Advertise on Bikeforums.net



User Tag List

Results 1 to 16 of 16
  1. #1
    Hardrocker
    Join Date
    Jul 2007
    Posts
    1,569
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    RE: Are Mac's 100% secure?

    Obviously not. OS X was the first to fall in the PWN 2 OWN contest.

    Details on the contest:
    http://news.yahoo.com/s/macworld/200...osvslinuxvista

    News:
    http://blogs.zdnet.com/security/?p=984

  2. #2
    Banned. timmyquest's Avatar
    Join Date
    May 2005
    Location
    Woodstock
    Posts
    5,770
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  3. #3
    Argyle Army Foot Soldier cnickgo's Avatar
    Join Date
    Jun 2007
    Location
    Cary/Boone, NC
    My Bikes
    Fort Gestus, 79 Raleigh Super Grand Prix, 81 Raleigh Supercourse, Mosh Lux 2* Gold, IRO Rob Roy on order
    Posts
    182
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1. The guy that did it already has experince with Mac OS hacking.

    2. Even stated in the article, the glory was in hacking the Mac. The guys put in extra effort to do it. Fair competition? I don't think so.

  4. #4
    Banned. timmyquest's Avatar
    Join Date
    May 2005
    Location
    Woodstock
    Posts
    5,770
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cnickgo View Post
    1. The guy that did it already has experince with Mac OS hacking.

    2. Even stated in the article, the glory was in hacking the Mac. The guys put in extra effort to do it. Fair competition? I don't think so.
    Oh, so what you're saying is that when an OS has more people focusing on it, it's more prone to fail? Or does that only work one way?

  5. #5
    Argyle Army Foot Soldier cnickgo's Avatar
    Join Date
    Jun 2007
    Location
    Cary/Boone, NC
    My Bikes
    Fort Gestus, 79 Raleigh Super Grand Prix, 81 Raleigh Supercourse, Mosh Lux 2* Gold, IRO Rob Roy on order
    Posts
    182
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm saying it can't be denied that Mac OS fell in two minutes. But it's scientifically poor to compare that to the "security" of the other OS. Would the other OS have fell within the same time if they had gotten the same attention in this competition? Probably. It's a horrible way scientifically to compare the "safety" of the different OS.

  6. #6
    Banned. timmyquest's Avatar
    Join Date
    May 2005
    Location
    Woodstock
    Posts
    5,770
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cnickgo View Post
    I'm saying it can't be denied that Mac OS fell in two minutes. But it's scientifically poor to compare that to the "security" of the other OS. Would the other OS have fell within the same time if they had gotten the same attention in this competition? Probably. It's a horrible way scientifically to compare the "safety" of the different OS.
    I'm not sure if you're doing it on purpose or if you're really just this blinded, but you are missing the point.

    The most common argument regarding windows insecurity, and it is one that i tend to believe, is that the pitfalls of windows security is because of the vastly higher number of windows users out there. Therefore, people who create viruses, hacks, malware etc are going to focus on the system that yields the most destruction and gains them the most attention. Currently, that isn't OSX.

    As i've stated in the other thread, there are other reasons that Windows sucks...but they are secondary.

  7. #7
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Didn't Vista fall too, due to an unpublished exploit in Flash?

  8. #8
    Hardrocker
    Join Date
    Jul 2007
    Posts
    1,569
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mlts22 View Post
    Didn't Vista fall too, due to an unpublished exploit in Flash?
    Yup. The order of failing went OSX, Vista SP1, Ubuntu.

  9. #9
    blithering idiot jhota's Avatar
    Join Date
    Feb 2004
    Location
    beautiful coastal South Carolina
    My Bikes
    1991 Trek 930, 2005 Bianchi Eros, 2006 Nashbar "X," IRO Rob Roy
    Posts
    1,263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    after reading the article (and the links to "play-by-play" coverage), i don't think you can really draw any conclusions from this other than "don't visit suspicious websites."

    well, that and "don't install Flash."

    i think it's important to remember that none of the computers fell the first day - it wasn't until the hackers were able to take advantage of "user interaction" that they started falling.

  10. #10
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is a good reason to always run Firefox with Adblock and NoScript. On sites that are really notorious, perhaps consider a dedicated VM that you can roll back to a known good snapshot when it gets infected.

    I wish operating systems would have a sandbox, if not a completely isolated VM, for Web browsers because they are so easy to compromise due to add ons like Flash and the like. Vista is very good in this respect, as IE7 runs in a low security mode, but this doesn't stop add-ons from being abused.

  11. #11
    Gorntastic! v1k1ng1001's Avatar
    Join Date
    Oct 2006
    Location
    United States of Mexico
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://www.sandboxie.com/

    You can use sandboxie although I almost never do. This would have saved me a lot of headaches 3-4 years ago.

  12. #12
    Wood Licker Maelstrom's Avatar
    Join Date
    Apr 2002
    Location
    Whistler,BC
    My Bikes
    Transition Dirtbag, Kona Roast 2002 and specialized BMX
    Posts
    16,889
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Already posted, in that thread ...

  13. #13
    Wood Licker Maelstrom's Avatar
    Join Date
    Apr 2002
    Location
    Whistler,BC
    My Bikes
    Transition Dirtbag, Kona Roast 2002 and specialized BMX
    Posts
    16,889
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by timmyquest View Post
    Oh, so what you're saying is that when an OS has more people focusing on it, it's more prone to fail? Or does that only work one way?
    It appears to be a one way street. All the focus for years has been on hacking microsoft stuff, once the table turns a bit, its suddenly unfair...

    Good times, good times indeed.

  14. #14
    Wood Licker Maelstrom's Avatar
    Join Date
    Apr 2002
    Location
    Whistler,BC
    My Bikes
    Transition Dirtbag, Kona Roast 2002 and specialized BMX
    Posts
    16,889
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mlts22 View Post
    Didn't Vista fall too, due to an unpublished exploit in Flash?
    Day 1 was OS hacking only
    Day 2 OS with user interaction
    Day 3 was 3rd party

    No one got hack day 1, all other os's were expected to fall day 3 and Osx was the only one to fall day 2. (I haven't read my diggs on day 3 yet, I tend to avoid IT news on weekends haha)

  15. #15
    Wood Licker Maelstrom's Avatar
    Join Date
    Apr 2002
    Location
    Whistler,BC
    My Bikes
    Transition Dirtbag, Kona Roast 2002 and specialized BMX
    Posts
    16,889
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mlts22 View Post
    This is a good reason to always run Firefox with Adblock and NoScript. On sites that are really notorious, perhaps consider a dedicated VM that you can roll back to a known good snapshot when it gets infected.

    I wish operating systems would have a sandbox, if not a completely isolated VM, for Web browsers because they are so easy to compromise due to add ons like Flash and the like. Vista is very good in this respect, as IE7 runs in a low security mode, but this doesn't stop add-ons from being abused.
    I don't have the article on hand, but I believe there is a new web browser on the horizon that is supposed to be very modular and potentially "sandboxed"...making it very difficult to hack as a whole unit. As the article put it "this generation of browsers are all insecure, the next step is to look at web sites as applications and browsers as the abstraction layers" something like that anyways. Good point of view, it will be interesting to see how this works in the world of exec's needing stuff to work, period.

  16. #16
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is IMHO of course, but I think the security of a Web browser should be rooted in the OS layer, even perhaps the hardware layer, using the virtualization abilities of modern Intel or AMD chips. Having a modular browser is a step forward, but what really needs done is to have it completely sandboxed, either by Thinstall where any writes to the Registry or filesystem are virtualized to the app's user directory, or having a virtual machine similar to VirtualPC, with a shared directory for downloaded files.

    This case, its far more difficult to try to break out of a well coded hypervisor, be it Xen, VirtualPC, or VMWare's, than to break out of any protected mode. The main reason is that a hypervisor has far less code that can be exploited than an OS and all the programs installed on it.

    Even just getting code to run as a user is a significant step to getting admin or root access.
    Last edited by mlts22; 03-29-08 at 11:53 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •