Security consultant: ‘This is almost certainly the year of the OS X exploit’

“At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher’s computer, disabling the firewall and starting up a file server,” Robert Lemos writes for SecurityFocus. “While such compromises have become common in the Windows world, this time the computer was a Apple PowerBook running the latest version of Mac OS X. The victim, a security researcher who asked to remain anonymous, had locked down the system prior to the conference and believes that a previously unknown exploit caused the compromise. However, in the following weeks, forensics performed on the system did not reveal any clues as to how the PowerBook had been compromised.”

MacDailyNews Take: Not a clue. An anonymous security researcher. How mysterious! How intriguing! An “unknown exploit?” Shocking. Yawn.

Lemos continues, “The compromise underscores a number of trends that has already caused a shift in focus among flaw finders and could result in more attacks on Mac OS X. Security researchers themselves have moved over to Apple computers in the past few years and have learned the ins and outs of the operating system. The company’s move to Intel-based hardware for its next-generation of Macs also gives flaw finders familiar territory in which to look for bugs. Finally, as Apple continues to garner more market share, the lure of a larger set of targets will make attacks more likely, say security researchers. ‘This is almost certainly the year of the OS X exploit,’ said Jay Beale, a senior security consultant for Intelguardians and an expert in hardening Linux and Mac OS X systems. ‘The OS X platform may be based on a Unix platform, but Apple seems to be making mistakes that Unix made, and corrected, long ago.'”

Blah. blah. blah. The piece continues rehashing and attempting to dress up a bunch of stuff to disguise its lack of substance. We won’t bore you with any more of it here. If you wish, Lemo’s piece — and we do mean “piece” — continues here.

[Thanks to MacDailyNews reader “Qka” for the link.]

MacDailyNews Note: Did you know that SecurityFocus was acquired by Symantec Corporation (see related articles below) in the fall of 2002? According to the SecurityFocus website, “Part of the purchase agreement was to keep SecurityFocus as an independent Website that is not influenced by Symantec corporate policies or products. The SecurityFocus Website retains full editorial discretion for all content and remains a vendor-neutral voice for the security community.” You can decide for yourself if you believe that or not.

Advertisements:
MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.

Related MacDailyNews articles:
eWeek: Intel transition a ‘security non-issue’ for Apple Mac – January 30, 2006
Why pay Symantec for flawed ‘security’ app designed to protect Apple Macs from nonexistent threats? – December 27, 2005
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005

90 Comments

  1. Jimbo, from what I remember the Mac community pressured that one retailer who publicized that contest into stopping it. I may be wrong.

    In any case, wouldn’t it be the greatest ad of all time for AAPL if MDN did this and the server actually remained uncompromised for more than a month? Really – be reasonable now. Everyone would be talking about it – it would do wonders for AAPL stock and sales of Macs.

    And I promise here and now that if that came to be I would stop picking on our Mac guy at work. ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  2. Affy: I agree, it didn’t make much sense.

    Although it could mean – and this was true when MacOS X first came out (not sure if it’s still the case) – that Apple relaxed the permissions on certain key directories to facilitate application installation. If i recall correctly, that was done for compatibility with Classic installers, so it may be Apple has tightened that up by now.

    I suppose, however, that this is indeed the year of the first MacOS X exploit. It’s a trojan you have to purchase and install yourself, however, called Symantec “Anti”Virus.

  3. Evil, Your argument doesn’t hold water. It wouldn’t mean shit for Apple’s stock or sales. That OS X has been virus-free is established and provable, but many Windows users don’t believe it. They’ve been effectively propagandized, and someone like MDN claiming to have had a server online for a month without a hardware firewall will be even more unbelievable, as it cannot be effectively proved.

    I’ve had my computers online for, well, fovever, without a firewall, through a succession of Mac OSs. Wake me when there’s a problem.

  4. The average spam hacker couldn’t write effective malware code for a Mac if they wanted. The UNIX underpinnings are solid– especially if you remember to not run in the admin account. Macs aren’t impossible to breach– just a lot more difficult.

    Richard Clarke- cyberterrorism expert, advisor to 4 presidents and the head of Good Harbor Consulting is a Mac user and tells people plainly to stay away from MS if security is an issue.

    in the Seattle P-I
    FEB 17 2005
    “SAN FRANCISCO — Don’t expect Richard Clarke to rely on Microsoft Corp.’s anti-virus or anti-spyware programs to protect his own computer.

    “Given their record in the security area, I don’t know why anybody would buy from them,” the former White House cybersecurity and counterterrorism adviser said yesterday, when asked for his thoughts on Microsoft’s forthcoming line of security software.”

    His new employer

    http://www.goodharbor.net/services.html

  5. Are the SecurityFocus (aka Symantec) sales of Mac OS X security software too low? Are people so confident of the inbuilt Mac OS X security that they are not buying 3rd party security software? Spreading manure around the garden usually makes things grow a bit better. Why not spread a bit of Mac OS X FUD manure across the internet to grow the sales?

  6. Language is so important; if he had said “this is almost certainly the year OS X has its first exploit”, you realise that up until now the score is zero, and with each passing year, and each new Mac convert, the chance increases.

    However, “the year of the OS X exploit” makes it sound monumental. The year of THE lunar landing. The year of THE tsunami. etc. To tag an “almost certainly” in front gives a sense of inevitability without the need to show hard facts.

    If he is wrong, so be it – there is always 2007.

    Me, I’ll stick with my Mac.

  7. Evil_MS_User:

    This has been done before with an OSX system with a sizeble monetary reward put forward to anyone who could accomplish this feat. Needless to say the Mac community pissed their panties until the offer was recinded a few days latter.

    I also remember in early 2005 how so many people on this site used to claim what crappy procs Intel made, how superior the PPC was and how there was just no way Steve would allow such a piece of crap in their precious Macs.

    Well, these guys were wrong once and will probably be wrong again. Wrong with their snooty little noses stuck so far up Steve’s ass they won’t even be able to acknowledge that they have been hacked.

    I own a Mac. I’m typing this on my Mac. But nothing can’t be hacked.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.