electro-music.com   Dedicated to experimental electro-acoustic
and electronic music
 
    Front Page  |  Articles  |  Radio
 |  Media  |  Forum  |  Wiki  |  Links  |  Store
Forum with support of Syndicator RSS
 FAQFAQ   CalendarCalendar   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   LinksLinks
 RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in  Chat RoomChat Room 
Live streaming at radio.electro-music.com

  host / artist show at your time
  EdisonRex Edison's Electronic Review
  Twyndyllyngs Special Monday edition of Chez Mosc
Please visit the chat
 Forum index » News... » Apple Computers
MacBook Air hacked in two minutes
Post new topic   Reply to topic
Page 1 of 1 [19 Posts]
View unread posts
View new posts in the last week
Mark the topic unread :: View previous topic :: View next topic
Author Message
seraph
Editor
Editor


Joined: Jun 21, 2003
Posts: 12088
Location: Firenze, Italy
Audio files: 33
G2 patch files: 2

PostPosted: Fri Mar 28, 2008 9:41 am    Post subject: MacBook Air hacked in two minutes
Subject description: Apple falls first in laptop hacking contest
Reply with quote  Mark this post and the followings unread

arrow http://www.vnunet.com/vnunet/news/2213035/mac-falls-two-minutes
arrow http://news.yahoo.com/s/infoworld/20080327/tc_infoworld/96676

Crying or Very sad

_________________
homepage - blog - forum - youtube

Quote:
Politics is the entertainment division of the military industrial complex - Frank Zappa
Back to top
View user's profile Send private message Visit poster's website
Blue Hell
Site Admin


Joined: Apr 03, 2004
Posts: 20536
Location: The Netherlands, Enschede
Audio files: 147
G2 patch files: 318

PostPosted: Fri Mar 28, 2008 10:00 am    Post subject: Reply with quote  Mark this post and the followings unread

I read it this morning, but didn't want to hurt the mac-heads by posting it Wink
_________________
Jan
Back to top
View user's profile Send private message Visit poster's website
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Fri Mar 28, 2008 10:30 am    Post subject: Reply with quote  Mark this post and the followings unread

Blue Hell wrote:
I read it this morning, but didn't want to hurt the mac-heads by posting it Wink


Well, it's just a friendly warning. Hurtful would be saying that hacker could use the 10K$ to buy a real computer while he keeps the airbook off-line... or that maybe it would've been a single minute if the airbook had a faster processor....

;¬)

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Inventor
Stream Operator


Joined: Oct 13, 2007
Posts: 5978
Location: San Antonio, Tx, USA
Audio files: 258

PostPosted: Fri Mar 28, 2008 12:03 pm    Post subject: Reply with quote  Mark this post and the followings unread

Ouch! That *is* painful. Bad news for Mac heads like me, though I do try to not be an operating system bigot. Perhaps my Firefox is more secure...

Plus I'd imagine the guy who did it is in a position to receive some hefty consultation fees from Apple...

_________________
"Let's make noise for peace." - Kijjaz
Back to top
View user's profile Send private message Send e-mail
Blue Hell
Site Admin


Joined: Apr 03, 2004
Posts: 20536
Location: The Netherlands, Enschede
Audio files: 147
G2 patch files: 318

PostPosted: Fri Mar 28, 2008 12:28 pm    Post subject: Reply with quote  Mark this post and the followings unread

Inventor wrote:
Perhaps my Firefox is more secure...


Maybe so today, maybe not tomorrow, or maybe a cell phone will be hacked fastest then, it's a battle, there always is a weakest spot.

_________________
Jan
Back to top
View user's profile Send private message Visit poster's website
v-un-v
Janitor
Janitor


Joined: May 16, 2005
Posts: 8932
Location: Birmingham, England, UK
Audio files: 11
G2 patch files: 1

PostPosted: Fri Mar 28, 2008 2:34 pm    Post subject: Reply with quote  Mark this post and the followings unread

Laughing

Cool!

This blew me away too!! Cool

Recently I've been discovering a new idea- it's called; "pencil and paper" Wink Laughing

_________________
ACHTUNG!
ALLES TURISTEN UND NONTEKNISCHEN LOOKENPEEPERS!
DAS KOMPUTERMASCHINE IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN! ODERWISE IST EASY TO SCHNAPPEN DER SPRINGENWERK, BLOWENFUSEN UND POPPENCORKEN MIT SPITZENSPARKSEN.
IST NICHT FÜR GEWERKEN BEI DUMMKOPFEN. DER RUBBERNECKEN SIGHTSEEREN KEEPEN DAS COTTONPICKEN HÄNDER IN DAS POCKETS MUSS.
ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.
Back to top
View user's profile Send private message Send e-mail
Blue Hell
Site Admin


Joined: Apr 03, 2004
Posts: 20536
Location: The Netherlands, Enschede
Audio files: 147
G2 patch files: 318

PostPosted: Fri Mar 28, 2008 2:36 pm    Post subject: Reply with quote  Mark this post and the followings unread

v-un-v wrote:

Recently I've been discovering a new idea- it's called; "pencil and paper" Wink Laughing


Where can I DL that ?? Google has nothing on it Evil or Very Mad

_________________
Jan
Back to top
View user's profile Send private message Visit poster's website
v-un-v
Janitor
Janitor


Joined: May 16, 2005
Posts: 8932
Location: Birmingham, England, UK
Audio files: 11
G2 patch files: 1

PostPosted: Fri Mar 28, 2008 2:44 pm    Post subject: Reply with quote  Mark this post and the followings unread

Then this bought me back to earth! Laughing
_________________
ACHTUNG!
ALLES TURISTEN UND NONTEKNISCHEN LOOKENPEEPERS!
DAS KOMPUTERMASCHINE IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN! ODERWISE IST EASY TO SCHNAPPEN DER SPRINGENWERK, BLOWENFUSEN UND POPPENCORKEN MIT SPITZENSPARKSEN.
IST NICHT FÜR GEWERKEN BEI DUMMKOPFEN. DER RUBBERNECKEN SIGHTSEEREN KEEPEN DAS COTTONPICKEN HÄNDER IN DAS POCKETS MUSS.
ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.
Back to top
View user's profile Send private message Send e-mail
Inventor
Stream Operator


Joined: Oct 13, 2007
Posts: 5978
Location: San Antonio, Tx, USA
Audio files: 258

PostPosted: Fri Mar 28, 2008 2:53 pm    Post subject: Reply with quote  Mark this post and the followings unread

Blue Hell wrote:
v-un-v wrote:

Recently I've been discovering a new idea- it's called; "pencil and paper" Wink Laughing


Where can I DL that ?? Google has nothing on it Evil or Very Mad


I have a pen, but it's got a Write Only Memory...

_________________
"Let's make noise for peace." - Kijjaz
Back to top
View user's profile Send private message Send e-mail
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Fri Mar 28, 2008 7:11 pm    Post subject: Reply with quote  Mark this post and the followings unread

Blue Hell wrote:

Maybe so today, maybe not tomorrow, or maybe a cell phone will be hacked fastest then, it's a battle, there always is a weakest spot.


Still... you can say something about the likelihood of things like this happening. Integrating the browser with the OS while mucking up the line between data and executable has turned out to be a recipe for disaster as MS has shown time and time again.

Having a good model for privileges, for example, while not making you perfectly secure on it's own will make security a lot easier. Apple's security currently seems to revolve mainly around denial and lawsuits, combined with a advertising style that promotes a false sense of security.

It's a battle and there will be a weakest spot (I agree) so I think it makes sense to try to make sure that spot isn't yours wherever possible. It'll be interesting to see how long it takes for the patch to arrive; to me that's the aspect that really matters and that's a area where Apple hasn't been doing so well in the past years (worse then Windows, in fact, according to some figures), maybe the high-profile nature of this case will help but if memory serves the QT exploit window was open for quite a while.

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21977
Location: Norway
Audio files: 14

PostPosted: Fri Mar 28, 2008 8:02 pm    Post subject: Reply with quote  Mark this post and the followings unread

Quote:
No one was able to hack into any of the machines by attacking them over the network on the first day of the contest.

But Miller succeeded when the organisers allowed hackers to direct human operators of the three machines to visit websites and open emails.

Miller's exploit code was on a website and the Mac fell within two minutes. He was only able to use software preinstalled on the Mac, so experts assume that the vulnerability must lay with Apple's Safari browser.


I´m guessing that Safari wasn´t set as secure as it should be and it iwas when run with the default settings. Actually, it is set to open downloads .. which is plain stupid. Most probably it was also run under an admin user without a password which is also not a smart move. Bottom line is that these days OS X and Safari are both set to a default behaviour which is pretty daft. In such an environment there are a few exploits that can be used in order to take over the machine.

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
v-un-v
Janitor
Janitor


Joined: May 16, 2005
Posts: 8932
Location: Birmingham, England, UK
Audio files: 11
G2 patch files: 1

PostPosted: Sat Mar 29, 2008 4:56 am    Post subject: Reply with quote  Mark this post and the followings unread

Ah yes, but the bottom line is that does Safari ever actually get hacked?? We all see these scare stories from time to time, but does anybody who is coding really give a hoot (apart from porn spammers Wink ) about hacking a Mac? Windows? Well yes, because in the divine wisdom of the USA's military, they decided to install windows- and it got hacked!

Personally, I can't help getting the feeling that the iPod and the iPhone (and Android et al etc etc) is the future of personal computing. I'm coming to this conclusion because these days I only seem to use computers for two purposes; email and internet- and watching dvd's.

I honestly like pencil and paper! Very Happy

_________________
ACHTUNG!
ALLES TURISTEN UND NONTEKNISCHEN LOOKENPEEPERS!
DAS KOMPUTERMASCHINE IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN! ODERWISE IST EASY TO SCHNAPPEN DER SPRINGENWERK, BLOWENFUSEN UND POPPENCORKEN MIT SPITZENSPARKSEN.
IST NICHT FÜR GEWERKEN BEI DUMMKOPFEN. DER RUBBERNECKEN SIGHTSEEREN KEEPEN DAS COTTONPICKEN HÄNDER IN DAS POCKETS MUSS.
ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.
Back to top
View user's profile Send private message Send e-mail
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sat Mar 29, 2008 5:01 am    Post subject: Reply with quote  Mark this post and the followings unread

elektro80 wrote:

I´m guessing that Safari wasn´t set as secure as it should be and it iwas when run with the default settings. Actually, it is set to open downloads .. which is plain stupid. Most probably it was also run under an admin user without a password which is also not a smart move. Bottom line is that these days OS X and Safari are both set to a default behaviour which is pretty daft. In such an environment there are a few exploits that can be used in order to take over the machine.


Could well be but as that's a type of issue that's beyond many users to resolve I'd say that would deserve some attention from Apple.

Regardless of the exact cause I'm in favour of this type of research and how it forces companies to close holes. Even if you are on OSX and me on Linux both of us benefit if Windows holes are closed because those Windows computers are on the same internet as we are.

More generally about Apple's policy; I would be in favour of open-ness about what the exact issue is and the expected date of a patch. If it's in -say- Java one could disable Java for a few days and still be safe. Apple on the other hand believes in a policy of not talking about this, partially to keep the knowledge from spreading but I suspect there's a marketing angle as well. I feel that policy puts end-users and particularly system administrators at a dis-advantage and I think that the days of Apple being able to get away with that because of the small market-share are quickly running out.

For example Inventor above suggested switching to Firefox... but we don't know right now that that would help. Without the information he needs he may inconvenience himself with a browser that's not his favourite without any gains.

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sat Mar 29, 2008 5:13 am    Post subject: Reply with quote  Mark this post and the followings unread

v-un-v wrote:
Ah yes, but the bottom line is that does Safari ever actually get hacked?? We all see these scare stories from time to time, but does anybody who is coding really give a hoot (apart from porn spammers Wink ) about hacking a Mac? Windows? Well yes, because in the divine wisdom of the USA's military, they decided to install windows- and it got hacked!


Yeah... I think people are interested. Because of the sense of security that many Apple users seem to experience Mac's often lack virus and mall-ware scanners. If you could get a few infected you will likely have them as bots for a longer time. Considering that they are relatively expensive and so likely to be owned by relatively rich people I would expect a correlation between that OS and big broadband connections. With the increasing market-share they will at some point get to be very appealing to hackers.

Quote:

Personally, I can't help getting the feeling that the iPod and the iPhone (and Android et al etc etc) is the future of personal computing. I'm coming to this conclusion because these days I only seem to use computers for two purposes; email and internet- and watching dvd's.


Sure, or low-powered small and cheap systems like the EEE. There's a big market there and it's growing; many people use their computer like that. I wouldn't mind more specialisation with devices like that used for communication and "real" computers getting a OS that's optimised by moving those tasks out of the way and focussing more on actually crunching numbers and less on pretty interfaces for social applications.

Quote:
I honestly like pencil and paper! Very Happy


Me too, I always keep a notebook on me and next to my computer.

I friend of mine once said "well, Kassen, I work with computers day in day out, I know a lot about them....... so this kind of information I write down on paper", I've repeated that quote myself a lot since then :¬)

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21977
Location: Norway
Audio files: 14

PostPosted: Sat Mar 29, 2008 5:16 am    Post subject: Reply with quote  Mark this post and the followings unread

Kassen wrote:
Could well be but as that's a type of issue that's beyond many users to resolve I'd say that would deserve some attention from Apple.


Absolutely! OS X is just another UNIX even though it looks like a group hug to the uninitiated.

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
v-un-v
Janitor
Janitor


Joined: May 16, 2005
Posts: 8932
Location: Birmingham, England, UK
Audio files: 11
G2 patch files: 1

PostPosted: Sat Mar 29, 2008 8:28 am    Post subject: Reply with quote  Mark this post and the followings unread

PayPal seem to think the same thing;

http://www.allheadlinenews.com/articles/7010176631

-although to be honest, I've never had a problem so far with phishing. IMO, it's up to an individual to be on the look out. The vast majority of dodgy emails asking me to 'log-on' have actually looked like dodgy sites anyway. I think you have to be pretty darn stupid to get 'hooked'.

_________________
ACHTUNG!
ALLES TURISTEN UND NONTEKNISCHEN LOOKENPEEPERS!
DAS KOMPUTERMASCHINE IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN! ODERWISE IST EASY TO SCHNAPPEN DER SPRINGENWERK, BLOWENFUSEN UND POPPENCORKEN MIT SPITZENSPARKSEN.
IST NICHT FÜR GEWERKEN BEI DUMMKOPFEN. DER RUBBERNECKEN SIGHTSEEREN KEEPEN DAS COTTONPICKEN HÄNDER IN DAS POCKETS MUSS.
ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.
Back to top
View user's profile Send private message Send e-mail
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sun Mar 30, 2008 7:10 am    Post subject: Reply with quote  Mark this post and the followings unread

http://www.news.com/8301-13579_3-9906001-37.html?tag=nefd.top

Vista fell. Remarkably not even due to MS themselves but because of Adobe's Flash.

Of course we already knew Adobe cares about as much about security as they care about making efficient applications with that incident a few years back where a Russian (where such work is perfectly legal) security analyst discovered their e-book format stored the password in the file itself (!!!!???) and Adobe decided to have the man arrested as soon as he set foot on US soil (how or why Adobe can do that may remain a mystery, why they didn't thank him instead is a even bigger one as is how on earth they could be that retarded in the first place). Net result; security conferences moving out of the US. Whoopty do.

It's not so surprising Adobe and Apple get pwned but I am a bit surprised Vista as a OS survived, especially after cleaning a Vista laptop a few days ago, I imagined sneezing at it would be enough. Ubuntu survived the conference.

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
v-un-v
Janitor
Janitor


Joined: May 16, 2005
Posts: 8932
Location: Birmingham, England, UK
Audio files: 11
G2 patch files: 1

PostPosted: Sun Mar 30, 2008 8:13 am    Post subject: Reply with quote  Mark this post and the followings unread

Quote:
A Sony Vaio laptop running Ubuntu remained unscathed at the end of the conference.


Yeah! Go Ubuntu! GO! Very Happy

Laughing

_________________
ACHTUNG!
ALLES TURISTEN UND NONTEKNISCHEN LOOKENPEEPERS!
DAS KOMPUTERMASCHINE IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN! ODERWISE IST EASY TO SCHNAPPEN DER SPRINGENWERK, BLOWENFUSEN UND POPPENCORKEN MIT SPITZENSPARKSEN.
IST NICHT FÜR GEWERKEN BEI DUMMKOPFEN. DER RUBBERNECKEN SIGHTSEEREN KEEPEN DAS COTTONPICKEN HÄNDER IN DAS POCKETS MUSS.
ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.
Back to top
View user's profile Send private message Send e-mail
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sun Mar 30, 2008 9:46 am    Post subject: Reply with quote  Mark this post and the followings unread

No, not Ubuntu! I hate Ubuntu, it takes all of the elitism out of running Linux, it's really no fun like this with crap like working help-files and installations a kid could perform.

;¬)

(posting from Ubuntu and liking it quite a bit)

Nah, I think it's good. It's a wake-up call for the two companies I think needed one most, I'm pleasantly surprised MS cleaned up it's act... well in one regard, Vista is still SLOOOOOOOOOOOW and none of the settings are in the right place. And yeah, a nice PR boost for Ubuntu, even running on a laptop, I think many people still have the mostly outdated idea that Linux on a laptop is problematic. End good all good (assuming Apple and Adobe make patches and make them quickly)

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic
Page 1 of 1 [19 Posts]
View unread posts
View new posts in the last week
Mark the topic unread :: View previous topic :: View next topic
 Forum index » News... » Apple Computers
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
e-m mkii

Please support our site. If you click through and buy from
our affiliate partners, we earn a small commission.


Forum with support of Syndicator RSS
Powered by phpBB © 2001, 2005 phpBB Group
Copyright © 2003 through 2009 by electro-music.com - Conditions Of Use