Get APLawrence.com by RSSRotten Apples?
2009/03/26
It's almost enough to make me a Luddite. Apple, having apparently learned nothing from last years embarrassment, gets hacked in seconds at Pwn2Own. There's a new drive-by Firefox exploit that won't be fixed until next week. We can't even trust our routers anymore because people are hacking them.
That last one is something we should have seen coming. It's apparently from brute force attacks on routers with "weak username and password combinations or exploitable firmware". I've bitched before about customers bitching at me because the passwords I put on their routers and servers are "too hard!" - how many million routers do you suppose can be logged into with "admin/admin" or something equally stupid?
The only folks who apparently learned anything were at Microsoft. The hackers said:
For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There's nothing in the Mac operating system that will stop you.
Second year in a row, guys. And remember: Firefox isn't helping, but the real problem is what happens once they get the shell. Is Apple really this clueless? I guess so..
I'm not going to worry about my router because I can't even remember the user name and password I used. I have it written down somewhere (I hope). I used to not worry too much about the Mac attacks because they were Safari based - but now they use Firefox, so I'm vulnerable. Remember, this is drive-by stuff: no user cooperation needed.
Maybe it is time to switch to Linux for my desktop? Arragh.. I hate change! But unless Apple starts taking this stuff seriously, I'm going to have to.
Of course we really don't know how Linux would have done: Linux wasn't in the running this time.. Last year, only the Ubuntu machine survived, but of course that doesn't necessarily mean it would have again. Still.. I'm going to have to see serious moves by Apple if I'm going to keep using this.
;
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
I sell and support
Kerio Mail server
Click here to add your comments
Thu Mar 26 17:16:22 2009: Subject: BrettLegree
http://6weeks.ca
I seem to remember reading somewhere that Apple was going to do something* to address this in 10.6 - which of course, does not help us now. I wonder if they were hoping nothing big like this would happen between now and the release of 10.6.
(*some kind of enhanced sandboxing, and a few other things)
Still, I know what you mean. Maybe that's why I was once again last night reading that guide on how to install Ubuntu on a Macbook Pro...
Thu Mar 26 17:26:21 2009: Subject: BruceGarlock
You are probably referring to ASLR (Address Space Layout Randomization) See:
http://bit.ly/T0T3A
Thu Mar 26 17:35:55 2009: Subject: TonyLawrence
Yeah, I've looked at the Ubuntu/Macbook pages - seems like a lot of trouble and potential fror problems.. I think I'd just buy a Dell :-)
Thu Mar 26 17:46:35 2009: Subject: BrettLegree
http://6weeks.ca
Thanks Bruce - I couldn't remember it but that's what it was.
You're right Tony - a lot of work and time. I figure at my current hourly rate (plus overhead) I'd be better off to buy a new machine myself.
Plus, then I'd still have the Mac as a Mac.
Fri Mar 27 04:53:20 2009: Subject: drag
I donno. I would not expect miracles from Linux. I mean it's going to have the same Firefox that you get from using Windows. Of course with Linux you have had ASRL since 2.6.12, Smash Stack Protections were in GCC by default since 4.1, and that sort of thing.
As for Linux on a notebook then ya Dells are not a bad approach. I have 2 Dells and both were shipped with Ubuntu preinstalled. My Dell 1420n and my Dell Mini-9. I was a bit disappointed with the Linux compatibility of the Mini-9... It shipped with a broadcom wifi card of all things, which in my opinion is a bit of a disaster.. That was quickly replaced with a Atheros 802.11g card and that worked quite well without any intervention... plugged it in and I had a internet connection within 5 seconds of logging into my main account.
Besides the Dell other systems that are going to be very interesting are things like System76 and Zareason. But I really like System76 as a company.. at least when they were interviewed by different folks they seemed to know what they were doing.
Fri Mar 27 19:32:14 2009: Subject: NickBarron
This is excellent. Punish abuse and assault OS X.
Apple will have to respond, though nothing will stop Apple from responding in its own time when it is ready. But they will respond.
Firefox's problems will be fixed quickly, whether part of the problem is OS X I don't know? An update to Safari may follow or be part of Safari 4. But needless to say the more people attack the platform the better keep Apple firing on all cylinders.
Fri Mar 27 19:37:42 2009: Subject: TonyLawrence
Definitely - I suggested a while back that Apple et al. should fund an independent lab that does this kind of stuff all year long: http://aplawrence.com/Security/monthly-challenge.html
Do it just like Pwn2Own - offer prizes, cash, recognition...
Fri Mar 27 19:40:48 2009: Subject: NickBarron
Yes I completely agree, it is a very good idea.
How it would go down with the pundits though once they put spin on it. "Apple so concerned about security weaknesses in their products" "x number of flaws found in xxx" If you see what I mean.
But personally I think it is an excellent idea.
Fri Mar 27 19:42:28 2009: Subject: TonyLawrence
My bet is that they'd be applauded right and left.
Fri Mar 27 20:55:41 2009: Subject: NickBarron
Oh certainly by us yes. Hopefully the greater part of the knowledgeable community.
However the mindless tech journalists strivin to justify there existence. I have less faith in.
Sat Mar 28 11:21:43 2009: Subject: BrettLegree
http://6weeks.ca
Interestingly enough, the fellow who hacked the Mac uses a Mac.
http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254-6.html
Sun Mar 29 11:47:12 2009: Subject: TonyLawrence
I see Mozilla 3.0.8 is out this morning.. that's good.
Sun Mar 29 21:07:55 2009: Subject: TonyLawrence
That Firefox 3.0.8 upgrade went smoothly on my Mac, but on my wife's XP it failed, insisting Firefox was running. I rebooted, it failed again, same excuse. Third time did it.. minor moments of panic before that.. must be a lock file somewhere but what cleared it?
Sun Mar 29 21:14:08 2009: Subject: NickBarron
Odd one off perhaps or maybe a general installation issue?
Sun Mar 29 21:15:54 2009: Subject: BrettLegree
http://6weeks.ca
No issues here on my Mac either, or on my Ubuntu machines.
I'll ask my wife about her Vista laptop. My work laptop is XP, but I run Firefox as a PortableApp, so I did a manual upgrade there (no problems with it) - but PortableApps seems to be pretty good in my experience.
Wed Apr 1 10:08:06 2009: Subject: TonyLawrence
My wife watched the "60 Minutes" thing on Conficker et al. and said "Maybe I should get a Mac.."
Wow.. I think we'll tough it out till Snow Leopard just so we don't buy and then have to upgrade the OS a month later.
Wed Apr 1 10:11:35 2009: Subject: NickBarron
Well there you go... it happens when you least expect it!
Thu Apr 2 14:25:24 2009: Subject: TonyLawrence
Firefox 3.0.8 was completely unusable on my Mac OS X. It was slow, slow, slow, spinning beachball on everything. I figured it had tio be an add-on so started out to disable them one by one.
Luck was with me: Gears was at the top, I disabled it and Firefox is much better after a restart.
I googled around; don't see anyone else reporting that. I don't need Gears so that's the end of that..
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar