICALLY sitting in front of a Mac, who had to enter the ADMIN PASSWORD before Safari would do anything or go anywhere.
That is why I said it's more about how to GET to the vulnerability, not that there IS one. Please fucking educate yourself. Tell me how this vulnerability is exploitable by any method either than manipulating the user, otherwise known as a trojan or phishing. Which every platform is vulnerable to.
@Jack
You should of kept quiet jack.
Your insults are like sweat on my balls......just rolls off.
Folks, don't reply to Jack - he has mental health issues.
@Jack First - You have to enter your ADMIN password to visit websites? Damn... what have I been missing without superuser permissions while web surfing?!?! OSX 10.6.4 here if you're wondering. Mac user, just not a Mac apologist.
Second - NONE of the systems were able to be hacked on the first day when people were only allowed network access to them. So, using your logic, your original argument would apply to all the OSs presented.
@Jack *rreeeaaaaow!* someone's angry. want some Chi Tea?
@Seven2k
So you can't answer the question huh? I didn't think so. Better luck next time.
@atlharry
No, you're actually right - NONE of the systems were able to be hacked. Which is a direct contradiction of what all the Apple hating tools in this thread actually believe. Or didn't you see them all saying "Mac was hacked in 2 minutes"?
The other systems are irrelevant. My point, which you just supported, was that nobody can hack into a Mac, and you have to misdirect a user to a malicious web site if you want anything bad to happen to one.
@Jack hack 1 |hak|
verb
2 [ intrans. ] use a computer to gain unauthorized access to data in a system : they hacked into a bank's computer.
Ill use it in a sentence
Macworld published an article on how a Mac got hacked in 2 minutes.
@Seven2k
You apparently missed the word "unauthorized". A guy physically sitting in front of a mac giving explicit permission for a script to run doesn't count as "unauthorized". Misdirecting a user to a web site doesn't count as "unauthorized".
Do you just not understand the part about not being able to do ANYTHING unless the user gives it permission? What is so hard to understand about that for you?
@Jack
Christ Jack ease down. Go have some tea or something. I already said I thought this was an attack on Windows machines with Apple software. Get a hobby or weed or something.
@Jack
Are you sure about that? Because where I work, we have a ton of Dell PowerEdge servers, and 14 Apple Xserve servers running osx server edition 10.4.11 to 10.6.4. Wanna take a guess which ones constantly get hacked by dumbass Romanians? I'll give you a big hint - it's not the Dells. I'll give you another big hint, it has something to do with a fruit company that takes their precious sweet time to release server software updates, even after vulnerabilities are acknowledged.
You can pretend Apple are infallible all you want, but you're only hurting yourself.
@Jack Don't make us AutoFill the hole you've been digging.
@jroff
Now this is interesting. Please post the details of these alleged hacks, as I also run XServes and I don't get hacked at all.
@Jack
Damn, you need to get your head out of Steve's ass.
@Jack
Dude, it's not that hard to find vulnerabilities for prior versions of osx, if that's what you're trying to challenge me on. Go do a search on securiteam.com or something (something you should be doing regularly as a server admin anyway, which I assume you are from your xserve comment). Most of the ones we've had with our servers were php based attacks, since Apple insists on providing their own port of it, and it's always lagging a few versions behind the official release.
@jroff
I feel you on this. I used to run 3 Tiger Servers those updates are BRUUUTAL.....you apply the update and pray everything works like it did.
@Seven2k
Yeah, it's terrible where I work too because we're under constant pressure to keep the software up to date. If it drops below some minimum version, the server automatically gets kicked of the network, which we can't prevent if Apple doesn't push the updates out quick enough.
@jroff
BZZT wrong answer. I said give me the details. What's wrong, suddenly you don't know how it happened? Also, "vulnerability" is not the same thing as a "hack". Is there a reason you don't seem to know the difference? For example, if somebody hacked an XServe, you literally could not have prevented it. Because it was "hacked".
A vulnerability is something entirely different, as is the case with vulnerability discussed in this article. Just because something has a vulnerability does not mean it's in any way accessible to any outside source. Cansecwest is a good example of that. Safari had a vulnerability, but it was not able to be exploited remotely. At all.
So I'll ask you again, give me the details of these alleged "hacks".
@jroff maybe u should tell all the dumbasses to to stop opening viruses in their email...
@Jack
Just to set the record straight, the vulnerability that Safari fell to in the PW2OWN contest did not require the user to enter a password. All it required was for the user to visit a web site. Nothing else, no password, no installing anything just simply to visit a web site. The vulnerability enabled remote code execution which allowed the hackers to access a file off the local hdd which is what is required to win the contest. No other machines were susceptible to this. The windows machine fell the next day when the rules were opened up more to allow software like flash to be installed. The Windows machine actually fell because of a vulnerability in flash.
Having to enter a password before a hack can work is actually counted as a win for the OS because it is a security measure that stopped the attack. You cannot win the contest if your hack requires an admin password entered to work.
@Seven2k
poor you, the sweat on MY balls get licked off by supermodels
@sinai
=( im jealous now...lucky!!