Comments on: More News Out Showcasing Mac Security Issues

By: More News Out Showcasing Mac Security Issues | TechConsumer

More News Out Showcasing Mac Security Issues | TechConsumer — Mon, 07 Jul 2008 16:17:09 +0000

[…] This article is cross-posted at PseudoSavant. Subscribe to TechConsumer: RSS / Email Sphere It 2 Comments Published on: […]

By: Paul Ellis

Paul Ellis — Mon, 31 Mar 2008 03:51:06 +0000

The bottom line is this, the Mac was broken into in 2 minutes, and the security vulnerability was in an Apple piece of software (Safari). The Windows Vista machine took until the next day (and I read all sorts of reports about pre-planned attacks against Vista) and the vulnerability wasn’t even in Vista, it was in Adobe’s Flash Player. One of the hackers was quoted saying how he was really surprised how Vista was especially hard to get into after SP1 came out (which the CanSecWest laptop had installed). Lastly Linux wasn’t broken at all.

I may accept that people weren’t targeting Linux much, but you can guarantee that people were targeting Vista.

Finally, it is a fact that this is the second year in a row that the Mac fell first. Clearly it isn’t magically “inherently secure” like commenters to the previous post had said. It just hasn’t been targeted by organized crime. If they did target it though, it clearly could fall.

If you disagree with any of these facts then you are nothing more than an apologist, because these statements are factually true. They aren’t just my opinion.

By: Gary

Gary — Mon, 31 Mar 2008 01:59:14 +0000

What to say? That’s easy.

Wrong.

As the story comes out, Miller and a team of people (unspecified number) spent a week cooking this up in advance, creating a special website for the purpose. All they did at the contest was to simply give a url to the user client computer who went to the page to execute the exploit. Gee.

It took a week to break in. It took two minutes to execute a pre prepared hack. How long does it take for any computer to get hacked when the hack is already done and set, and all the client machine has to do is spring the trap?

Two minutes? Makes for a cute headline and food for commentary.

Could any one of the participants also prepared something in advance against any of the three OS’s? Yes. Did they? Who knows.

The two minute figure would have been equally fallacious applied to windows or linux.

In prior years contests, there was no advance time given. The problem was “how long would it take to break into computer os 1, 2 or 3?”

I set two computers in front of you and say “go”. How long will it take for you to break into computer b from computer a.

In this case, it took a week.

“I spend a week setting up a deer stand, after examining the terrain, the habits of the local herd and baiting the area that gives me the best shot” “I use all my deer hunting training, background and skills to position and equip the stand so I get the best shot” “The deer walk into the open, two minutes later, getting the best angle on the prize buck, I pull the trigger”

Boy oh boy! It only took 2 minutes to bag that 12 point buck!

Bullshit.

This whole thing is not about computer security, its about attention and about making windows users and IT folks feel better.

Just what this contest is about .. it gives an opportunity for windows users that deal with thousands of virus and spyware daily to guffaw the mac is no better when there are still only a handful of mac exploits. This has not one thing to do with security. It has to do with press, attention getting and the IT folks who need to justify their jobs.