“A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves,” Jim Finkle reports for Reuters.
MacDailyNews Take: “Scrambled data?” Just how “scrambled?” Can it be unscrambled by the hackers? If so, how about reporting that fact. If not, please tell us why we should care?
Finkle continues, “Prominent Mac researcher Dino Dai Zovi disclosed the software flaw at the Black Hat security conference in Las Vegas, one of the world’s top forums for exchanging information on Internet threats.”
MacDailyNews Take: Ooh, “prominent,” and at a “top forum,” no less. Should the “wow” start now or should we wait?
Finkle continues, “About 4,000 security professionals are in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes. It is not illegal to publish software that can be used to hack into computer systems, though it is against the law to use it to break into them.”
Finkle reports, “Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp’s Windows operating system. Security experts have identified at least three viruses infecting Macs over the past year.”
MacDailyNews Take: Wrong. In his full report, Finkle goes on the describe two TROJANS, not viruses. One contained in pirated versions of what Finkle calls “Apple’s iWorks” [sic] and the other is “OSXPuper” which is delivered in a fake video player. Finkle offers no word on where his imaginary third “virus” went.
Finkle continues, “The technique that Dai Zovi unveiled on Wednesday — dubbed ‘Machiavelli’ — only works on machines that have already been victimized. It can take control of Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.”
MacDailyNews Take: Only works on machines that have already been victimized. A real reporter who’s interested in reporting the whole truth would explain this in greater detail. Finkle tries to hide it with a quick mention just before describing the oh-so-scary theoretical outcome that, of course, never, ever seems to affect actual Mac users in the wild. Again, just how encrypted is this data that could be stolen “from a user’s bank accounts” if, of course, his or her machine has “already been victimized,” whatever that means?
Finkel continues, “Charlie Miller, co-author of ‘The Mac Hacker’s Handbook’ …said the Mac’s operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit. While there is a limited supply of malicious software targeting Macs today, experts worry that the pendulum could quickly shift, leaving millions of Apple users unprotected.”
Full article here.
MacDailyNews Take: Um, okay, excuse us for not running out to buy worthless AV software that robs our wallets and our processor cycles based on yet another warning from so-called “security experts” that we’ve heard multiple times per year for approximately the last decade.
This is nothing more than the same story that’s recycled every year at this time in order to promote the Black Hat conference.
Now someone please explain what the hell he means by Mac OS X “has a lot more code in it than Windows” when it doesn’t? A lot more vulnerable code, maybe? If so, then STFU already, and Bring. It. On.
We grow weary of all the build up. Where’s the big payoff, er… payload? Hello?
We’re turning off our Mac OS X firewalls today to mark yet another tech reporting crapfest – oh, wait, they’re off already; without consequence. We forgot to turn them back on after we turned them off to protest another bullshit “Mac Virus” report back in 2003.
And, now for our obligatory explanation of why the “Security via Obscurity” myth fails the test of basic logic:
It is utterly illogical to state or imply that the Mac platform is secure via obscurity. Why, if obscurity means security, in April 2007 was there a virus for iPods running Linux (a few thousand devices total, to wildly overestimate, in all the world), but there are no viruses in eight years for the over 33 million Mac OS X computers that are currently online? And, why would criminals not target the most affluent personal computer users, the tens of millions of Mac users around the world? Why do hackers looking to steal money only target the cheapest, the Windows PC sufferers? Why try to rob a bunch of poor people if the rich ones are sitting there so supposedly vulnerable? Please see: NPD: Apple grabbed 91% share of premium computer market in June – July 23, 2009.
We’ve asked those and similar questions for years, yet the silence remains deafening and telling. Instead we get a steady stream of lies and/or ignorance, like Jim’s.
The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because fewer people use Macs, is simply not true. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, The New York Times’ David Pogue, provides a concise mea culpa on the subject of the “Mac Security Via Obscurity” myth here. Riva, honey, read your own paper’s archives.
Simple logic is certainly not what AV software peddlers, Windows PC box assemblers, and the leeches affixed to the Windows ecosystem want people to hear. Fear is what they’re after. The sheep must be kept in the Windows pen, no matter the cost to reputations, reality, productivity, sanity, etc. Far too many have far too much invested in Microsoft Windows for them to stand idly by and let it all slip away due to a vastly superior, vastly more secure solution from Apple. But, slip away it does nonetheless.
Every single time there is a Windows virus outbreak or the Black Hat conference rolls around, the “Security Via Obscurity” myth gets trotted out. This is done for a reason, even though it gets more ridiculous with each passing year.
“Security via Obscurity” is a defense mechanism for the delusional and also tool for Microsoft apologists and/or those who profit from Windows that’s designed to be used when attempting keep Windows sufferers from straying. The fact that there are 33+ million Mac OS X installs is not “obscure” at all, but eight (8+) years of Mac users surfing the Net unimpeded certainly is “secure.” To review: No obscurity, just security. Besides social engineering scams (phishing, trojans; no OS can instill common sense) the only thing by which Mac users are really affected are large swaths of compromised Windows machines slowing down the ‘Net with spam and nefarious botnet traffic targeted at exploiting even more insecure Windows boxes.
The. Problem. Is. Windows. Get a Mac.
Contact Reuters’ Editor via online form here.
Oi, MDN! What’s the point in turning the firewalls off, really? They shouldn’t be slowing stuff down and Apple did put them there for a reason. According to Which? magazine, Apple firewalls are the most powerful, so why not use the best software?
Finkle is Einhorn!
Another hit whore.
Surely, this has been one of the best MDN takes. If not, someone ought to do a top ten MDN takes.
Apart from the usual debunking the crap throughout the take, with that final paragraph alone, I think, this one secures a prominent seat in pantheon of great MDN takes.
These DOS lovin’ dickwads will jump on ANY trivial thing that proves just how shitty Macs are.
I hope they all have fun in the circle-jerk seminars at the AssHat Conference.
Macintosher,
Can you say “Sacasm”? Good, I knew you could.
This is the same old song and dance. From the FUD spreaders. These are the same lies that we have been hearing since 2001. If you look closely, all they can say is what MIGHT happen. Chicken Little, the sky MIGHT fall! Oooooh! OS X may one day be crippled with viruses! Except that day is not today.
Sorry, but what is childish is the blatant lies the OS X haters repeat incessantly.
It’s any excuse with these guys. I sleep easy knowing that not one hacker or virus has ever done damage to an OSX Mac. Your average Windows user though… that’s a different matter. With all the nasties they face, it’s no wonder most of them sweat like a glassblower’s backside.
MDN is right. These Mac “vulnerabilities” are exaggerated or total BS. The “journalists” should make clear that these “security experts” have a big stake in promoting fear because they are selling AV/security software, as well as their own importance.
I didn’t know there was such a thing as virus protection software for a Mac. Who makes that stuff?
“It can take control of Apple’s Safari browser, stealing encrypted data from a user’s bank accounts.”
I guess it’s a good thing that I don’t store encrypted data in my bank account. I only keep money there!
That Pogue article is from 2003, 6 years ago, when Mac market share was what, around 3%?
The same holds true today.
And there WERE viruses for the “Classic” Mac OS… 1984 to 2002 there were 62, give or take a few. Google it.
I only saw one once, on a friend’s Mac LC… back in 1991. That’s it.
“While there is a limited supply of malicious software targeting Macs today, experts worry that the pendulum could quickly shift, leaving millions of Apple users unprotected.”
This must have been a typo. I think the author meant to say, “While there is a limited supply of malicious software targeting Macs today, anti-virus peddlers worry that the pendulum could quickly shift, leaving millions of them without a reliable revenue stream.”
@chabig… badda bing badda boom
You hit the nail on the head!
If “security by obscurity” has protected Mac owners so well in the past 10 year (while so-called experts predited it would fail every single of those years), then the conclusion is that people should get Macs running MacOSX, and enjoy years of virus-free computing.
And when the FIRST Mac virus hits, 3 years from now, THEN maybe buy an antivirus too. Maybe.
LOL @ Finkle and Einhorn
And here’s another proof that “security by obscurity” is ridiculous: Just imagine the fame (if not fortune) of the first hacker to successfully make a real virus for OS X! They’re all out there trying to be the first, but none of them can do it.
While it may be true that a hacker is more likely to pick a market to infiltrate with 1 BILLION users versus 33 Million users, 33 million + the potential fame is certainly worth it…
It can no longer be said that the Mac OS is obscure…
In 1993, there were about 152 million PCs in the world. Almost none of them were connected to the internet (since it didn’t exist in its current form, and neither did e-mail, in its current form). And yet, there were over 12,000 unique computer viruses or other malware software for the Intel platform.
At the height of Mac OS 9 (end of 2000), there were close to 70 malware titles for it. At the time, Mac had around 17 million installed desktops.
No matter how you slice it, “security through obscurity” myth just does not compute. Malware writers made effort to write malware when its distribution was extremely difficult (in 1993); they made effort to write for a considerably smaller user base (OS 9 with 17 million users), but somehow they refuse to make effort to target the most affluent segment of today’s market, representing well over 30 million always-on, always-connected computers? Without ANY malware detection software???
I love the “security via obscurity” concept. For one thing, it’s true. There are very few Script Kiddies making any effort to hack a Mac. Real hackers? Certainly. But Script Kiddies? Hardly a one.
There have been hacking contests at several recent Black Hat conferences, contests where the prizes are significant. All you had to do was break into a Mac. Or Safari. And the system became more open to you each day of the conference – until it was broken. This is called “incentive”, the props were worth even more than the prizes! Yet the Macs did well, one holding up until all sensible “security” was shut down and the hackers were given physical access to the machine.
Our families systems all have the firewall running and User accounts so there is seldom EVER a need to log in to the Admin account. And our passwords meet the usual minimal standards most enterprises require, not that such efforts would slow down a real Hacker significantly. All this just in case someone DOES find a hole or two a Script Kiddie could wriggle through.
And if were a Microsoft flaw you would be all over it
That did it! I’m going back to the security of Windows! I hear that Windows 7 will be hermetically sealed!
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
These articles do their intended FUD job.
When my friends come to me with their ongoing Switching fantasies, (“fantasies”, because they rarely act on them), and they ask about viruses, as usual I tell them there are none for OS X.
And without fail friend will say, “Oh, but I heard they just found a virus for Macs!”
We scan the headlines, make inferences, and come to conclusions without investigation.
These FUD writers count on people’s perceptions, not facts, keeping the sheep in the pen.
Unfortunately, it works.
“Why try to rob a bunch of poor people if the rich ones are sitting there so supposedly vulnerable?”
Because a fool and his money are soon parted.
It’s foolish to choose Windows in this day and age.
Cheers!
If a hacker wants the publicity thrill of seeing the results of his work make the headlines, there isn’t any bigger prize than the brass ring of writing a Mac virus. Marketshare of users isn’t the target, it’s publicity and it would be WORLDWIDE news within hours IF there were an actual, caught-in-the-wild virus for the Mac. The MS fanboyz would hyper-fan those flames; the antivirus companies would fan those flames; Ballmer would probably give a press conference gloating over it.
There aren’t any viruses like that for the Mac; not because of obscurity or lack of “the big prize”, but because the sheer amount of effort required to find and exploit a weakness like that is way beyond what any hacker is willing to invest. And Apple keeps tightening up the security again and again with each update. It may never happen regardless of how many Mac users there are.
The Mac OS will never be the swiss cheese security risk that Windows is because it simply isn’t that weak.
Every Mac OS X hack ever reported has required physical access to the Mac being hacked.
It seems the best anti-virus protection for a Mac could be purchased from your local locksmith.