Friday, February 20, 2009

Unsafe At Any [Connection] Speed

by Kevin M Nixon, MSA, CISSP®, CISM®, CGEIT®

Introduction

I was surprised and very concerned at the number of responses I received to my article regarding a Blended Hack Attack.  The article was about how Hackers tricked people into going to a website to check to see if they had received a Parking Ticket.

Now, the creativity of combining a Social Engineering attack with a fake website is amazing but what really got me going were the number of people that think that using Apple's Macintosh system is "protection" against an attack.

I also realized that when one can remember the evolution of a hardware platform from an 8-bit processor chip with a dual 8" floppy storage system to the Mega Systems of today; that proves one thing.  I’m getting old!

Yes, A Mac Can Be Hacked and Infected Just Like PCs

Prior to January 1984, Apple had the Apple I, Apple II, and the Apple III.  There were no hard drives they ran on Dual 8" Floppy disks. The Apple I and II were Command Line systems.  No Mouse here.  The motherboard contained a single MOS 6502 8-bit chip! Steve Wozniak modified a version of BASIC and after using the booting with the floppy, the Boot Disk was removed and then the single application floppy was inserted into A: and the ONLY Commercially Off The Shelf application was Visicalc.  Apple-II improved speed by using the memory in the CRT device.  When the Apple III was released it came with Visicalc pre-burned on the chip. 

Then the world changed on January 22, 1984 during the 3rd quarter of Super Bowl XVIII when Apple unveiled the Macintosh 128K. This was the first MAC.  Up till then the devices were all named Apple.

Two days after the 1984 ad aired, the Macintosh went on sale. It came bundled with two applications designed to show off its interface: MacWrite and MacPaint.

>See Timeline of Mac Models

Apple is a vertically integrated product, meaning that Apple controls every aspect of the product including the operating system. The OSX operating system will only work on Apple computers.  

Despite the $1.5 Million spent on the Super Bowl Ad plus an additional $2.5 Million spent for a 39 page advertising brochure in Newsweek, Apple continued to struggle, due to various problems, such as lack of OS compatible application software, the monochrome-only display and the closed architecture.

Apple eventually gained success as a result of its introduction of desktop publishing (and later computer animation) through Apple's partnership with Adobe Systems which introduced the laser printer and Adobe PageMaker. Indeed, the Macintosh would become known as the de-facto platform for many industries including cinema, music, publishing and the arts.

Apple did briefly license some of its own application designs, but Apple did not allow other computer makers to "clone" the Mac until the 1990s, long after Microsoft dominated the marketplace with its broad licensing program. By then, it was too late for Apple to reclaim its lost market share.

At the 1997 Macworld Expo, Steve Jobs announced that Apple would be entering into partnership with Microsoft. Included in this was a five-year commitment from Microsoft to release Microsoft Office for Macintosh as well a US$150 million investment in Apple. It was also announced that Internet Explorer would be shipped as the default browser on the Macintosh.

Today, a modern Mac can boot on a Windows operating system with the boot camp utility, which lets you chose between OSX and Windows when starting the computer.

A PC is a generic architecture design of hardware that will allow a Linux or Windows operating system to boot.

PC manufactures' rely on OEM software, and do not vertically integrate their products.

As a result of the interoperability of PC architecture, PC's have around 95% market share, this is good news for the availability of software, and bad news for the availability of viruses.

The 2 Minute Mac-Hack

(source: Mac Hacked In Under 2 Minutes )

Within 2 minutes, of directing a MAC to a Web site that contained exploit code, the computer was under the hacker's control.

The hacker (Charlie Miller) was given a $10,000 cash prize AND was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug with anyone but Apple.

The Contest rules stated that the hacker could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

So is an Apple Mac immune to Hacks, Worms or a Virus?  NO!

Every Mac owner needs to be just as concerned as a PC owner.

If a Mac was not able to be hacked or infected why would the Apple Support Website publish Security Update Patches?  Mac owners should review the following pages at Apple support and update and patch just like 95% of all computer owners!

From the Apple Support Website:
Apple Security Updates
Apple security updates (25-Jan-2005 to 21-Dec-2007)
Apple security updates (03-Oct-2003 to 11-Jan-2005)
Apple security updates (August, 2003 and earlier)
VirusBarrier X5

© Copyright 2009 – Kevin M. Nixon – All Rights Reserved – See: Information Security Resources
(This article may be reprinted in whole or in part only with proper attribution to the author.)

 

No comments:

Powered By Blogger