MacDailyNews - Where Mac news comes first

Makes me wanna go out and buy a Vista machine..not...

Feb 18, 09 - 03:16 pm Comment from: MrScrith

From what I've read Apple knew of that potential, Leopard still uses 32bit kernel and some other tools that don't use Address Randomization, so it's only partially randomized, Snow Leopard is supposed to be fully randomized and also uses a 64bit kernel and memory management giving the system many more options for where to put the memory in question, IOW the exploit just reveled has already been discussed in theory and has already been fixed, just not released yet.

we've seen it all before: proof of concept is not the same as an exploit in the wild. I'll be among the first to adopt measures to protect my Mac if it is a valid exploit, but let's wait and see how contrived this technique is at Black Hat.
dd

Feb 18, 09 - 03:20 pm Comment from: CYxodus

Sounds like standard FUD. I'll make a prediction, the user has to walk the attack through each stage. That is if this is even real.

Feb 18, 09 - 03:37 pm Comment from: Brian Allen

Most of these method require physical access to the machine.

All previous hacks demonstrated at "Black Hat DC computer-security conference" have required physical access or namely an account on the machine.

Maybe the blackhatters will make a contest of it. And then keep dumbing it down until someone actually wins it. You know, just like last time.

As much as I want to give the article-writer the benefit of the doubt, the fact that they got Snow Leopard's ship date wrong leads me to believe they have an ulterior agenda in reporting this.

Only in the tech press can you get article writers frothing at the mouth over the prospect of theoretical (but not yet real-world) OS X exploits, and announced (but not yet available) products from Microsoft or Palm.

This stuff comes out every Blackhat and is later proven to have been way overblown

Feb 18, 09 - 04:07 pm Comment from: ken1w

LOL. OK, so Macs have been getting attacked all along. There was just no evidence of these attacks, so no one even knew. How desperate these so-called "security experts" must be to somehow prove that Mac OS X needs their "protection."

> Bringing the technique to the Mac, however, required a significantly more sophisticated approach

That's the key bit there. Hackers are not going to work "significantly" harder to "bring this technique to the Mac" (even if it was possible) because the world is filled with easy targets, called Microsoft Windows. Even if Mac OS X market share ever exceeded Windows, hackers would still go after Windows; Windows is easy to exploit, Mac OS X is hard - common sense rules.

I am ready for anything. Bring it!

The exploit is in EFI, the firmware level that is basically a operating system with complete access to the internet.

That's what you get when you place a secure operating system like Unix over a OS like EFI firmware developed by Intel and Microsoft, toss in some open source components for good measure, turn the OS X Firewall into a application then cover the whole mess with a improved NeXT OS and rename it OS X.

I so much liked OS X on PowerPC processors, no EFI. Add Little Snitch and BLAM! you control everything coming in and out of your machine.

> Bringing the technique to the Mac, however, required a significantly more sophisticated approach

So in other words, "superior security" is not boasting. Otherwise, it would have taken a minimally different approach. "superior" != "invulnerable"

Feb 18, 09 - 04:25 pm Comment from: Demon

Yes, it's my understanding that even for Vincenzo Iozzo theoretical exploit to work the exploiter needs to, one: have physical access to the system or the enduser needs to be tricked into running some installer type application. And, two: have real root access or the exploit needs to be run with real root access (not just admin access (which by default is the highest level of access granted to any user even the system's owner)) to the kernel otherwise the memory address spaces targeted are not accessible, let alone over writable to the exploit.
The Injection of the code also frequently causes an immediate kernel panic and requires a reboot long before the code is executed in memory, leaving the attack in the cold without the setup of the backdoor or cleaning up of the attack itself or basically no attack at all, just an attempted attack which is logged and traceable.
While the theoretical exploit is valid the practical application is far fetched and a bit late as 10.6 is just around the corner which leads one to wonder what the point of presenting such a far fetched theoretical exploit is in the first place. My guess is Vincenzo Iozzo is just looking for his 15 mins of fame and a Mac OS X exploit is guaranteed media coverage as where if it were just another Windows exploit no one would really care.

My time costs money & so far this decade, I've racked up fees in the $0 (ZERO) Dollars, with regards to hours of reinstalling software & reloading my Mac. When it's a problem, then I'll worry.

Feb 18, 09 - 04:34 pm Comment from: Andy

To be honest... I don't buy it.

Hacking OS X is probably feasible -- BUT ONLY if you have the patience, knowledge and skill to pull it off. Plus, you need a complete sap of a user to make it work.

Therefore, considering hackers are of the lazy variety (hack Windows because it requires virtually no effort) and that the Mac user would be a complete dork -- it's an unlikely scenario at best.

Feb 18, 09 - 04:35 pm Comment from: feral

run away!

run awaay!

run awaaaay!

LOL.

techtards.

And I've devised a method to put bricks to sleep but I can't tell you how I do it.

"They allow an attacker to cover her tracks"


Aha...do we suspect a female hacker?????? A hackette?

Feb 18, 09 - 05:37 pm Comment from: Hm...

Here is Iozzo's abstract:
Mac OS X is starting to spread among users, as such new exploitation techniques have to be discovered. Even if a lot of interesting ways of exploitation on OSX were presented in the past, the lack of anti-forensics techniques is clear. The talk is focused on an in memory injection technique. Specifically how it is possible to inject into a victim's machine any kind of binaries ranging from your own piece of code to real applications like Safari. This is accomplished without leaving traces on the hard disk and without creating a new process, since the whole exploitation is performed in memory. If an attacker is able to execute code in the target machine, it is possible to run this attack instead of a classic shellcode and to use it as a trampoline for higher-lever payloads. Other similar payloads like meterpreter or meterpretux exist but none of them is able to run on Mac OS X. Besides many of those techniques require to run specific crafted binaries, that way precompiled applications are left out from the possible range of payloads.

So Mr. Iozzo has a "memory injection" technique. Then " If an attacker is able to execute code in the target machine," the attacker can do nefarious things. Well, this is true in any system whatsoever. And it all rests on that very big "if."

And Erica Naone loses all credibility when she reports—without details—on "a presentation scheduled to take place today." She couldn't wait until "later today" to see if the attack was valid? She's just another hit-whore.

Feb 18, 09 - 05:47 pm Comment from: Mac Daddy

So lessee... If I let ol' Vincenzo sit at my computer for a while - oh, and I give him my passphrase too -- my computer could be compromised. Well shiver me timberrrrrrrs, aarrrrgh.

Last night somebody broke into my mac, stole all my files, and replaced them with exact duplicates.

Feb 18, 09 - 06:09 pm Comment from: Big Al

@ Steven Wright,

"Last night somebody broke into my mac, stole all my files, and replaced them with exact duplicates."


Those bastards!

Feb 18, 09 - 06:09 pm Comment from: Sixvodkas

As opposed to the method hackers use to successfully attack a Windows based computer- Press the power button.

To say that Macs' huge surge in popularity has "brought much more attention from hackers" is NOT true. 99.9% of the attention has been from security experts.

Hackers know better. Security experts are out to sell something.

"Predicting where to inject the malicious code is made more difficult by a security feature in OS X..."

Well, we never claimed OS X is perfect. Nothing is. But at least OS X makes those who wish us ill really work for their limited successes.

Feb 18, 09 - 07:26 pm Comment from: Zeke

"one security expert will reveal a technique for attacking the Mac operating system--OS X--without leaving a trace"

Sorry, that's already being done daily. My firewall logs say that my Mac is attacked all the time (unsuccessfully) without any effect.

Feb 18, 09 - 07:30 pm Comment from: MacFhearghaile

The young lady that wrote the article graduated from MIT in 2007. If she is anything like the MIT grads that I worked with, before I retired, she is overly impressed with herself. In addition Miss Naones use of "her" to describe the hacker in her article leads me to believe that she has an advanced case of self importance and is a terminal feminist.

Feb 18, 09 - 07:43 pm Comment from: alansky

@Macaday: Good point!

If I could get physical access to the machine without anyone objecting, I would either be the person's confident or a Geek Squad employee. I could also steal it or crush with a brick.

I have a hard time believing a hacker would go to the trouble of ensuring the uninterrupted physical access necessary to execute this.

"They allow an attacker to cover her tracks"

The english language is masculine, sentence should read, "They allow an attacker to cover HIS tracks."

Journalism in America isn't what it use to be. Where did these people go to School, France or is this just more PC crap??

'The english language is masculine, sentence should read, "They allow an attacker to cover HIS tracks."'

What kind of idiot comment was that? Consistent use of masculine pronouns is one of the many ways that classrooms in technical fields are made hostile to females. There is no requirement in the language that male pronouns be used in these situations. Leave the 50s and join us here in the new century.

Feb 19, 09 - 01:39 am Comment from: nanisani

>> Journalism in America isn't what it use to be. Where did these people go to School, France or is this just more PC crap?? <<

No it isn't what it use (sic) to be, nor is it what it used to be. Perhaps it should have read 'his or her tracks'....

Or perhaps we should all get lives.

@Steven Wright

The same thing happened to me! O woe is the Mac!

Feb 19, 09 - 02:20 am Comment from: Derek in Milan

Feminism, PC, Various 'rights' issues - a way to hypnotise the Left into getting all fired up about not much, while the Right steal all the money. Again.

As for the language, Macdoc is correct, even if your foolish little Leftwing hypnotised brain doesnt like it.

As for the Mac OS X security issues - they are more fuckwit rubbish.
STFU and grow some vegetables.

What is BLAM! ? Any link to it?

Using run-on sentences, capitalizing a run-of-the-mill noun and, generally, posting such drivel using poor grammar and syntax — apart from your silly statement that English is masculine — suggest you need a course in remedial first grade.

@ @macdoc,

Macdoc's comments made way more sense than yours.

Feb 19, 09 - 08:16 pm Comment from: zek

And at the next table Mr Grigor Hardtopronounceski will be demonstrating how macs are extremely vulnerable to attack by a man with a hammer.

Feb 20, 09 - 04:56 am Comment from: GRANDxADMIRAL

I am glad that there are still so many people using Windows. Hackers, Phishers; they're all trying to scam dumb people out of their money. Why waste their time unsuccessfully attempting to scam intelligent people who've already figured out the meaning of life, the universe and everything and bought an Apple computer.

Feb 20, 09 - 05:01 am Comment from: GRANDxADMIRAL

(...continuing)

...There are already hundreds of thousands of people who've proudly stood up and said: "I'm a PC - I'm half retarded and I suck both thumbs."

*popup*
"Your computer has a virus! Click here to remove it..."

Cha-ching!

I thought Dubya sent all the Black Hatters to Cuba