MacDailyNews - Where Mac news comes first

Mar 29, 08 - 01:00 am Comment from: NeonRed

"MacDailyNews Take: Ooh, a Fujitsu U810 laptop running Vista Ultimate SP1. Hello, eBay?"
Ooh, Now that was a catty response

MDN's take is a catty response.

On another note; it's nice to see that these contestants actually spent time while at the compitition to achieve this, unlike the guy who won the MBA.

there's hating because Win Vista SP1 was vulnerable because of third party software. Needless to say, Safari is made by Apple. I hate to say it, I hate MS more than anyone, but they took an
extra day and needed more of the safeties released.
This time.


However!
Let's just wait until next year when MS releases another SP and breaks more stuff.

Mar 29, 08 - 02:13 am Comment from: Brau

"Ooh, Now that was a catty response"

What do you expect with a litterbox as a prize?

Mar 29, 08 - 02:50 am Comment from: Reality Check

Well, at least you can browse the web safely with the Fujitsu U810 laptop running Vista Ultimate SP1...

Let's all be honest. Apple in the past has had enough programmers to keep ahead of the virus makers. This is changing.

roughly drafted has a nice piece on this before you all leap to your conclusions like the organizers and drive by media thought you would...

How sad. Only way to hack Vista is through Adobe's shitty flash, while Macs got compromised first from Apple's own Safari.

Vista > Mac O$X

And this is so NOT NEWS that the ONLY place this will be reported is on MDN...LOL!

And in other news:

It came to our attention yesterday evening that "Reality Check" is Steve Ballmer's secretary.

Which explains a lot.

Only a fool would think it safer to troll the internet using Vista than OSX, of any flavour. However fools remain ten a penny.

"However fools remain ten a penny."


Does that mean that Ray can afford twenty fools?

Ooh, a Fujitsu U810 laptop running Vista Ultimate SP1. Hello, eBay?

Heh, why risk bad feedback on eBay?

I say stuff this one straight into the trash. It isn't even worth recycling.

As far a face-slaping, er "rewarding" someone with this thing, WTF?? At least the cash prize took the edge off.

"Fujitsu U810 laptop running Vista Ultimate SP1."

Didn't Homeland Security order 200 of those fine machines? I feel safer.

Mar 29, 08 - 09:28 am Comment from: JAYGEE

I'm impressed that it was a third party application, and not IE or Vista itself that they used to hack. If only Vista wasn't slow. Let's hope Windows 7 will have the strength of VIsta, & the speed of Leopard.

Mar 29, 08 - 09:32 am Comment from: Tommy Boy

http://www.roughlydrafted.com/2008/03/28/cansecwest-and-swiss-federal-institute-of-tech-deliver-attacks-on-the-reality-of-mac-security/

As long as people still find it necessary to buy virus protection for Windows computers (and not for Macs), there's absolutely no way to claim that Windows computers are "safer."

"Let's hope Windows 7 . . ."

Never exists.

I don't see myself getting Windows 7 in the next few years, so I guess it doesn't matter to me when they release it. I can afford for them to take their time.

Mar 29, 08 - 10:32 am Comment from: HMCIV

Hello eBay???? Try Hello Boat Anchor!

Mar 29, 08 - 10:43 am Comment from: Mr. Reeee

TommyBoy…
Thanks for the Roughly Drafted link. Good article.
The follow-up comments are particularly illuminating.

"MacDailyNews Take: Ooh, a Fujitsu U810 laptop running Vista Ultimate SP1. Hello, eBay?"

That's actually a really nice laptop hardware wise. I would install Ubuntu or some other linux distro on it. Also, people have been wanting Apple to release an ultraportable macbook tablet for some time.

An apple machine the same size would be VERY nice. However, for some reason North Americans don't like small laptops (laptops with displays below 11 inches). I think an Apple machine similar in size would be necessary for Asian markets like Japan and Korea where Apple hasn't performed as well as in Europe and North America.

The thing is, the guy who hacked the MacBook said he did so because he thought it was easier. Fair enough, maybe it is/was. Had he/they attempted the other machines, how do we know they couldn't have done it just as quick? It's not a subjective test. A hack is a hack, but it's being labelled as some sort of proof of overall security of all systems in general.

Windows Vista Ultimate.

I nominate that for the "Oxymoron of the decade."

Let us all remember that none of these computers were hacked on the first day. They all required a certain amount of physical access.

I wonder if there was a-v software on the Windows machine?

Go Linux.

No a-v software on any machine. No exposure to the internet either.

What kind of bullshit is this. An unprotected Vista machine on the internet would have been pwned by a Russian or Chinese spammer before the first contestant got anywhere near it.

Hell anyone can hack any computer if you give them physical access.

Mar 29, 08 - 06:12 pm Comment from: ken1w

> I hate to say it, I hate MS more than anyone, but they took an extra day and needed more of the safeties released.

The Safari hack was created well ahead of the contest. The time it took is irrelevant. You don't actually think it took just two minutes for that hacker to create website to compromise the MacBook Air. It probably took weeks.

The reason the Mac was compromised faster in the contest was because the competitors wanted a MacBook Air much more than a Fujitsu.

This news item will get 1/1,000th of the coverage of the Mac story because everyone expects Windows to be hacked.

Actually, it will get 1/1000th of the coverage because the exploit had nothing to do with Microsoft software. According to Engadget, the exploit took advantage of a cross-platform Java vulnerability -- which means the exploit will work on ANY computer with the same version of Java (Macs included).

http://www.engadget.com/2008/03/29/linux-becomes-only-os-to-escape-pwn-2-own-unscathed/

The Safari hack was created well ahead of the contest. The time it took is irrelevant. You don't actually think it took just two minutes for that hacker to create website to compromise the MacBook Air. It probably took weeks.

You're partially right. The Mac exploit almost certainly took weeks or months to develop.

However, the time taken (in days) to hack the various computers DOES matter. With each day, restrictions are lifted that make hacking easier. The faster the computer is hacked (in days), the more severe the vulnerabilities of the computer. That's why the prize money for the Mac was $10,000 and the Vista PC was only $5,000 -- they were hacked on different days.

On the second day, no third-party software can be installed. This is why the Vista PC took until later in the competition to be hacked -- the Vista exploit, unlike that of the Mac, relied on third-party software.

Damn dont you love the irony of this all. I remember a very positive way to go for making Apple a little bit safer, and of course now its Vista what a piece of junk. MDN I love your reporting if for nothing else than to read the oposite into every story.
Fanbois give it up and be happy with what you got, And let the rest of us 95% be happy with what we got.

Mar 30, 08 - 12:25 am Comment from: Jubei

He'll probably sell that piece of junk on eBay anyway.

What kind of bullshit is this. An unprotected Vista machine on the internet would have been pwned by a Russian or Chinese spammer before the first contestant got anywhere near it.

It's the kind of bullshit you read on Mac Fanboy sites like MDN. My unprotected Dell with Vista has been on the internet for a year and it's never been pwned by anyone. When are you Mac Freaks going to realize Mac OS X is no better or worse than anything else - it's just more obscure and different.

The writing should've been on the wall when Apple released Safari for Windows touting it as the most secure browser ever. Within hours of being released on the Windows platform, security researchers discovered several serious flaws in Safari - most of them which applied to the Mac version as well.

The world of Windows is battle hardened and secure, and gets scrutinized every day. Macs have Swiss Cheese security and Mac users have big inflated heads. Every once in awhile we like to pin prick a MacHead and watch it pop.

We now return you to your regularly scheduled Mac Illusion on MDN.......

> > I hate to say it, I hate MS more than anyone, but they took an extra day and needed more of the safeties released.

> The Safari hack was created well ahead of the contest. The time it took is irrelevant. You don't actually think it took just two minutes for that hacker to create website to compromise the MacBook Air. It probably took weeks.

No, the person you think you're answering is right. Your comments about preparation are irrelevant to the comment the other poster made.

The Vista machine went on the *third day*. That means it went *after* third-party software was added to the mix. The third-party software was Adobe Flash. The Leopard machine didn't need third-party software to be vulnerable. Apple's *own* software -- in the form of Safari -- was enough.


> The reason the Mac was compromised faster in the contest was because the competitors wanted a MacBook Air much more than a Fujitsu.

No, it's not.

I dislike Microsoft as much as the next man -- more than most, in fact. But I'm not going to tell lies about them.

Charlie Miller said they went for the MacBook Air because it was the easy target.

You know Miller is the expert; Miller is the ex-NSA guy; Miller is the guy that "pwned" the machine. He's the one that knows, not you.

QUOTE:

"'It was the easiest one of the three,' said Charlie Miller, an analyst at Independent Security Evaluators (ISE), a Baltimore-based security consultancy. 'We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X.' "

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=operating_systems&articleId=9072959&taxonomyId=89&intsrc=kc_top

And other might note that the same applies to some fool like Daniel Eran (who probably never wrote a line of code in his life) and merely writes whatever he wants to believe without knowing very much about any of it.

That should be the end of the silly bleating on this one.

But Miller also said:

"... 'We were equally capable of finding [a vulnerability] in Windows if we had to,' he said."

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9072959&pageNumber=2

So overall we've learned what we already knew: current OSes can be broken relatively easily by highly skilled professionals, and internet-facing applications (web browsers, media players, plugins like Adobe Reader or Flash, etc.) are particularly exploitable.

However, the fact remains that OS X was the easiest to break. That's what the guy who did it says, and he should know.

However, don't sell your Mac yet ...

In the real world few people are actively trying to exploit vulnerabilities on the Mac, because there's not the profit in it. Keep the Mac, but ignore the "fanboy" columnists and read Mac people who have a bit of disinterestedness and who know what they're talking about -- like Rich Mogull, for example:


http://db.tidbits.com/article/9529

Mar 30, 08 - 01:34 pm Comment from: Mo

It seems to me that more and more of the exploits that are being created rely heavily on the social aspect then on brute force. Folks are incited, conned, lied to, tricked, or are knowingly putting themselves at risk. Poor user practices seem to be the weak link right now so this is what is being exploited.

So yes, some flaw is being exploited, but it never could be exploited without someone making a bad decision. Computers must be getting more technically secure, there is significant pressure for that to happen. But are users becoming smarter users?

If users are becoming better around smarter computing then this should have some kind of metric attached to it in these security con-tests. I would imagine a demographic model would apply as well. As it stands the PWN2OWN contest doesn't seem that scientific.

Mar 30, 08 - 06:16 pm Comment from: shen

"Well, at least you can browse the web safely with the Fujitsu U810 laptop running Vista Ultimate SP1..."

rotflmao!

and naturally, it comes from "reality check"!

....where reality never enters the picture.

"In the real world few people are actively trying to exploit vulnerabilities on the Mac, because there's not the profit in it."

really? there is no profit in hacking machines owned largely by home users, in a niche market, heavily populated by six figure making yuppies? who use their machines for internet banking and stock trades?

nah, the real profit is in those dime a dozen windows point of sale machines that are constantly watched by a team of IT guys even though there is nothing useful or valuable on the machine.

so basically, your a moron and you admit it in comment threads? stfu.

Mar 30, 08 - 07:59 pm Comment from: ken1w

"Third party" or not, it is irrelevant.

Safari may be created by Apple, but it is not part of the OS itself.

Adobe Flash may not be created by Microsoft, but it is pre-installed on almost every Windows PC sold.

So what's the difference in terms of real world vulnerability. None. Please think beyond the rules of this staged contest.

I think everyone's missing the point. The Mac got hacked first because you were getting a MacBook Air!! if you could hack it (plus $10,000 ain't too shabby). Why bother hacking those other platforms when you were getting a piece 'o' crap laptop with a subpar OS on it as a "prize"?

Sorry shen but you are a moron. Get out a bit and read beyond the Apple party line. Mac security is crap and it appears most of the IT world knows it now.

Linux still going huh?

I think I'll do a MDN and turn off my firewalls for a week to celebrate

If they would have hacked all of them, they would have $30,000 and three laptops. There wasn't a limit of one hacked machine per person. Remember they had 30 minutes, that left 28 for the others.

Last year it was a Quicktime exploit in 30 minutes. Maybe writing software to run on a wide variety of hardware isn't as simple as you think.

Oh wait, the Linux laptop wasn't hacked. I guess it is that easy.

I'm a little disappointed in OS X. Very surprised as well. I mean, 2 minutes? Vista lasted 30 minutes at least. Please close the discussion regarding wether it was an OS hack or a third party app, EVERY mac comes with Safari. If its a Safari hack its essentially an OS X hack.