BTW in #4 what I was trying to hint at is that Unix's scalability and ease of automation usually beats windows or mac. In the second one I thought it was a scale of ease of use on one end with extensibility on the other end. I just thought it was something to point out Macs BSD based OS bears mentioning and kinda dosn't follow that paradigm. Again sorry
Announcement
Collapse
No announcement yet.
LOL! Mac hacked in 2 minutes!
Collapse
X
-
Originally posted by Trooper110 View PostOuchies for Mac. I love the people who like to claim that they're the most secure computers in the world. Mainly because it's not worth it for people to write viruses for them due to percentages :P
Foolish.
Comment
-
CarbonFire
Originally posted by GeneralSnake View PostHaha! I am going to love to tell my friend who thinks it is impossible for a mac to get spyware, viruses, or hacked. He literally, thinks it is 100% impossible for those things to happen to any Mac computer.
Foolish.
The Mac isn't 100% bulletproof. No OS is 100% (outside of highly specialized cases which have no bearing on our discussion), though the *nixs in general are easier to lockdown than your garden variety windows box. However, while OS X isn't 100%, for the consumer, it's still far better than a windows box in most cases.
Are there viruses? VERY few, and most can do little within the system. Is it hackable? Yes, though it's still hard (like most of the others) over the network without direct intervention on the machine itself. Spyware? Not that I've heard of, though I'd imagine keyloggers do exist out there (you'd have to explicitly install them on the machine though.....which again requires physical access). Is it 100%? Hardly, but there are FAR, FAR fewer "gotchas" to avoid than on a Windows platform for the typical user.
Originally posted by mapes View PostHey there are no stupid computers....only stupid computer users. Granted Linux or any Unix has a steep learning curve this is not intentional though. The reason is to give the user more power in order to do anything with the system. Obviously this is at odds with user friendliness... For example with SED and AWK utilities you can do amazing things that windows will never be able to do....unless you install Cygwin which is sort of an Unix emulated environment...
And no dissent here either that there are stupid computer users out there. They make up the bulk of the computing population, hence why so many machines out there are infected with spyware, viruses and other malware applications.
Comment
-
Originally posted by CarbonFire View PostYou're friend is slightly mis-informed. But only slightly.
The Mac isn't 100% bulletproof. No OS is 100% (outside of highly specialized cases which have no bearing on our discussion), though the *nixs in general are easier to lockdown than your garden variety windows box. However, while OS X isn't 100%, for the consumer, it's still far better than a windows box in most cases.
Are there viruses? VERY few, and most can do little within the system. Is it hackable? Yes, though it's still hard (like most of the others) over the network without direct intervention on the machine itself. Spyware? Not that I've heard of, though I'd imagine keyloggers do exist out there (you'd have to explicitly install them on the machine though.....which again requires physical access). Is it 100%? Hardly, but there are FAR, FAR fewer "gotchas" to avoid than on a Windows platform for the typical user.
I think we're in agreement that Linux is the most powerful....I doubt you'd find many dissenters outside of kool-aid drinking fanboys. But that power comes at the cost of usability, and usability is still paramount when you are comparing platforms in the consumer market. Which I dare say is exactly the people this little contest is trying to influence.
And no dissent here either that there are stupid computer users out there. They make up the bulk of the computing population, hence why so many machines out there are infected with spyware, viruses and other malware applications.
Comment
-
-IRC-MIKE
Originally posted by mapes View PostThe was not performed remotely. He was allowed on the machine and allowed to open web pages and email. It was probably safari that was vulnerable. It actually took more than two minutes since the first day was setup for remote hacks.
Not from what I'm seeing. He directed the contest advisors to visit a website which contained his exploit code. He never physically had access to the machine until he remotely exploited it.
Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.
Comment
-
CarbonFire
Originally posted by GeneralSnake View PostWhat makes Macs easier to keep clean? Is it a decently simple answer or is it going to be some page long crazy quantum mumbo jumbo that will melt my brain?
And I wouldnt want Carbon mad at me either, even though I dont play and games right now. Freaking ground pounding king right there.
What makes Macs easier to clean? Mainly they make it harder to run "nefarious" code than Windows. Windows is built upon a legacy of non-protected architectures that give way to much access to the core of the operating system. Basically, a lot of the functionality in Windows was designed before the internet was the chief security concern, so MS left a LOT of exploitable holes (which people even now are still discovering ). And since every iteration of Windows has carried with it some of this old functionality, even newer operating systems (even Vista 32) are not immune. Vista 64 should be a little easier to "keep clean", because much of the underlying tech has been rewritten with security in mind. Not that it is impossible for a Vista 64 machine to get infected, it's just heartier than Vista 32 or XP. Microsoft has worked hard to patch these holes to protect users, but their best effort was basically to build walls around the users, rather than plug the holes and possibly break functionality.
Also by virtue of the Mac platform being a small percentage of the market, most viruses/spyware/malware out there are directed at the Windows market, which OS X is more or less immune to. If Mac were more popular, viruses/malware would start to become an issue. Hasn't really happened yet AFAIK.
Comment
-
-IRC-MIKE
I learned to build websites with notepad and I would really love to see the coding he used to exploit. It had to have some really neat sleight.
Comment
-
-IRC-MIKE
Originally posted by mapes View PostMike your splitting hairs. So he didn't touch the keyboard.... he told them what to type .... As for the exploit stuff could be in java or activex type stuff. You know all that stuff that makes websites so pretty.....
See here: The Facts!
It was just that simple and no access was required to anyone's physical machine. No splitting hairs there!!! No installers, no downloads, no exe files, no warning idiot boxes, you didn't even have to agree.
Pretty damned impressive if you ask me.
~~mike~~
Comment
-
-IRC-MIKE
Sure there is. At the current level of protection, however, from any good updated operating system, it is ALMOST impossible to hack into a system without some sort of security backdoor. Especially is the case if the machine is just plugged in with nothing open i.e. Outlook, OE, IE, Opera, ..etc. where the machine is sitting there with the ports open. (Download IE 5, remove your current browsers and install it and open a page and let it sit for a few days online if you wanna see exploitability --you'll have popups everywhere) Other than running a DDOS attack with some good skills, there's not much chance of cracking into an idle system.
What I'm saying is that the system was compromised REMOTELY without having physical access to the machine. Apples or Oranges? Who's splitting hairs here?
Any hacker is going to portscan FIRST before trying to attempt anything. The reason for the portscan is to see if the user has already made the machine vulnerable in just this way... by opening something or downloading a software that already has opened a port or installed a script that overrides a firewall rule and such. Then brute forcing .... well you aren't stupid and you know the routine I'm sure.
To be contradicting, I do agree with what you are stating to be true. I know exactly what you are getting at. He did not sit down to his own machine across a network connection and force feed code to the EU machine causing it to become vulnerable enough to take control of it. I don't know anyone who can do that these days with new security implementations which do things such as block I.P. addresses after X number of failed authentications, but with ip spoofing, mac cloning and proxy servers, a password brute force can be endless. I've had to block whole continents until proper action was taken to track down a script kiddie...irrelevant.
I think, as you do, that a similar contest should be set up except the machine is turned on, plugged in, open every program that accesses anything past 127.0.0.1 and then see if it can be compromised. That would really impress the hell out of me. Then run the same contest with NOTHING open on the machine. I doubt you'd find anyone who could claim the prize.
Social Engineering is the easiest form of hacking but takes a lot longer than 2 minutes.Last edited by -IRC-MIKE; 29 Mar 2008, 05:12 PM.
Comment
-
Well ok you understand what I'm talking about it took user input in order to compromise the machine. As opposed to hacking a listener or service across the network. which still happens.... I betif you os fingerprint a large block of IP's you can find a tonof machines still vulnerable to remote exploits....I'm not talking 0day stuff I'm old stuff and unpatched machines....
Comment
Cain's Lair Forums Statistics
Collapse
Topics: 26,187
Posts: 269,851
Members: 6,183
Active Members: 4
Welcome to our newest member, Fermin13Q.
Today's Birthdays
Collapse
There are no members with birthdays today.
Top Active Users
Collapse
There are no top active users.
More Posts
Collapse
-
Reply to Hi guys!by glasscasketArma Reforger off and on. Some Hell Let Loose. Been hopping around VR titles.
Hope all is well with y'all30 Nov 2024, 11:06 AM
Comment