See your link here
Sadly, Apple's Safari isn't that safe
37 commentsThere is a lot of noise going around the blogosphere about how an attacker was able to hack into a MacBook Air in 2 minutes at this week's CanSecWest conference. I am going to put on my reality distortion tinfoil hat and try to break it down as it really happened.
First some background:
- CanSecWest is sponsored in part by Microsoft. I am not implying that Microsoft had anything to do with the results. However, if you are organizing the event and are worried about next year's sponsorship money, letting the MacBook Air get hacked isn't such a bad thing. Just saying.
- The MacBook Air WAS hacked. No 20,000 word diatribe (or Top 10 list followup) can change that. Most likely with a Safari exploit...we'll know in the coming weeks - hopefully sooner via a patch.
- The computer was just the base system. No 3rd party applications were installed.
- Hackers tried to break into all three systems for a full day, unaided. None were successful.
- The hack wasn't accomplished without user intervention. So unless you are coerced into going to a malicious website or opening a malicious email, you don't have to worry.
- People who say that the hackers went after the MacBook Air because it was the best prize aren't considering the $10,000 in prize money that was won. If the Sony or Fujitsu were easier, they would have been hacked first. The money can buy 5 MacBook Airs.
- Miller was the first contestant to attempt an attack on any of the systems (Why was he first?) on the second day. Had another attacker been given the opportunity, they might have chose Linux or Windows. Whether they could get in is another story. As of this writing no one has gotten into the Linux or Vista Machines (or they have gotten into Vista but retrieving the file is freezing the machine - har) Update: Vista was hacked with the help of Flash
So what does it all mean?
It means that no matter how tainted the contest was - if at all - or what motivated the contestants or the organizers to choose the MacBook Air, the end result is that there is a security vulnerability in the Mac OSX OS/Safari. It needs to be repaired.
Is it critical? Yes. Should you be concerned? Probably not - unless you visit malicious websites often or open emails from people you don't trust. Will there be a huge outbreak of attacks based on this vulnerability? If history is any indicator, no - unless someone uses it to make a iPhone 3rd party application installer..again.
Are Mac-Backers in denial? No, most aknowledge that their platform isn't perfect and will suffer from (hopefully rapidly fixed) flaws. Some, however, resort to crying foul, blaming the press, changing the subject to "Windows has spyware and viruses!" or seeking an alternative motive from the attendees. They, however, are the (very vocal) minority.
[Like/Hate this blog? Subscribe to the RSS feed here!]
Print
Email this
Digg this
