+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: "Researcher cracks Mac in 10 seconds" (/showthread.php?tid=74750)
Pages:
1
2
"Researcher cracks Mac in 10 seconds" - JEBB - 03-20-2009
What is going on here? Have the bad guys figured out how to screw up our Macs?
Partial quote:
"Charlie Miller, the security researcher who hacked a Mac in two minutes last year at CanSecWest's PWN2OWN contest, improved his time Wednesday by breaking into another Mac in under 10 seconds."
Re: "Researcher cracks Mac in 10 seconds" - deckeda - 03-20-2009
What's going on is that it's a contest with rules and goals that permit and encourage the following:
Contestants show up having already identified the vulnerability, developed and tested the exploit. The fact that they exploited the computer in seconds doesn't sound as impressive when you realize all they're doing at that point is walking up to it and pressing a button or two. Translate all that into the real world and then ask yourself if you're actually concerned still with this "news."
Re: "Researcher cracks Mac in 10 seconds" - Mike Sellers - 03-20-2009
deckeda wrote:
What's going on is that it's a contest with rules and goals that permit and encourage the following:
Contestants show up having already identified the vulnerability, developed and tested the exploit. The fact that they exploited the computer in seconds doesn't sound as impressive when you realize all they're doing at that point is walking up to it and pressing a button or two. Translate all that into the real world and then ask yourself if you're actually concerned still with this "news."
Everyone who clicks on links in spam is vulnerable.
Re: "Researcher cracks Mac in 10 seconds" - deckeda - 03-20-2009
Totally agree. But I also think that exploits that rely on social engineering are essentially harmless with a minimum of user education. When Miller hacks a legitimate popular website that makes Macs vulnerable I'll worry. Not saying it can't or won't be done, but until it is... I just don't consider this something for users to get freaked out about.
He found a problem, it gets reported and sent to Apple. Yay. I feel no less comfortable using Safari on my Macs today. What does make me feel better is his buddy Dino, who's a Mac user who find vulnerabilities in his spare time and donates his work to Apple, who he says is responsive and gives him attribution. Miller on the other hand has only reported 2 --- two --- Safari vulnerabilities in 2 years because he gives nothing away and waits for the contest to sell his work. To each his own, but I take issue when I hear about guys like Miller who try to come off as doing security work for some greater good. His low productivity speaks for itself.
Re: "Researcher cracks Mac in 10 seconds" - Mike Sellers - 03-20-2009
Sorry, I forgot my sarcasm emoticon. Yeah, this is yet another mountain from a molehill.
Re: "Researcher cracks Mac in 10 seconds" - deckeda - 03-20-2009
I've pledged to consume only one cup of coffee in the morning. But sometimes I fall off the wagon. (Looks around for actual work to do, at work ...)
Re: "Researcher cracks Mac in 10 seconds" - Doc - 03-20-2009
The kid who had handy exploits for Safari, IE and Firefox walked away with $15k.
Not bad for a day's work.
Re: "Researcher cracks Mac in 10 seconds" - Mike Sellers - 03-20-2009
Doc wrote:
The kid who had handy exploits for Safari, IE and Firefox walked away with $15k.
Not bad for a day's work.
As deck pointed out, it was a lot more than one day's work.
Re: "Researcher cracks Mac in 10 seconds" - IronMac - 03-20-2009
Wasn't he already sitting on that exploit for a year?
As for the comment about user education...that's laughable. Good luck consoling yourself with that sort of pablum.
Re: "Researcher cracks Mac in 10 seconds" - Mike Sellers - 03-20-2009
IronMac wrote: As for the comment about user education...that's laughable. Good luck consoling yourself with that sort of pablum.
And people who make their living off of tech support are eternally grateful.