# $10,000 Mac hack affects Windows too



## nepcker (Apr 26, 2007)

A few days ago, there was some news titled "*Myth crushed as hacker shows Mac break-in*". That title was incorrect -- it should have been "*Hackers fail to break into mac, so organizers changed the rule*"*.* That wasn't actually a hack for Mac OS X, as it only compromised a user account. The Mac remained unhacked for many tries, and it wasn't until the event organizers opened the contest to non-attendees that one successful attack was made.

But now the bug that helped security researcher Dino Dai Zovi claim a $10,000 prize at last week’s CanSecWest security conference affects Windows systems too.



> The flaw that Dai Zovi exploited actually lies in the way Apple’s QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com’s TippingPoint division, which put up the $10,000 prize. QuickTime runs on both Windows and the Mac.
> 
> When first reported, last week Dai Zovi’s bug was thought to lie in Apple’s Safari browser, a standard component of Mac OS X. But users of Firefox — which supports QuickTime on both Windows and the Mac — are also at risk, Forslof said Tuesday.
> 
> ...


Source

Just apply the latest patches to QuickTime, and you should be safe.


----------



## gxsaurav (Apr 26, 2007)

Wait, an user opens an OS & can he work without any application running? That hack did affected Safari which is again made by Apple to hack in MacOS X, whats the difference then one available for Windows using some bug in IE? Aren't they both the same things...? Ways to hack in an OS.

Anyway, this new flaw which affects windows is a flaw in quicktime java, & again Quicktime is made by Apple.


----------



## iMav (Apr 26, 2007)

arre gx ... woh bina safari k hi internet use browse karta hai .... hey nepcker a news flash for u .... use an Out of box windows vista/xp dont use any application and just boot and keep it it wont get hacked


----------



## gxsaurav (Apr 26, 2007)

mAV3 said:
			
		

> arre gx ... woh bina safari k hi internet use browse karta hai .... hey nepcker a news flash for u .... use an Out of box windows vista/xp dont use any application and just boot and keep it it wont get hacked



lolz


----------



## iMav (Apr 26, 2007)

not sure par agar 98 ko bhi boot kar k, use no appz i think it wont get hacked


----------



## gxsaurav (Apr 26, 2007)

Speaking of that old hack, umm...is it possible to hack a system on LAN with no file sharing or printer sharing or sharing available? I don't think so cos to hack a system on LAN that system must be shown in LAN or network neighbourhood or whatever the place is in your OS

This just in from neowin. That quicktime bug which was the reason for this hack affects all the other browsers. Apple should start fixing bugs in there existing products first.


----------



## shantanu (Apr 27, 2007)

kya!! bina browser ke internet... 

hey nepcker !! a fact for you!!! you know 90% hackers can hack MAc os.. but then they would be called crackers.. so they dont want to get their hands dirty.. and as a point of hack... nothing is the world is uncrackable and or unhackable...

so better keep the fanboyism low..


----------



## anandk (Apr 27, 2007)

shantanu_webmaster said:
			
		

> nothing is the world is uncrackable and or unhackable...



my line exactly. its just whter its worth hacking. and whats worthwhile for a hacker? recognition! positive or negative ! its just that 90%+ users use windows and thats whom he is therefore going to be targetting for thats where he is going to get more attention.


----------



## mehulved (Apr 27, 2007)

anandk said:
			
		

> my line exactly. its just whter its worth hacking. and whats worthwhile for a hacker? recognition! positive or negative ! its just that 90%+ users use windows and thats whom he is therefore going to be targetting for thats where he is going to get more attention.


 In fact they'd get more recognition and fame for hacking a platform that is considered more secure. So, they'd rather target mac/linux then windows for fame and recognition.
And hackers attack windows......lolz
it's more like script kiddies who do.


----------



## shantanu (Apr 27, 2007)

@tech_y_f do you really mean this , or just said it without any backup... this is not a script kid who hacks windows... and even in hacking Linux, no one will get anything.. as it is itself open.. and its not hard for a windows user who is having 1% knowledge of UNIX platform to hack into it.. here script works... i dont say it will take 3 mins or 5 or 25, but hacking linux, macs is not a big deal... infact if someone does it, then it wont be much difficult.. for windows... you must be remembering the BLASTER worm... that guy became famous overnight.. why ? coz he made a VIRUS for WINDOWS, and windows is the greatest platform of attraction to hackers for getting fame...

and kids dont make scripts... specially hacking ones...


----------



## anandk (Apr 27, 2007)

shantanu_webmaster said:
			
		

> and windows is the greatest platform of attraction to hackers for getting fame...



not many will understand this ! and even if they do; they'd prefer to play the ostrich  but then, each to his own !


----------



## gxsaurav (Apr 27, 2007)

tech_your_future said:
			
		

> In fact they'd get more recognition and fame for hacking a platform that is considered more secure. So, they'd rather target mac/linux then windows for fame and recognition.
> And hackers attack windows......lolz
> it's more like script kiddies who do.



I used to think of u as a sensible & helpful linux user, not a fanboy. But the truth is reveled today. You are a fanboy .

Just see above, a hacker just hacked Mac, how much recognition he got?


----------



## kalpik (Apr 27, 2007)

Hmm.. He's getting a lot of attention aint it! Its NEWS that someone hacked a mac.. Suppose there are 2 threads.. "Mac hacked" and "Windows Hacked", which one would most of the people open first? And i find no fanboyism in mehul's post..


----------



## praka123 (Apr 27, 2007)

May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
*whylinuxisbetter.net
*www.livingwithoutmicrosoft.org/


----------



## gxsaurav (Apr 27, 2007)

praka123 said:
			
		

> May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
> may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
> *whylinuxisbetter.net
> *www.livingwithoutmicrosoft.org/


 
Troll alert, who fed him

Again for no reason you are bashing Vista in this thread. Mind staying to the topic plz


----------



## aryayush (Apr 27, 2007)

kalpik said:
			
		

> And i find no fanboyism in mehul's post..


Of course you don't. You are a normal person after all.


----------



## Zeeshan Quireshi (Apr 27, 2007)

well as Recently published in a magazine , hacking is nowadays more of a profession than an obsession . Hackers target windows coz it's used by the majority and also Zero-Day Exploits for Windows fetch $30,000 - $50,000 per exploit  , this is not the case with Mac/GNU Linux . Which Adware company will pay u to find a hack in these OS ? 



			
				praka123 said:
			
		

> May be we should Organise a Windows Vista Hack fest and want 2 see how many of these fanboys will be there to see Vista thrashes out with Vulnerabilites.get it : UNIX is much more secure,whether it is Mac OS X or Linux or Freebsd.Windows is miserable wr.to security.we all know that.then why?How much more u want to curse this-the truth remains.I fully support @tech future,he told the truth.
> may be below site helps these geeks,hackers,brainees who think using Windows u attained Nirvana.check out ur options:
> *whylinuxisbetter.net
> *www.livingwithoutmicrosoft.org/



well as for u mate , let me tell u that i Use Windows XP and i DON'T have any Antivirus/Firewall installed n i haven't been affected by a single worm/adware/trojan/virus since 2 years. it's mostly the fault of the User not the OS who is respnsible for compromising his privacy , etc . now even if a person got folled by a phishing mail people would blame the OS


----------



## praka123 (Apr 27, 2007)

Well mate in that case you'll like to read this post:
*www.thinkdigit.com/forum/showpost.php?p=481647&postcount=2
UNIX like OS are more secure.


----------



## mediator (Apr 27, 2007)

> you must be remembering the BLASTER worm... that guy became famous overnight.. why ? coz he made a VIRUS for WINDOWS, and windows is the greatest platform of attraction to hackers for getting fame...


 What does a virus has to do with hacking? Don' confuse trojans with viruses! I feel really annoyed, when anti-viruses show trojans,malwares,adwares,spywares as viruses tooo making no room for user's enlightenment so that he can understand the differences!
And...script kiddies doesn't mean kids! 


That blaster guy got famous coz his work affected millions of windows PCs. Surely he wudn't have got famous if only a few PCs got affected! For that very reason the techies and forum phreaks like me know only about blaster,nimda and a few more and not the rest of the millions in the anti-virus's virus definitions!

Neways, I agree hacking windows isn't easy. Its no script kiddie task, not in the light of 3rd party security softwares! Security majorly depends on security/network admin. Its his work to customize, patch up and secure the system. A poorly administered system can be hacked easily "irrespective" of the OS. The network/system admin may not secure the system and leave it with the default settings. He may not be so technogically sound and may have taken that job in desperation without having interest in that field at all. So he might not be patching up the system daily either, leaving plenty of room for "zero day exploits" and with that its possible to hack into any system!!



			
				zeeshan_quireshi said:
			
		

> this is not the case with Mac/GNU Linux


 Being open source is the key here!


----------



## gxsaurav (Apr 27, 2007)

Prakka123,

Would u mind not hijacking the thread. None of us here is a windows fanboy we give proper reason for any flaw in Windows & acknoledge if it is bad, however we do not sing the same tune again & again that Windows is most user friendly, runs on millions on hardware configuration & what not. Then why do u show yourself as a Linux fanboy & for no reason advertise Linux. Those links you gave are just nonsence & FUD against Windows OS.

There are so many users in this forum using Windows OS without any 3rd party security software. Get over it dude & stop being a smug.

Mediator is right, I have seen Linux systems getting hacked & pwned on LAN using Linux OS runing on the hacking computer, just cos the system was not well maintained & set, also I have myself seen Linux users unable to hack in Windows Vista systems with security settings properly maintained. Now how those IGNOU BIT students did it is beyond my knowledge, i just set up the drivers & computers & provided Ubuntu ultimate & Vista, while configuring Vista.


----------



## Zeeshan Quireshi (Apr 28, 2007)

praka123 said:
			
		

> Well mate in that case you'll like to read this post:
> *www.thinkdigit.com/forum/showpost.php?p=481647&postcount=2
> UNIX like OS are more secure.



my point is , the OS is as secure as the user using it . 

so if the user is a fool then i think there's no sense blaming an OS .

and i didn't say nything of the sort that Unix was les secure , bla bla i only said it all deepended on the user , get it ?


----------



## nepcker (Apr 28, 2007)

At that event, nobody was able to break into mac. Several attempts, no success. Then the contest was open to non-attendees. Again, no success. Only one successful hack occurred after sending URLs via e-mail was allowed too.

As for fame and recognition, the Blaster worm guy got recognition because it was a serious threat. But this hack for OS X is *not* a serious threat.



> *www.macworld.co.uk/macsoftware/news/index.cfm?newsid=17871
> 
> Organizers of last week's MacBook Pro hack challenge Thursday disputed accounts that the QuickTime exploit that won the $10,000 prize was nicked from a wireless network and is now in circulation.
> 
> ...





> Hackers target windows coz it's used by the majority and also Zero-Day Exploits for Windows fetch $30,000 - $50,000 per exploit


Nah, you'll only get a few transcaucasian rubles if you find a exploit in Windows, for they are so common. But if you found an exploit in Mac OS X, you'll be awarded with $10,000 (as like Dino Dai Zovi, who found an exploit in QuickTime, and got rewarded for that).


----------



## gxsaurav (Apr 28, 2007)

nepcker said:
			
		

> At that event, nobody was able to break into mac. Several attempts, no success. Then the contest was open to non-attendees. Again, no success. Only one successful hack occurred after sending URLs via e-mail was allowed too.





			
				GX said:
			
		

> is it possible to hack a system on LAN with no file sharing or printer sharing or sharing available? I don't think so cos to hack a system on LAN that system must be shown in LAN or network neighbourhood or whatever the place is in your OS


 now what to say.


			
				nepcker said:
			
		

> But this hack for OS X is *not* a serious threat.


Yup it is not a serious threat despite of the fact that the *hacker was able to access the user folder*, was able to copy or delete or replace files there. Here is the thing, he was able to access the user files & he could have created havoc...still u say this is not a serious threat. Ya right. Whats more of a serious damage to u, your OS files getting curropt which can be fixed by simply reinstalling it or someone deleting the pics of your gf .

Even blaster worm was not a serious threat then, it only rebooted the machine on connecting to windows update, for those who don't use Windows Update it was *not *a serious threat either :-"


----------



## Zeeshan Quireshi (Apr 28, 2007)

nepcker said:
			
		

> Nah, you'll only get a few transcaucasian rubles if you find a exploit in Windows, for they are so common. But if you found an exploit in Mac OS X, you'll be awarded with $10,000 (as like Dino Dai Zovi, who found an exploit in QuickTime, and got rewarded for that).



well then i suggest u read the latest issue of CHIP mag , also u get money for finding exploits in windows coz adware/spyware companies can then use these exploits to market their product , etc . these companies r the ones that pay u for finding explots .

as for $10k for finding an exploit in mac , then well events like these happen once a year man , n u can't possible make a living earning $10k a year


----------



## nepcker (Apr 28, 2007)

Simple Random questions. Anyone can answer them?

1. They were having trouble hacking the "Macs"?
2. They changed the rules?
3. They allowed the Safari browser?
4. You had to load a plug-in for Safari for this to work?
5. Would I have been asked for permission to load the plugin?
6. If I didn't allow or load this plug-in would it still have worked?
7. They paid out money for a misleading media con against Apple?
8. Does anyone believe that anything man made is infallible?

And yeah, you can't make a living by finding exploits on OS X -- they're *way too* less on OS X when compared to Windows.


----------



## iMav (Apr 28, 2007)

^^ and your point is ... please read i have given a news flash for u on the first page itself ... read that and then revel in the macs past glorious


----------



## shantanu (Apr 28, 2007)

nepcker said:
			
		

> 8. Does anyone believe that anything man made is infallible?



really.. i think this was the first thing every body said.. except you.. and thank god , now you youself commited this...


----------



## nepcker (Apr 28, 2007)

*@**mAV3**:*www.thinkdigit.com/forum/member.php?u=12027*
I just meant to say that they cheated and lowered the security levels. Before the security levels were lowered no one could break in. So this break in is null and void as a real world break in. This seems to be a trend that has played out itself over and over again. People pretend to break in and create a big headline, but in the end the story is unfounded. The truth comes out later that, like in this case, they had to cheat in some way or another to get in. 

Thanks for the news flash. It works with Windows 98 too. 98 ran without any BSOD/error boxes/security threats for over 30 minutes. A new world record, I guess.

*@shantanu_webmaster:*
You were the one that said it, not every body. But I guess you were right.

But I've already accepted that Macs are indeed hackable, and that hacking a mac is *easier* the hack than hacking Windows. I've posted it before, but since you seem to have missed it, I'm posting it again:



> Yes, macs are hackable. What's more, hacking a mac is *way* too easier than hacking a Windows PC. Here are the steps which you can follow to hack a mac:
> 
> *Step 1:* Find a dude with a mac running.
> *Step 2:* Tap on his shoulder, and state something like _"Hey, is that Steve Jobs over there using an iPhone?"_.
> ...


----------



## freebird (Apr 28, 2007)

UNIX is much more secure by design itself my dear poor winblows users
be it mac os x,freebsd,linux any UNIX like OS.take it


----------



## Zeeshan Quireshi (Apr 28, 2007)

freebird said:
			
		

> UNIX is much more secure by design itself my dear poor winblows users
> be it mac os x,freebsd,linux any UNIX like OS.take it



well freebird , i clearly see that u r a FANBOY , pls keep ur comments to urself or we'll have to call GX


----------



## shantanu (Apr 28, 2007)

*1.  *If you boot up and surf the Web using a Windows PC without installing or configuring any security tools, it will likely pick up some piece of spyware, some adware, or a virus on it pretty quickly. By contrast, you can surf the Web using a Mac without changing any of the default install settings for months without problems. This is what most people point to as proof that Mac OS X must be more secure.

What really makes this example seem like evidence of Mac OS X as a perfectly secure operating system is that there are very *few viruses or other forms of malware that have been created to exploit flaws in Mac OS X.* 

There are multiple reasons for this; chief among them the fact that there are far fewer Macs in the world than there are Windows PCs. As a result, most malicious code writers choose to target Windows so that they can have a much wider impact. 

*2.   *Another factor is that until recently Mac OS X was designed to run only on Power PC processors, which use different instruction sets and assembly language than Intel or AMD processors. Although not an impossibly large hurdle to malicious users, this meant that malware needed to be coded with a payload specific to Power PC hardware rather than simply converting an existing payload to work with exploitable flaws in Mac OS X. Combined with the smaller user base, it historically resulted in far less interest in targeting Mac users. 

Security by obscurity, however, is not proof of a secure operating environment. It might not even be a comforting thought because it can lead to a general lackadaisical attitude toward security and widespread infection should a rapidly propagating virus or other malware be developed. *The truth is that although there have been few instances of malware or widespread attacks targeting Mac OS X, the platform is not perfectly secure. In fact, it does have a variety of vulnerabilities.*

*Kernel Weakness*

One of the weaknesses in Mac OS X is its combination of BSD Unix with the Mach kernel. The BSD nature of Mac OS X offers several security advantages: securelevels, a multiuser access control model, and the ability to limit the access that applications have to the kernel and other core operating components. All this offers improved security compared with most Windows releases.*But Windows Vista makes this go its own way, by enhancing the kernel to be more secure.*

However, the fact that the BSD architecture sits on top of the Mach kernel presents a weakness because it’s possible to use Mach-specific kernel services to circumvent BSD security features by passing system calls and instructions into the kernel itself. This could allow a malicious user with knowledge of the Mach kernel to carry out a number of normally restricted activities. 

There are also a number of known vulnerabilities to the Mach kernel. As with most kernel vulnerabilities, they are primarily related to system calls. Some of them have been used in the past to develop rootkits capable of patching the kernel and allowing a malicious user to infiltrate a system without detection. Apple has prevented known rootkits from being used to compromise the current release of Mac OS X. However, there continue to be ways in which malicious users or code can infiltrate the kernel and, by extension, compromise the entire operating system.

I think this can clear some myths and facts.


----------



## aryayush (Apr 28, 2007)

All it did was further drive the point home that Macs are highly secure. Yes, it did warn that it _might_ start getting infected by viruses in future. LOL! Haven't we been hearing that since ages?

I use my Mac with the default settings and the firewall turned on. I use the administrator account (which is password protected) and I do not use any security software. I open every link I come across without any fear and I use P2P software. I will believe that Macs are not as secure as they are touted to be the day I get hit with virus or spyware. I couldn't care less about the reasons why Mac OS X is secure.

And your post has been reported for not mentioning the source. You keep doing that all the time.


----------



## shantanu (Apr 28, 2007)

i dont think i did it any time.. report it and get as rude as you can

now you have to mention my each and every post coz you have said all the time.. plz mention the proof for that...


----------



## gxsaurav (Apr 28, 2007)

> Simple Random questions. Anyone can answer them?
> 
> 1. They were having trouble hacking the "Macs"?
> 2. They changed the rules?
> ...



1) Yup, we don't know the reason why. Maybe file & print sharing was disabled cos if it was enabled then it sure would have been possible or something like that. Just assuming cos i was not there

2) They changed the rule cos no one *there* was able to hack.

3) Obviously, can u expect any user in this world to work without a browser or without any application runing like I mentioned in post 2

4) For your kind info, Quicktime plugin is loaded in Safari or all browsers in Mac automatically.

5) Nope, it is a Apple browser plugin from Apple Quicktime, it comes under trusted plugins.

6) If u disable Quicktime plugin Safari then it will have 0 Multimedia capabilities in it.

7) They paid moeny for succesfully hacking Mac. Stop being such a bad defender.

^^^^ arya, what if unlike u he actully wrote it from his own experience


----------



## freebird (Apr 28, 2007)

@shantanu' quote source @:
*www.informit.com/articles/article.asp?p=712742&rl=1


----------



## gxsaurav (Apr 28, 2007)

^^^ bhai, u got lots of useless time to dig things on Net.


----------



## freebird (Apr 29, 2007)

^^ Now some useful eyeopener for U and many Win users:
*Why is Linux more secure than Vista?*

                               In Vista Security A Joke? : Executables Install As Administrator Because It’s More Convenient, Vista gets dinged for prompting users to run installer executables as Administrator.
 The article gets it wrong though.  How many Linux users out there have done this?
sudo make install
sudo yum install my-favorite-app
tar xzvf my-favorite-app.tar.gz; cd my-favorite-app; sudo ./install.sh
I don’t know a popular distro that doesn’t also prompt the user to install software or modify system settings as root. So, on the surface, the Vista model and the Linux model are the same. Installing software requires elevated privileges, and comes down to a judgement call on the part of the user.
 Where Linux security differs is in the nature of the software installed. The majority of software on Linux, virtually all the software that the typical end-user will use, is open-source software.
 Open source is a different world. You won’t see open-source malware-infected spyware. Open source software sells itself its merits to the user, rather than by being a gatekeeper to what the user wants to do, like play a movie, a game or edit a photo.
 The motivation behind open source is to make something useful, build a community around it, and then profit from the market generated by that community, rather than put a cover charge on the party.
 This is the antithesis of spyware/malware/adware, which tries to pose itself to the potential user as a solution, and then feed off of the user as a parasite. This parasite cannot survive when exposed and publicized. Parasites don’t get invited to the party, and they get found out and kicked out pretty quick.
*  Its been argued that Linux security is only due to the fact that there isn’t enough Linux marketshare to make attacking it worthwhile. I disagree, I think the open source model scales. Even if Linux and Windows marketshare were equal, I would argue that malware would be virutally non-existent on Linux. Open source communities that meet the popular needs of users would be even more motivated to do so, as the communities around them would be more profitable.  They would receieve even more corporate sponsorship, and distribution to end users, audited and certified by the distros, would have more choices.*
 It is probably a good idea to have the OS install software in a semi-restricted environment, or provide different levels of security, but I don’t know of *any* popular distribution that does this.  But no OS will ever be able to make the final security judgement call for the user, unless the computer is reduced to the restricted environment of a game console.




source:
*cmars.wordpress.com/2007/02/14/why-is-linux-more-secure-than-vista/#comment-103
Open Source rules!


----------



## gxsaurav (Apr 29, 2007)

So, for open source we have to assume that the guy coding is a nice guy & not a hacker & he is giving his code for free without any benifits from him & all for charity. 

freebird, you should be hired by linux companies for best marketing methodology by spreading FUD. . Are yaar we know all this Unix thing...kuch naya bol. Vista has fixed the security learning things fron the past, why don't u accept that.

Microsoft - Damned if they do, Damned if they don't.


----------



## iMav (Apr 29, 2007)

it is a matter of self pride and an elevation to an individuals rather insecure state of mind by saying that i use mac or linux ... coz windows being so widely used ppl feel its below their dignity to use it and those using it are considered to b fools for some absurd reason


----------



## freebird (Apr 29, 2007)

^^ ur avatar says.I also believes the same.I cant buy Vista or for that matter any windows.so that means the only other way(if not gifted) is to Pirate for most average ppl.

Yes.dont feel that there wont be jobs for software professionals when M$ lost its monopoly.You can make money from FOSS.the options as of now are growing.
We,The Open SOurce users are way better in keeping away from piracy unlike many of our forum users themself.have some respect even though i know u hate the growth of Open SOurce atleast we r not pirating ur windows os.

Why do i post the virutes of Open source here?do u know what is FUD,patent warfare and other things this huge monopoly does to Linux and FOSS.if u r not taking sides.U'll understand.this is not insecurity-it is a war against MSFT to save Open SOurce.
if u regularly read linux.slashdot.org or some other sites,u'll understand what is monopoly M$ doing for us.
BTW:
I dont even want vista or mac even if anyone give it FREE. can use it as a kitchen TV


----------



## shantanu (Apr 29, 2007)

@freebird: we are not fighting wars here, then it is not our windows and your linux.. Dont own it.. use it.. and who are you to save open source and we to save windows.. just think before you post..


----------



## aryayush (Apr 29, 2007)

freebird said:
			
		

> BTW:
> I dont even want vista or mac even if anyone give it FREE. can use it as a kitchen TV


Yeah, no one is going to give them to you for free, so you don't have to worry about that. Buy a separate kitchen TV.


----------



## nepcker (Apr 29, 2007)

> 1) Yup, we don't know the reason why. Maybe file & print sharing was disabled cos if it was enabled then it sure would have been possible or something like that. Just assuming cos i was not there


No, file-sharing and print sharing was *not* disabled. The security of macs were actually *lowered*. The mac is incredibly secure. *No one* could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.



> 2) They changed the rule cos no one *there* was able to hack.


 That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.



> 4) For your kind info, Quicktime plugin is loaded in Safari or all browsers in Mac automatically.


 I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source)

So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.



> 6) If u disable Quicktime plugin Safari then it will have 0 Multimedia capabilities in it.


 Even if I disable QuickTime, Flash will always be there, and sites like YouTube, Google Videos, etc. use Flash. I *can* experience multimedia experience without QuickTime, but I'll just miss a *lot* of multimedia contents.

But I don't think that I will ever disable Quick Time.


----------



## iMav (Apr 29, 2007)

dude y dont u understand for a fact that like the mac if u disable all the things u are saying the windows is also as secure in that case ...


----------



## Zeeshan Quireshi (Apr 29, 2007)

mAV3 said:
			
		

> it is a matter of self pride and an elevation to an individuals rather insecure state of mind by saying that i use mac or linux ... coz windows being so widely used ppl feel its below their dignity to use it and those using it are considered to b fools for some absurd reason



great point dude    



			
				freebird said:
			
		

> I dont even want vista or mac even if anyone give it FREE. can use it as a kitchen TV



seems like the poor guy never played ny good games 



			
				aryayush said:
			
		

> Yeah, no one is going to give them to you for free, so you don't have to worry about that. Buy a separate kitchen TV.



i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible ,  there's no way he can use such a TV , sheesh


----------



## gxsaurav (Apr 29, 2007)

> *No, file-sharing and print sharing was not disabled.* The security of macs were actually *lowered*.


I mentioned that I have no proof that it was enabled or disabled. Do you have a proof that it was not disabled? Plz provide source.



> The mac is incredibly secure. *No one* could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.


 How what to say. If I know your IP address & got a backdoor in Mac obviously I can start a remote desktop session.



> That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.


Isn't this how most of the Computers get hacked, like Windows. They get a mail with some malicious link which on clicking  gives problems. So this is close to a real world sceneario.

Now if you think that in Windows just opening up a website will hack your computer without clicking on any link....then u r.....<censored> 



> the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language


Yup, bug in *Apple Quicktime Media Player*. How different it is then some bug in WMP with JAVA? I mean the player is flawed in both cases, so this doesn't makes the Mac automatically secure. You have it disabled, WIndows doesn't even comes with JAVA Runtime by default then considering that Windows is more secure with this flaw compared to Mac. There are many Mac users who have in enabled by default.



> *I can* experience multimedia experience without QuickTime, but I'll just miss a *lot* of multimedia contents.


No U cannot, Mac uses Quicktime engine to play mp3, midi or whatever embeded in Webpage not just Flash. You cannot experience lot, yes.



			
				mav3 said:
			
		

> dude y dont u understand for a fact that like the mac if u disable all the things u are saying the windows is also as secure in that case ...


 R U kidding me, how can he understand this. He browses the internet without a browser. He works on Mac pro without running any application.



			
				Zeeshan said:
			
		

> i bet he's not gonna buy a TV too , the Firmware used in the TV is not Open Source n the blueprints of all the components of the TV r not publicly accessible , there's no way he can use such a TV , sheesh


Lolz....tooo good chote nawab


----------



## shantanu (Apr 29, 2007)

nepcker said:
			
		

> No, file-sharing and print sharing was *not* disabled. The security of macs were actually *lowered*. The mac is incredibly secure. *No one* could hack in to mac remotely. If it was a Windows machine, it would have been compromised a long ago.
> 
> That's one of the reasons. The other reason is that no one was able to hack in to mac remotely, and sending URLs via e-mail was allowed too. That's the second change in rules.
> 
> ...


 
what do you know about hacking, methods and techniques, what scripts or port access is used.. what are the perfect ways.. 

if you did some research , then clear this also that when last time to tried to break something.. 

and just saying remotely and all cant make sense that you are even understanding the point and technique which the hacker used...


----------



## eddie (Apr 30, 2007)

nepcker said:
			
		

> I did a little reasearch about the hack, and here's how the hack works: the flaw that Dai Zovi exploited actually lies in the way Apple's QuickTime Media Player works with the Java programming language, according to Terri Forslof, manager of security response at 3Com's TippingPoint division, which put up the $10,000 prize. (Source)
> 
> So, if you disable Java in Safari, you'll have no risk. Fortunately, I have it disabled. There are extremely limited no. of websites that use Java today, so this shouldn't be a problem. When you want Java, you can just re-enable it.


 Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.


----------



## infra_red_dude (Apr 30, 2007)

^^^ valid point eddie. disabling javascript will surely impair website compatibility.


----------



## gxsaurav (Apr 30, 2007)

Most importent of them all,,,....orkut won't work


----------



## aryayush (Apr 30, 2007)

eddie said:
			
		

> Actually it is not just about Java as in Java applets. It is also about Java as in JavaScript. Now If you disable JavaScript then almost 40-50% (a random number, don't hold it against me) of sites on internet will not work correctly for you...so it sucks but there is no defense for it either.


AFAIK, and I might be wrong on this one, that hack is only for JAVA, not for JavaScript, which is completely different from JAVA.


----------



## eddie (Apr 30, 2007)

aryayush said:
			
		

> AFAIK, and I might be wrong on this one, that hack is only for JAVA, not for JavaScript, which is completely different from JAVA.


 You are wrong.


----------



## gxsaurav (Apr 30, 2007)

Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.

Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there.


----------



## aryayush (Apr 30, 2007)

eddie said:
			
		

> You are wrong.


Care to elaborate? What am I wrong about? That the hack is only for JAVA or that JavaScript is not the same as JAVA?


----------



## iMav (Apr 30, 2007)

hey nepcker and other mac fanboys this from mac world link posted in other thread on the same topic:

Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division—and took a lot of Mac users by surprise.

But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.

“Literally any piece of code is going to have vulnerabilities and the Mac is no exception,” said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.

Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. “Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them,” he said.

*Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.*

*“If a hacker turned their attention to the Mac, it would suffer just as much as Windows,” Wagner said. “Attacking the 95 percent of the market gets them more attention.”*

According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.



			
				aryayush said:
			
		

> Care to elaborate? What am I wrong about? That the hack is only for JAVA or that JavaScript is not the same as JAVA?


 he means the hack extends to java script


----------



## aryayush (Apr 30, 2007)

The article you posted has already been posted, most probably in this topic itself (or in the "myth crushed" topic).


----------



## iMav (Apr 30, 2007)

no wonder after reading it fellow members decided to tone their attitude down a  little in the thread .. o! well its straight from the horse's mouth as u once said arya ... mac world the mac experts ... until offcourse u claim that MS bought them as well


----------



## Zeeshan Quireshi (Apr 30, 2007)

well as far as i know JAVA n javascript r ENTIRELY different things .

java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .


----------



## nepcker (Apr 30, 2007)

I have iTunes running all the time. Safari is open when I'm browsing the net, and at other times, I'm using Photoshop, Final Cut Pro, Aperture, Keynote, or some other applications like games, etc.

You can indeed hack Windows without running any applications. It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.

There's *absolutely nothing* to do with JavaScript. Java and Javascript are two different things. The hack will *only* work if you have Java enabled. Whether JavaScript is enabled or not is not the matter of concern.

As I said before, disabling Java shouldn't be a problem, since very few sites today use Java. I only enable Java when I have to play certain online multiplayer games.

If I had to disable *JavaScript*, then it would have been a problem. Disabling it is almost like being disconnected from the internet.


----------



## mediator (Apr 30, 2007)

nepcker said:
			
		

> *You can indeed hack Windows without running any applications.* It just needs to be on some network or connected to the internet. But this wasn't possible on Mac.


U seem to be an expert on hacking. Can u give step by step instructions on how to hack windows....i.e XP with latest updates? Also, I want to hack Microsoft site u know!


----------



## nepcker (Apr 30, 2007)

Oops... messed up again... Here's what I *really* intended to say:
You *can* hack Windows which has no application running.

I didn't mean that you can hack Windows by just staring at your computer, without usinf any programs, but what I wanted to say was that you can hack Windows even if it isn't running any programs.


----------



## gxsaurav (Apr 30, 2007)

> You *can* hack Windows which has no application running.


Wow, & how do u do that? cos  by default the file & print sharing is enabled in windows only for the same workgroup with disabled public share & no application is running, Plz enlighten us.


----------



## mediator (Apr 30, 2007)

nepcker said:
			
		

> You can hack Windows which has no application running.


 "No applications" further means that no server application is running i.e no print and file sharing services, no telnet,http,ftp,ssh,daytime,snmp,smtp server etc. How will u even connect to windows then when such kind of applications aren't running?
BTW, "windows" itself is a software. How will u hack windows when windows isn't running?



			
				nepcker said:
			
		

> but what I wanted to say was that you can hack Windows *even if it isn't running any programs.*


 Hmm.....then hacking windows system running all kinds of server apps must be a child's play? Why don't we see Microsoft sites getting hacked each day then?

Please do provide some tutorials as I want to refine my hacking skills so as to "hack Windows which isn't even running any programs." ......i.e to hack an up-to-date windows systems in wateva way u mean!!


----------



## eddie (Apr 30, 2007)

For those who are discussing the JavaScript thing. I had read this thing on ITWeek and PCAuthority but I am sorry to say that I have not been able to locate it again. Since I can not mention any sources...I take those words back and apologise if I hurt any feelings. I still stand by what I read though. The vulnerability does involve JavaScript but in lack of sources...it is for every individual to believe what they want.


----------



## aryayush (May 1, 2007)

Zeeshan Quireshi said:
			
		

> well as far as i know JAVA n javascript r ENTIRELY different things .
> 
> java is a professional grade application development language whereas javascript(officially ECMAScript) is a scripting language not means for heavy duty development .


There you go. I did not know the exact difference but I was fairly certain that JAVA and JavaScript are entirely different languages.

And I was also right about the fact that this recent hacks exploits JAVA, not JavaScript.


----------



## iMav (May 1, 2007)

mediator said:
			
		

> "No applications" further means that no server application is running i.e no print and file sharing services, no telnet,http,ftp,ssh,daytime,snmp,smtp server etc. How will u even connect to windows then when such kind of applications aren't running?
> BTW, "windows" itself is a software. How will u hack windows when windows isn't running?
> 
> Hmm.....then hacking windows system running all kinds of server apps must be a child's play? Why don't we see Microsoft sites getting hacked each day then?


----------



## gxsaurav (May 1, 2007)

aryayush said:
			
		

> There you go. I did not know the exact difference but I was fairly certain that JAVA and JavaScript are entirely different languages.
> 
> And I was also right about the fact that this recent hacks exploits JAVA, not JavaScript.



JAVA Script - Language to call *JAVA applets* in a web browser or to link those Java applets running in a web browser to external plugins or decoders.

Suppose this is a hack of Javascript, even then Javascript function calls quicktime using JAVA, means if u disable java even then u will be exploited cos quicktime will require this JAVA applet (qtjava) to work.

If it comes to disabling, you can disable anything .


----------



## kalpik (May 1, 2007)

gx_saurav said:
			
		

> JAVA Script - Language to call *JAVA applets* in a web browser or to link those Java applets running in a web browser to external plugins or decoders.


May i know from where you got this? Cuz this is pure BS.



			
				gx_saurav said:
			
		

> *Javascript is a method to show JAVA apps or applets inside a web browser*. *DUe to JAVAscript things became cross platform & JAVA's became popular*, although now we have better cross platform technologies but still JAVAScript is used.


Oh boy.. What to say now.. You've left me speechless..


----------



## mehulved (May 1, 2007)

gx_saurav said:
			
		

> Javascript is a method to show JAVA apps or applets inside a web browser. DUe to JAVAscript things became cross platform & JAVA's became popular, although now we have better cross platform technologies but still JAVAScript is used.
> 
> Apple Mac has JAVA runtime already installed means JAVAScript & JAVA bugs are automatically there.


 I am totally dumbfounded by your supreme knowledge. Well I will archive it somewhere so I can recollect this whenever I try to learn java or javascript.


----------



## aryayush (May 1, 2007)

LOL! You won't have to learn both of them individually, mate - because both of them are the same. 



			
				tech_your_future said:
			
		

> I am totally dumbfounded by your supreme knowledge.


And here I was, thinking you'd be used to it by now. I am always confident that I can fall back on certain people on this forum whenever I need the opinion of a genius. 



			
				kalpik said:
			
		

> May i know from where you got this?


I would tell you the source but then I would risk being indecent. Well, here's a hint anyway: that place is not generally used for speech and it is nearer to the brain of the person in question (compared to the mouth)!


----------



## mediator (May 1, 2007)

> You won't have to learn both of them individually, mate - *because both of them are the same.*


?


For @all!


> So... what is the difference between Java and JavaScript anyway?
> 
> *They are both similar and quite different depending on how you look at them.* First their lineage:
> 
> ...


*www.htmlgoodies.com/beyond/javascript/article.php/3470971
Google for more to find out!


----------



## aryayush (May 1, 2007)

There are major differences between JAVA and JavaScript and the most important thing, in this context, is that a vulnerability discovered in QuickTime's handling of JAVA does not mean that JavaScript is also affected. Both Mac and Windows users can easily disable JAVA and they will be immune from this exploit.

That said, why should I have to do that! I won't. And Apple had better release a patch for it ASAP, as I am sure they will.

@mediator,
That reply was to a conversation we'd been having for the past few posts and it was a sarcastic comment. I know that JAVA is very different from JavaScript unlike some of the adults among us immature children who have "supreme knowledge".


----------



## mediator (May 1, 2007)

My reply wasn't specific to u brother. That's why I requested @all to read it and get their confusion cleared out. For a simple thing people r fighting and some r giving their expert opinions! That's why I quoted the whole thing coz first people ask for source and when u give it then they don't even bother to read the links either!


----------

