“A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves,” Jim Finkle reports for Reuters.
MacDailyNews Take: “Scrambled data?” Just how “scrambled?” Can it be unscrambled by the hackers? If so, how about reporting that fact. If not, please tell us why we should care?
Finkle continues, “Prominent Mac researcher Dino Dai Zovi disclosed the software flaw at the Black Hat security conference in Las Vegas, one of the world’s top forums for exchanging information on Internet threats.”
MacDailyNews Take: Ooh, “prominent,” and at a “top forum,” no less. Should the “wow” start now or should we wait?
Finkle continues, “About 4,000 security professionals are in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes. It is not illegal to publish software that can be used to hack into computer systems, though it is against the law to use it to break into them.”
Finkle reports, “Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp’s Windows operating system. Security experts have identified at least three viruses infecting Macs over the past year.”
MacDailyNews Take: Wrong. In his full report, Finkle goes on the describe two TROJANS, not viruses. One contained in pirated versions of what Finkle calls “Apple’s iWorks” [sic] and the other is “OSXPuper” which is delivered in a fake video player. Finkle offers no word on where his imaginary third “virus” went.
Finkle continues, “The technique that Dai Zovi unveiled on Wednesday — dubbed ‘Machiavelli’ — only works on machines that have already been victimized. It can take control of Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.”
MacDailyNews Take: Only works on machines that have already been victimized. A real reporter who’s interested in reporting the whole truth would explain this in greater detail. Finkle tries to hide it with a quick mention just before describing the oh-so-scary theoretical outcome that, of course, never, ever seems to affect actual Mac users in the wild. Again, just how encrypted is this data that could be stolen “from a user’s bank accounts” if, of course, his or her machine has “already been victimized,” whatever that means?
Finkel continues, “Charlie Miller, co-author of ‘The Mac Hacker’s Handbook’ …said the Mac’s operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit. While there is a limited supply of malicious software targeting Macs today, experts worry that the pendulum could quickly shift, leaving millions of Apple users unprotected.”
Full article here.
MacDailyNews Take: Um, okay, excuse us for not running out to buy worthless AV software that robs our wallets and our processor cycles based on yet another warning from so-called “security experts” that we’ve heard multiple times per year for approximately the last decade.
This is nothing more than the same story that’s recycled every year at this time in order to promote the Black Hat conference.
Now someone please explain what the hell he means by Mac OS X “has a lot more code in it than Windows” when it doesn’t? A lot more vulnerable code, maybe? If so, then STFU already, and Bring. It. On.
We grow weary of all the build up. Where’s the big payoff, er… payload? Hello?
We’re turning off our Mac OS X firewalls today to mark yet another tech reporting crapfest – oh, wait, they’re off already; without consequence. We forgot to turn them back on after we turned them off to protest another bullshit “Mac Virus” report back in 2003.
And, now for our obligatory explanation of why the “Security via Obscurity” myth fails the test of basic logic:
It is utterly illogical to state or imply that the Mac platform is secure via obscurity. Why, if obscurity means security, in April 2007 was there a virus for iPods running Linux (a few thousand devices total, to wildly overestimate, in all the world), but there are no viruses in eight years for the over 33 million Mac OS X computers that are currently online? And, why would criminals not target the most affluent personal computer users, the tens of millions of Mac users around the world? Why do hackers looking to steal money only target the cheapest, the Windows PC sufferers? Why try to rob a bunch of poor people if the rich ones are sitting there so supposedly vulnerable? Please see: NPD: Apple grabbed 91% share of premium computer market in June – July 23, 2009.
We’ve asked those and similar questions for years, yet the silence remains deafening and telling. Instead we get a steady stream of lies and/or ignorance, like Jim’s.
The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because fewer people use Macs, is simply not true. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, The New York Times’ David Pogue, provides a concise mea culpa on the subject of the “Mac Security Via Obscurity” myth here. Riva, honey, read your own paper’s archives.
Simple logic is certainly not what AV software peddlers, Windows PC box assemblers, and the leeches affixed to the Windows ecosystem want people to hear. Fear is what they’re after. The sheep must be kept in the Windows pen, no matter the cost to reputations, reality, productivity, sanity, etc. Far too many have far too much invested in Microsoft Windows for them to stand idly by and let it all slip away due to a vastly superior, vastly more secure solution from Apple. But, slip away it does nonetheless.
Every single time there is a Windows virus outbreak or the Black Hat conference rolls around, the “Security Via Obscurity” myth gets trotted out. This is done for a reason, even though it gets more ridiculous with each passing year.
“Security via Obscurity” is a defense mechanism for the delusional and also tool for Microsoft apologists and/or those who profit from Windows that’s designed to be used when attempting keep Windows sufferers from straying. The fact that there are 33+ million Mac OS X installs is not “obscure” at all, but eight (8+) years of Mac users surfing the Net unimpeded certainly is “secure.” To review: No obscurity, just security. Besides social engineering scams (phishing, trojans; no OS can instill common sense) the only thing by which Mac users are really affected are large swaths of compromised Windows machines slowing down the ‘Net with spam and nefarious botnet traffic targeted at exploiting even more insecure Windows boxes.
The. Problem. Is. Windows. Get a Mac.
Contact Reuters’ Editor via online form here.