Ooh, big scary ‘Mac flaw’ could let hackers get scrambled data

“A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves,” Jim Finkle reports for Reuters.

MacDailyNews Take: “Scrambled data?” Just how “scrambled?” Can it be unscrambled by the hackers? If so, how about reporting that fact. If not, please tell us why we should care?

Finkle continues, “Prominent Mac researcher Dino Dai Zovi disclosed the software flaw at the Black Hat security conference in Las Vegas, one of the world’s top forums for exchanging information on Internet threats.”

MacDailyNews Take: Ooh, “prominent,” and at a “top forum,” no less. Should the “wow” start now or should we wait?

Finkle continues, “About 4,000 security professionals are in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes. It is not illegal to publish software that can be used to hack into computer systems, though it is against the law to use it to break into them.”

Finkle reports, “Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp’s Windows operating system. Security experts have identified at least three viruses infecting Macs over the past year.”

MacDailyNews Take: Wrong. In his full report, Finkle goes on the describe two TROJANS, not viruses. One contained in pirated versions of what Finkle calls “Apple’s iWorks” [sic] and the other is “OSXPuper” which is delivered in a fake video player. Finkle offers no word on where his imaginary third “virus” went.

Finkle continues, “The technique that Dai Zovi unveiled on Wednesday — dubbed ‘Machiavelli’ — only works on machines that have already been victimized. It can take control of Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.”

MacDailyNews Take: Only works on machines that have already been victimized. A real reporter who’s interested in reporting the whole truth would explain this in greater detail. Finkle tries to hide it with a quick mention just before describing the oh-so-scary theoretical outcome that, of course, never, ever seems to affect actual Mac users in the wild. Again, just how encrypted is this data that could be stolen “from a user’s bank accounts” if, of course, his or her machine has “already been victimized,” whatever that means?

Finkel continues, “Charlie Miller, co-author of ‘The Mac Hacker’s Handbook’ …said the Mac’s operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit. While there is a limited supply of malicious software targeting Macs today, experts worry that the pendulum could quickly shift, leaving millions of Apple users unprotected.”

Full article here.

MacDailyNews Take: Um, okay, excuse us for not running out to buy worthless AV software that robs our wallets and our processor cycles based on yet another warning from so-called “security experts” that we’ve heard multiple times per year for approximately the last decade.

This is nothing more than the same story that’s recycled every year at this time in order to promote the Black Hat conference.

Now someone please explain what the hell he means by Mac OS X “has a lot more code in it than Windows” when it doesn’t? A lot more vulnerable code, maybe? If so, then STFU already, and Bring. It. On.

We grow weary of all the build up. Where’s the big payoff, er… payload? Hello?

We’re turning off our Mac OS X firewalls today to mark yet another tech reporting crapfest – oh, wait, they’re off already; without consequence. We forgot to turn them back on after we turned them off to protest another bullshit “Mac Virus” report back in 2003.

And, now for our obligatory explanation of why the “Security via Obscurity” myth fails the test of basic logic:

It is utterly illogical to state or imply that the Mac platform is secure via obscurity. Why, if obscurity means security, in April 2007 was there a virus for iPods running Linux (a few thousand devices total, to wildly overestimate, in all the world), but there are no viruses in eight years for the over 33 million Mac OS X computers that are currently online? And, why would criminals not target the most affluent personal computer users, the tens of millions of Mac users around the world? Why do hackers looking to steal money only target the cheapest, the Windows PC sufferers? Why try to rob a bunch of poor people if the rich ones are sitting there so supposedly vulnerable? Please see: NPD: Apple grabbed 91% share of premium computer market in June – July 23, 2009.

We’ve asked those and similar questions for years, yet the silence remains deafening and telling. Instead we get a steady stream of lies and/or ignorance, like Jim’s.

The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because fewer people use Macs, is simply not true. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, The New York Times’ David Pogue, provides a concise mea culpa on the subject of the “Mac Security Via Obscurity” myth here. Riva, honey, read your own paper’s archives.

Simple logic is certainly not what AV software peddlers, Windows PC box assemblers, and the leeches affixed to the Windows ecosystem want people to hear. Fear is what they’re after. The sheep must be kept in the Windows pen, no matter the cost to reputations, reality, productivity, sanity, etc. Far too many have far too much invested in Microsoft Windows for them to stand idly by and let it all slip away due to a vastly superior, vastly more secure solution from Apple. But, slip away it does nonetheless.

Every single time there is a Windows virus outbreak or the Black Hat conference rolls around, the “Security Via Obscurity” myth gets trotted out. This is done for a reason, even though it gets more ridiculous with each passing year.

“Security via Obscurity” is a defense mechanism for the delusional and also tool for Microsoft apologists and/or those who profit from Windows that’s designed to be used when attempting keep Windows sufferers from straying. The fact that there are 33+ million Mac OS X installs is not “obscure” at all, but eight (8+) years of Mac users surfing the Net unimpeded certainly is “secure.” To review: No obscurity, just security. Besides social engineering scams (phishing, trojans; no OS can instill common sense) the only thing by which Mac users are really affected are large swaths of compromised Windows machines slowing down the ‘Net with spam and nefarious botnet traffic targeted at exploiting even more insecure Windows boxes.

The. Problem. Is. Windows. Get a Mac.

Contact Reuters’ Editor via online form here.

36 Comments

  1. Oi, MDN! What’s the point in turning the firewalls off, really? They shouldn’t be slowing stuff down and Apple did put them there for a reason. According to Which? magazine, Apple firewalls are the most powerful, so why not use the best software?

  2. Surely, this has been one of the best MDN takes. If not, someone ought to do a top ten MDN takes.

    Apart from the usual debunking the crap throughout the take, with that final paragraph alone, I think, this one secures a prominent seat in pantheon of great MDN takes.

  3. These DOS lovin’ dickwads will jump on ANY trivial thing that proves just how shitty Macs are.

    I hope they all have fun in the circle-jerk seminars at the AssHat Conference.

  4. This is the same old song and dance. From the FUD spreaders. These are the same lies that we have been hearing since 2001. If you look closely, all they can say is what MIGHT happen. Chicken Little, the sky MIGHT fall! Oooooh! OS X may one day be crippled with viruses! Except that day is not today.

    Sorry, but what is childish is the blatant lies the OS X haters repeat incessantly.

  5. It’s any excuse with these guys. I sleep easy knowing that not one hacker or virus has ever done damage to an OSX Mac. Your average Windows user though… that’s a different matter. With all the nasties they face, it’s no wonder most of them sweat like a glassblower’s backside.

  6. MDN is right. These Mac “vulnerabilities” are exaggerated or total BS. The “journalists” should make clear that these “security experts” have a big stake in promoting fear because they are selling AV/security software, as well as their own importance.

  7. “It can take control of Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.”

    I guess it’s a good thing that I don’t store encrypted data in my bank account. I only keep money there!

  8. That Pogue article is from 2003, 6 years ago, when Mac market share was what, around 3%?

    The same holds true today.

    And there WERE viruses for the “Classic” Mac OS… 1984 to 2002 there were 62, give or take a few. Google it.

    I only saw one once, on a friend’s Mac LC… back in 1991. That’s it.

  9. “While there is a limited supply of malicious software targeting Macs today, experts worry that the pendulum could quickly shift, leaving millions of Apple users unprotected.”

    This must have been a typo. I think the author meant to say, “While there is a limited supply of malicious software targeting Macs today, anti-virus peddlers worry that the pendulum could quickly shift, leaving millions of them without a reliable revenue stream.”

  10. If “security by obscurity” has protected Mac owners so well in the past 10 year (while so-called experts predited it would fail every single of those years), then the conclusion is that people should get Macs running MacOSX, and enjoy years of virus-free computing.

    And when the FIRST Mac virus hits, 3 years from now, THEN maybe buy an antivirus too. Maybe.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.