A collaboration from 3 SPSU students, enrolled in IT6753, on Web Application Security.
Monday, February 24, 2014
So you thought you were safe on a Mac? LOL
Apple SSL Vulnerability Affects OSX Too - ThreatPost
Being an avid Apple user, I have had to crush the dreams of several other Apple fans when it comes to the security of their beloved operating system. I switched from using a Windows based PC to an Apple full-time shortly after being subjected to Vista. Though I had never owned an Apple of my own until that point, my husband and several friends have always preferred their computers over mine, boasting about how secure they were and how vulnerable I was. No matter who would make the comment, I would let them know that they were never any more secure than I was, and in fact could be more vulnerable.
Mac's operating system was not built more secure than Window's OS, there is no magic code that Apple has implemented that has made their OS insusceptible or invisible to hackers. Less people used Macs. More importantly to hackers, less BIG business money makers used Macs. If a hacker was looking to threaten a massive audience, or to steal valuable information, then the amount of time they spent searching for a vulnerability and then implementing a strategy had better be a sure bet. And with most of the world running on the Window's OS, this is their market! At least it was...
And it was this lack of a customer base using Apple's OS that gave users the facade that they were "safer" than their PC counterparts.
Now, the story of the century! Oh my goodness, the impenetrable Apple OS has a security vulnerability! I can't believe Apple would do this to US, it's beloved users!
How shocked would we be if Windows announced a security vulnerability was discovered?
Don't even get me started on the updates and patches to Windows that go almost unnoticed...almost.
Oh, COME ON! Give me a BREAK! Just one day before, Google released an update for Chrome to fix several high-level vulnerabilities:
Google Fixes 28 Security Flaws In Chrome 33 - ThreatPost
So a high-level security vulnerability has been discovered in Apple's OS, and we know this NOT because of any malicious attack or attempt, but because Apple has released an update to iOS to fix this issue and is creating a fix for OSX. And to that affect, I say thanks to Apple for releasing an update before a hacker discovered the vulnerability!
Subscribe to:
Post Comments (Atom)
Wikipedia
Search results
I was raised into a family of Mac users, and the prevailing thought among us were: Apple is secure, there's really no viruses for Mac at all, and why would hackers want to find vulnerabilities for Mac since pretty much no one except artists would use them? With more and more people going over to Mac, the probability of malicious intent rises. And according to this site, there's over 100 vulnerabilities identified by this community: http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/cvssscoremin-5/cvssscoremax-5.99/Apple-Mac-Os-X.html
ReplyDeleteDefinitely not the safe haven it once was!
True. Nothing in the internet world is 100% secure. Its just a matter of more secure or less secure. And also as you mentioned, hackers tend more towards the number of users and till now windows occupy majority market. Go for Linux since it is opensource and it has dedicated communities to fix bugs. Also this is not 100% secure but obviously fast and sleek.
ReplyDeleteApple is not the only company who has known vulnerabilities. There are several companies (even outside the computer industry) who know of faults but do not implement changes till a vast majority of the consumers are at risk.
ReplyDeleteRemember Toyota had that brake recall? They hired a statistician to run the numbers and determine the number of vehicles the brake failure affected, the likelihood of an accident occurring, the cost of issuing a recall, and the cost of litigation and bad PR if they didn't.
Could you imagine being that person? The person who presented the figures showing that the number of deaths and NOT recalling would save the company more money than issuing a recall!
Apple is guilty of not responding to known risks, Toyota is, even toy makers such as Mattell are.
I agree that Linux can be less risky because there is such a huge community that is highly responsive when a vulnerability is discovered. It is also less costly for the updates to be screened and released.
This discussion reminds me of web browsers and how a few years ago it became common knowledge that Internet Explorer was less-secure than something like Mozilla's Firefox, merely because most 'hackers' wanted to exploit something that would affect a higher percentage of users. I do wonder though, if there is a way to objectively evaluate which OS is actually more secure Windows or Mac - does such a study exist? Perhaps this is strange logic but could you assume that Windows is actually now more secure since it is being attacked much more often?
ReplyDeleteRyan, the UK just released a study and found Ubuntu (which is a Linux based OS) to be more secure!
ReplyDeleteAnd you are right about the browsers, I still avoid IE like the plague!
And that is pretty much the security issue Apple had. Part of the code allowed certificate signatures to be validated, even when they were not, because there was an additional "goto fail" written in the code! This meant that anyone accessing a website from Apple software was vulnerable to phishing sites (fake sites). This affected not just Safari, but also iTunes, iCal, and Mail.