OS X on the radar of exploit-developers

[iago]

http://isc.sans.org/diary.php?storyid=1145

Getting scary! 

Of course:

The recent news of these vulnerabilities in the OS is getting plenty of attention.  [...]  I think there is some lazy journalism, and sensationalism afoot.  Yet, like any FUD-storm there is usually some kernel of truth. 

[Ergot]

Mmm I read about two of those vulnerabilities, both seem rather hard to pull off though.

[deadly7]

Yeah.  They don't seem very easy to pull off.

There's an exploit I've seen with Safari that allows a user to basically "rootkit" you, for the lack of a better word.  Basically the person gains complete access to your computer just because you visited a website via Safari.

[Warrior]

It's going to get pummeled by exploits, think about it: Apple has never had experience with being "under the scope" of hackers so to say. It should be interesting to see how it fares against how XP fairs (Seriously, it isn't hard to fare better)

[iago]

It's hard to say.  OS X was designed with security as a forethought rather than as an afterthought, so I think it could fair pretty well. 

[Nate]

Increasing Market Share will result in an increase in security issues.  Also targeting college students for your product is going to result in problems.

Anyways im waiting for the virus that corrupts iPods.

[Sidoh]

Increasing Market Share will result in an increase in security issues.  Also targeting college students for your product is going to result in problems.

Not necessarily.  I don't see anyone exploiting Google.

[iago]

Increasing Market Share will result in an increase in security issues.  Also targeting college students for your product is going to result in problems.

Not necessarily.  I don't see anyone exploiting Google.

There are actually a lot of exploits involving Google + other sites.  There was a recent worm spreading that used Google to find vulnerable hosts.  A guy at work had the book Google Hacking for Penetration Testers.  I flipped through it and it looked like a hell of a good read, but I never got around to reading it. 

My point is that although Google isn't directly targetted, some of its "weaknesses" are indirectly used. 

[Sidoh]

There are actually a lot of exploits involving Google + other sites.  There was a recent worm spreading that used Google to find vulnerable hosts.  A guy at work had the book Google Hacking for Penetration Testers.  I flipped through it and it looked like a hell of a good read, but I never got around to reading it. 

My point is that although Google isn't directly targetted, some of its "weaknesses" are indirectly used. 

Hehe, I heard about those.  I misused the word "exploit."

[iago]

Hehe, I heard about those.  I misused the word "exploit."

Welll, in a way.  I was kind of taking the word "exploit" to have a different meaning than you intended it to.  I realized I was doing it, but I still thought it was useful to point out. 

[Joe]

Increasing Market Share will result in an increase in security issues.  Also targeting college students for your product is going to result in problems.

Not necessarily.  I don't see anyone exploiting Google.

There are actually a lot of exploits involving Google + other sites.  There was a recent worm spreading that used Google to find vulnerable hosts.  A guy at work had the book Google Hacking for Penetration Testers.  I flipped through it and it looked like a hell of a good read, but I never got around to reading it. 

My point is that although Google isn't directly targetted, some of its "weaknesses" are indirectly used. 

I don't know if you'd consider this harmful, but there used to be a tool that would mount your Gmail account as a local hard drive and allow you to save files on to it, in the form of attachments.

[iago]

I don't think that's an exploit in any way.  I'd be surprised if Google did anything about it.  In fact, Google is planning (maybe beta-testing? I forget) a program called GDrive, I think, which lets you store your files on Google.