Infected XP computers unpatched
in [UK Mac]
|
Prev: Low-res icons in Dock?
Next: iPod touch won't update?
From: Woody on 19 Apr 2010 08:18 Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote: > On Mon, 19 Apr 2010 12:37:49 +0100, Jim <jim(a)magrathea.plus.com> > wrote: > >On 2010-04-19, Pd <peterd.news(a)gmail.invalid> wrote: > >> Jim <jim(a)magrathea.plus.com> wrote: > >> > >>> In other words, although Mac OS X is in no way immune, it's still > > > > harder > >>> than Windows. > >> > >> Charlie Miller did say he thought the Mac would be easier to hack, > >> although even then it required the user to click on a link. > > > >True, but could that be simply because Charlie is very, very familiar > > with > >the OS X security model? > > He's more familiar with cracking into Safari - I can't find any > descriptions of his results, but he got a command shell. There wasn't > a further step to get privs escalation to install anything beyond the > local user, so it wasn't a test of OSX as such. It seems likely you'd > get the same effect in Safari/Windows. > > The pwn2own compo sections are all targeted at the browser rather than > the OS. > > In passing, I don't use Safari. A quote which I assume was him when asked if he would target windows 7 or osx was that he would go for the mac as he was more familiar with it, but it made no difference as long as they were running flash His book is quite interesting, I intend to give it more time now I finished OU -- Woody
From: Jaimie Vandenbergh on 19 Apr 2010 08:29 On Mon, 19 Apr 2010 13:15:04 +0100, Chris Ridd <chrisridd(a)mac.com> wrote: >On 2010-04-19 13:02:30 +0100, Jim said: > >> On 2010-04-19, Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote: >>>>> >>>>> Charlie Miller did say he thought the Mac would be easier to hack, >>>>> although even then it required the user to click on a link. >>>> >>>> True, but could that be simply because Charlie is very, very familiar with >>>> the OS X security model? >>> >>> He's more familiar with cracking into Safari - I can't find any >>> descriptions of his results, but he got a command shell. There wasn't >>> a further step to get privs escalation to install anything beyond the >>> local user, so it wasn't a test of OSX as such. It seems likely you'd >>> get the same effect in Safari/Windows. >> >> Actually, was it Safari or Webkit? > >It was a bug in Apple Type Services, presumably some kind of malformed >font. I don't know whether that would affect Safari on Windows. Ooh, that is interesting - have you got a pointer with more info? Cheers - Jaimie -- "How to Stop the System for Recovery Purposes" - chapter heading, Sun Microsystems System Administration Guide
From: Chris Ridd on 19 Apr 2010 08:34 On 2010-04-19 13:29:49 +0100, Jaimie Vandenbergh said: > On Mon, 19 Apr 2010 13:15:04 +0100, Chris Ridd <chrisridd(a)mac.com> > wrote: > >> On 2010-04-19 13:02:30 +0100, Jim said: >> >>> On 2010-04-19, Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote: >>>>>> >>>>>> Charlie Miller did say he thought the Mac would be easier to hack, >>>>>> although even then it required the user to click on a link. >>>>> >>>>> True, but could that be simply because Charlie is very, very familiar with >>>>> the OS X security model? >>>> >>>> He's more familiar with cracking into Safari - I can't find any >>>> descriptions of his results, but he got a command shell. There wasn't >>>> a further step to get privs escalation to install anything beyond the >>>> local user, so it wasn't a test of OSX as such. It seems likely you'd >>>> get the same effect in Safari/Windows. >>> >>> Actually, was it Safari or Webkit? >> >> It was a bug in Apple Type Services, presumably some kind of malformed >> font. I don't know whether that would affect Safari on Windows. > > Ooh, that is interesting - have you got a pointer with more info? <http://support.apple.com/kb/HT4131> describing the security update. -- Chris
From: Jaimie Vandenbergh on 19 Apr 2010 08:41 On Mon, 19 Apr 2010 13:34:16 +0100, Chris Ridd <chrisridd(a)mac.com> wrote: >On 2010-04-19 13:29:49 +0100, Jaimie Vandenbergh said: > >> On Mon, 19 Apr 2010 13:15:04 +0100, Chris Ridd <chrisridd(a)mac.com> >> wrote: >> >>> On 2010-04-19 13:02:30 +0100, Jim said: >>> >>>> On 2010-04-19, Jaimie Vandenbergh <jaimie(a)sometimes.sessile.org> wrote: >>>>>>> >>>>>>> Charlie Miller did say he thought the Mac would be easier to hack, >>>>>>> although even then it required the user to click on a link. >>>>>> >>>>>> True, but could that be simply because Charlie is very, very familiar with >>>>>> the OS X security model? >>>>> >>>>> He's more familiar with cracking into Safari - I can't find any >>>>> descriptions of his results, but he got a command shell. There wasn't >>>>> a further step to get privs escalation to install anything beyond the >>>>> local user, so it wasn't a test of OSX as such. It seems likely you'd >>>>> get the same effect in Safari/Windows. >>>> >>>> Actually, was it Safari or Webkit? >>> >>> It was a bug in Apple Type Services, presumably some kind of malformed >>> font. I don't know whether that would affect Safari on Windows. >> >> Ooh, that is interesting - have you got a pointer with more info? > ><http://support.apple.com/kb/HT4131> describing the security update. Aw, I was hoping for more of a blow-by-blow on the Pwn2Own results. Not how to do them, but info. The notes at the botton of the page at <http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010> are very interesting and I'd like a little more. Cheers - Jaimie -- #include "clue.h"
From: Ric on 19 Apr 2010 08:58
On Apr 18, 4:39 pm, peterd.n...(a)gmail.invalid (Pd) wrote: > <http://news.bbc.co.uk/1/hi/technology/8624560.stm> > > This is brilliant. "The latest updates can spot if a system is > compromised by the Alureon rootkit and halt installation." > > So basically Microsoft have said it's better to have a working infected > machine than a non-working one. After all, the Alureon virus only > "monitors net traffic and plucks out user names, passwords and credit > card numbers. It also gives attackers a back door into infected > machines." > > Never mind the rest of society that is adversely affected by an infected > computer, as long as the user isn't inconvenienced. That's the attitude > that gave us infectable computers in the first place. > > -- > Pd Bollocks. Absolute misunderstanding of the issue here. Rootkit compromises PC. Rootkit (illegally) calls direct to area of memory to execute malware. MS patch comes along, patches *different* DLLs totally unrelated to rootkit. Rootkit now calls to area of memory now occupied by something else and BSODs machine. MS can either release the patch to all, KNOWING THAT IT WILL DEFINITELY BSOD ANY ROOTKITTED PC, or check for presence of specific rootkit THAT WILL BSOD PC and alert to not install the patch on these machines. This way users can apply the patch to un-rootkitted PCs safely, and ones that are infected can be cleaned/backedup and rebuilt/ generally sorted without just being killed one day by a patch. MS can't do anything better than this (other than stopping a rootkit in the first place but these are usually trojans the user installs themselves) - portraying it as "nasty MS not patching some people's machines" is sensationalist idiocy. Should the patch contain a replacement for all DLLs on a system? Good luck with that |