Even though I'm in IT and know most of what you posted, that's some good stuff for a lot of other people, EarlyMon.
My guess its a "Safari" exploit was was taken advantage of and he got hacked via Safarai. I doubt the hack was done on the Evo unless he replied to some unknown email with his username and pw which im sure he wouldnt do. Safari browser has been hacked many times and very quickly. So in turn its not about OSX and WINDOWS but browser exploits are huge and easily done.
Safari Cracked in Seconds at Pwn2Own Hacking Competition | Gizmodo Australia
Thanks compadre - I think it's topical and I'm hoping it will help pivot the discussion to the relative strengths and weakness (if any in this regard) for any and all Android devices.
While Android is derived from Linux and while Linux is not BSD, Linux and BSD are sufficiently tough, and Linux has been somewhat pollenated via some of GNU's original BSD-based thinkers - so I gotta believe that Android is similarly tougher.
Thoughts?
Yes, this is true. Macs don't have some special virus force field. But what IS true is that nobody has really spent a lot of time developing a virus
Macs, like Linux, can in theory get viruses - it's just much harder to do given the unix underpinnings - especially process management - of those operating systems.
For a short while, Apple distributed the best 3rd party anti-virus program it could find, free, to all .Mac (now called MobileMe) users.
Like any anti-virus program, it tried to become an executive monitor - and in its attempt to override the normal system mechanisms, it quickly became virus-like in the widespread instabilities it caused. It was pulled down, we all dropped it and haven't looked back.
Much as the Windows community and virus/anti-virus industries like to proclaim that it's the small numbers non-win machines that have allowed them to escape the wrath of hackers, the plain and simple truth is that every jerk would love to be the one to proclaim to his haxoz buddies that he cracked OS X.
The other plain and simple truth is that unix systems are simply much, much tougher to infect.
The whole by-the-numbers argument applied to the classic OS (bye bye almost a decade ago), so guys, get with the program.
The best thing that Redmond could ever do would be to do what Apple did - admit that the whole infrastructure is just freaking wrong, gut it completely, and replace it with unix.
The roots of the Darwin/unix underpinning OS X is a combination of:
[*]modified Mach microkernel
[*]OpenBSD - the security standard in the industry
[*]NetBSD - the part of BSD upon which the internet was founded
[*]FreeBSD - the part of BSD that formed the basis for interoperability
There are security exploits to be found for OS X - plenty of them. You have to actually know what you're doing and how a system works to get to them - something lacking in the skill set of most virus writers - and users typically have to be using their system in some wide-open fashion to suffer from them.
Macs aren't protected by a virus force field - they're simply naturally immune. Windows machines, on the other hand, are naturally weak and the whole meme that Macs will somehow fall prey should their numbers ever get large enough is part of the Redmond reality distortion field (and yes, both sides have them).
As for it being a disaster waiting to happen - yeah, fine, whatever you guys want to believe.
While MS has taken over the server market for the web (just a short time back, that was all unix), I'd wager the best and most important sites are not invested in that technology.
By the time that OS X is overtaken with viruses, so too will large parts of the internet that you care most about - that will be the disaster.
Opinions do not equal facts and neither can facts be out-voted.
Given the vitriolic anti-Mac people in this forum, I'll just say in advance: flame away, I'll only answer intelligent remarks on the subject, not invective. I simply don't have time for it.
But before you reply - make sure your anti-virus stuff is up to date, mmmk?
Because the virus authors will always love to pick the low-hanging fruit.
PS - Throwing rocks at OS X is like throwing rocks at Linux - it's not even wrong.
The flood of Android devices is certainly exciting, let's just hope that the devs don't forget the secure background from where it was derived from.
Adobe is almost a #1 suspect for exploits yet we use them so much for PDFs and Flash! Grrrrr
btw... uhh question. is it because of rooted phones?
As pretty as that sounds, it's 100% wrong. Mac osx is the EASIEST os to crack & infect, and its been proven through multiple hacking contests over the last few years, and guess which os was first to fall, EVERY TIME. Yep, mac OSX.
And not all of them were safari exploits.
Macs are magically virus free (no known viruses in the wild). Why? Because OSX has not been targeted by any virus devs - they are too busy wrecking Windows. That doesn't make OSX any better more or secure than Windows, it just makes us Mac users lucky that Apple has a small enough market share that "hackers" don't find it worthwhile to make OSX viruses. There are a few OSX trojans out there though, so we still need to be careful what we download.
As pretty as that sounds, it's 100% wrong. Mac osx is the EASIEST os to crack & infect, and its been proven through multiple hacking contests over the
You and I have disagreed before, but my going in position is that's behind us.
First - it's not 100% wrong, and I don't mean that in the hair-splitting sense, because I don't think you did, either. I'm not going to retreat into pointing out that I said things like "much tougher to infect" or "naturally immune."
I've been following hacking contests for 15 years - so while I may have missed some somewhere - I've been trying hard to follow the modern contests for Linux, Windows, and OS X for this very exciting decade of development and evolution.
Now - the post you're questioning is strictly referring to viruses.
The contests have been trying for a number of attacks. So far as I recall, there was only one claim of OS X falling to a virus and that was 4 years back. An onslaught started at the contest, was picked up by Slashdot, and within 3 days, if my memory is correct, the claim was retracted because it wasn't a virus per se.
The cracks in the armor that I'm aware for all unices ALL involve direct exploits and nearly without exception seem to point back to the guilty parties being late to provide anti-exploit updates, with the largest majority of those coming seeming most often to come from OpenSSH gang - and whose recommended fixes are incorporated later by Apple than any similar distribution.
I refer specifically to this list of imperfections that I tend to pay close attention to (as well as a few other sources), personally:
Exploit world -- Everything (Solaris,FreeBSD,OpenBSD,NetBSD,BSDI,Sun Solaris,Linux,Microsoft Windows,SGI IRIX,HP HP-UX,IBM AIX, SCO, Digital ULTRIX/TRU64,Apple Macintosh,etc) section
As for Macs being cracked the fastest, unless I've been out of a loop somewhere - and that's completely possible - I don't think I've seen a "which OS can we crack the fastest?" contest since something like... what? 2001? 2003??
Windows was behing the curve for a new OS, it was falling fastest for that reason - and because the fanboy/hackers just hated it the most.
Within a contest or two, I thought we all decided that no one cared about those shoot-outs.
Following that, I recall the contests became subdivided and focused, by each particular OS and then by particular constraint or condition.
That's when things really heated up and got interesting because without the anti-Windows carnival atmosphere, hackers got down to business and within a very short time were waltzing into various unices thought to be secure.
I recall the event, but not the year or the *nix flavor where they did it in something like 30 seconds!
Those events have benefitted all users because it presents an acid test, and exceeds what even the blackhats do sometimes. (The blackhats performing a usually similar beneficial service.)
I can recall only complete security breakdown at the kernel level, allowing process jumping, and that was for a single Linux distribution.
I can recall zero of those exploits resulting in a virus injection into Mac OS X - aside from that one claim.
I can recall more viruses on Linux - but this article explains how to build a Linux virus in 5 easy steps - the principal ingredient being user stupidity:
How to write a Linux virus in 5 easy steps
I was busy whining about other exploits already while you were posting this missive I'm replying to - so my hands are clean.
I'm not saying that unices are perfect - but they are harder to infect with viruses - much more so than Windows.
If you would argue that Windows' first infection vector begins with user stupidity, too, I'll 100% agree with that.
But I think the fossil record is pretty clear:
[*]near-successful *nix viruses or virus attempts get no further than the user account
[*]total system infection is incredibly rare
[*]it has happened, however
[*]the same on Windows will trash the entire machine
[*]total system infection is not incredibly rare
You've identified yourself as a hacker in this thread, and I've a faint memory that you, too, may work in IT.
If so, or if you simply possess superior knowledge, I'm sincerely open to being educated as to any mistake I've made here.
Well we've also agreed on things before, and that is the beauty of healthy debate =). Your one of the few on here I take seriously, so take that as a complement.
Now yes the *nix can usually keep it contrained to the user and not su. But since osx is only based on unix and BSD, it has exploits other *nix's don't have? Many of which are still undiscovered.
Now that being said, let's fast forward to today, and win7 is still the most secure os to date.
Just like *nix, most infections are trapped in the user domain, and unless they are complete idiots with their sytem, and run full admin all the time, its just as safe or more safe as *nix. But even running as full admin, if you do get infected, it mostly will stay contrained in that user profile. So if you create a new on through the master admin(hopefully you have a completely separate admin account just for these rarities) and delete the old one, and then identify the process that's bad, search it out and kill it, most of the time your ok. Most of the time.
Now about my "hacking" days. I really wasn't a real hacker per se, as most (probably not you) people have the definition of a real hacker completely wrong.
What I was, is more along the lines of a script kiddie/program cracker, making modifications to sub7 servers to be undetectable, port scanning, packaging, and and disguising servers in various ways. Now keep in mind this was back in the win95/win98 days, when this stuff still worked. I also dabbled with packet sniffing & injection, and some assembly modifications for games and whatnot. (Not good at assembly, at all btw. That's not childs play)
This was also during my early teen years, and even single digits. Once I started reading stories of people getting caught, and tossed in jail, I immediately stopped my sub7 shennagins, and just "hacked" my way through games & such, doing basic hex edits, packet filtering & injection, etc. After that I got into web development, and that led me to design. That then led me to consulting and design supervisor for the family biz, doing silkscreen, embroidery, etc.
Keep in mind all of this is 100% self taught, and my actual education is in liberal arts lol... but now I'm at a crossroads. I really like the mobile scene, and I may go into application development, as I do have *some* background in java, but mostly javascript. But I'm also into multimedia production as well. So much I want to do, so little time. Especially with the amount of time I spend perusing this forum and tech sites, following technology with excitement at every turn, (geek? Lol I was a geek before it became cool ) I've also got a thing for making techno/dance music, and I'm getting better. I don't know if I want to pick a direction and fly, or be a jack of all trades. What to do......
But back on topic. When mac does get hit, it'll be just like most windows users. 100% user error, either an email or porn site they shouldn't have opened, or cracked program from piratebay, etc.
And to blow us all away, the scariest thing is, they are inching closer and closer to quantum computing. And when that happens, no networked computer will be safe, and one quantum computer can literally shut down every computer on the planet connected to the internet in one fell swoop, but for now that's still sci fi, (I hope), but its coming soon.(skynet anyone?)
Mac's have plenty of viruses....
Apple products are essentially the least secure on the market, but people think they are fine because of some stupid commercials with Justin Long.
I have a question. How does the gmail application on the evo work? Is it encrypted?
I ask this in response to the sniffers on an open network like starbucks...... I would think that one would have to be prudent when accessing web sites that require user/passwords that are not https......
You get a warning before you download an app telling you exactly what data it can and can't access. If this is such a big concern to a user, is it that hard to just not download those?
Loving the security info in this thread... and seeing there are some experts in house, vould someone explain some of the android security options?
I'm talking about credentials and certificates. What are they and how should I use them?
No, all the gmail hacking is because of China! THAT is why people's accounts are being compromised lately. Not entirely of course. There are hackers everywhere. But China seems to have a special little war going on with Google now.
Yes, this is true. Macs don't have some special virus force field. But what IS true is that nobody has really spent a lot of time developing a virus for them (yet). When they do, it'll be a disaster... but the point is that nobody really HAS yet.
So for an average computer user to say "my computer is a mac so it doesn't have any viruses"... well, right NOW that's accurate to say. Not sure why you felt the need to correct the person that said that because there was nothing to correct.
We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.