blob: 038b73bcf436e47e28d55e26d6c8015f1662f859 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
The net was abuzz over the weekend with news that a [zero day flaw had been found in Apple's Safari web browser][4]. The flaw was discovered as part of the [CanSecWest conference][2] whose organizers offered a simple challenge: successfully hack a Macbook and win it as a prize.
However, one thing that seems to have been overlooked in most of the coverage is that the organizers had to change the contest rules in order for the Macbook to be successfully hacked.
The original rules said that the attack must required no action on the part of the user. After security firm Tipping Point offered to throw in a $10,000 bounty, the rules were changed so that exploits could include malicious websites and other user-initiated actions.
While the zero-day flaw in Safari is certainly serious and embarrassing for Apple given that they just [pushed out a massive security update][3], the fact remains that no one was able to exploit OS X in a meaningful way.
While it will likely mean comments on this post degenerate into flame wars, I'll say it anyway, yes, Macs are more secure than Windows. And you can rationalize that by arguing about market share or any other number of bogus theories, none of which change the initial premise.
At the risk of coming off like an Apple apologist, I find it remarkable that the contest rules had to be altered before the Mac could be hacked. I also think it's worth pointing out that Microsoft is one of the chief sponsors of the CanSecWest conference.
As a commenter on the Cult of Mac post says, a far more interesting contest would be to set up Mac, Windows and Linux machines on the same network and seeing which one gets hacked first.
And for those that would like to have a go at hacking a Mac via Apache, a brave user has [posted an IP address][1] in the CNet forums.
[1]: http://news.com.com/5208-1002_3-0.html?forumID=1&threadID=26809&messageID=259596&start=0 "then why hasn't OSX been exploited?"
[2]: http://cansecwest.com/index.html "CanSecWest"
[4]: http://blog.wired.com/cultofmac/2007/04/safari_zeroday_.html "Safari Zero-Day Exploit -- Links Worth Checking"
[3]: http://blog.wired.com/monkeybites/2007/04/apple_update_pa.html "Apple Update Patches Serious Flaws"
|
