Mac OS X Trojan! It's real

[bobotheclown]

It was inevitable.

http://arstechnica.com/apple/news/2011/09/mac-trojan-poses-as-pdf-to-open-botnet-backdoor.ars

[Jay]

No system is perfect and the more Apple and it's followers go around spouting crap saying how it's immune the more it will get attacked, it's a computer, it runs on code, there will always be a bug to exploit

There is that researcher who loves Apple and Mac's but loves to hack and find exploits them even more, he's found holes in OSX and the iPhones every year at hacking contests, it's very funny because it winds the devout Apple lickers up beyond belief 

[Adam]

And If we started a thread for every Windows trojan..... 

[Diamond Hell]

Then you'd realise how effective ant-virus programmes are and how commercial and massive the Windows world is in comparison to Apple. 

Let's face it, with prat-falls like this going on, Apple's hardly a shining beacon of programming excellence at the moment, is it:

http://crave.cnet.co.uk/software/mac-os-x-lion-passwords-can-be-changed-by-hackers-50005249/

[Jay]

And If we started a thread for every Windows trojan..... 

A lot of which are based on the same code. The code is bought, tinkered with a little to change what the infected PC's display and repackaged. It's big business and Mac's are being targeted too.

Should I point out that Apple has also released more patches for their software than Microsoft, because it's more buggy and exploitable? It's just there were not enough users to make it profitable.

Also, I would like to point out this thread was started by an Apple user

[Adam]

I know a lot about exploits in both systems. Doing digital forensics at the end of the day. I'm sure you will agree windows is far more easier to hack than mac systems. Yes this might be because the information and packages are already out there but none the less easier.

[Jay]

No, I won't agree that Windows is easier to hack than OS X.

Taking out the social engineering factors, which both OS's are susceptible too as it requires a user to run the application by tricking them into doing so. Lions security enhancements remain to be tested properly. However an exploit is an exploit, and if either system has one that an attacker uses then the argument in saying Z is more secure Y is immaterial

The service feature pack that is Lion has only just brought in technology that Windows has had for years to mitigate exploits and hacks(Full ASLR). Application sandboxing only has to be implemented in Mac App store Apps, starting in November - thus any downloaded App from a website won't be run in a sandbox afaik, essentially making the sandboxing little more than a publicity stunt.  Where do most Windows infections come from? Browser exploits and downloaded files.

Some light reading for you:
http://en.wikipedia.org/wiki/Charlie_Miller_(security_researcher)
http://www.guardian.co.uk/technology/blog/2009/mar/20/browser-economics
http://www.neowin.net/news/charlie-miller-windows-7--ie-8-or-chrome-provides-safest-computing-experience

One I like the most, turning every Macbook into a potential bomb:
http://www.tomshardware.co.uk/charlie-miller-battery-hack-security,review-32242.html

[Adam]

No, I won't agree that Windows is easier to hack than OS X.

Taking out the social engineering factors, which both OS's are susceptible too as it requires a user to run the application by tricking them into doing so. Lions security enhancements remain to be tested properly. However an exploit is an exploit, and if either system has one that an attacker uses then the argument in saying Z is more secure Y is immaterial

The service feature pack that is Lion has only just brought in technology that Windows has had for years to mitigate exploits and hacks(Full ASLR). Application sandboxing only has to be implemented in Mac App store Apps, starting in November - thus any downloaded App from a website won't be run in a sandbox afaik, essentially making the sandboxing little more than a publicity stunt.  Where do most Windows infections come from? Browser exploits and downloaded files.

Some light reading for you:
http://en.wikipedia.org/wiki/Charlie_Miller_(security_researcher)
http://www.guardian.co.uk/technology/blog/2009/mar/20/browser-economics
http://www.neowin.net/news/charlie-miller-windows-7--ie-8-or-chrome-provides-safest-computing-experience

One I like the most, turning every Macbook into a potential bomb:
http://www.tomshardware.co.uk/charlie-miller-battery-hack-security,review-32242.html

This is only going on my personal experiences and research for University. I will be trying to find exploits for the Lion come the end of October Thanks for the reading material

I admit the most of trojans for the Mac are more social engineering over silent placement. As they say the weakest bit of the system is the numpty using it.

[russ-vdub]

Then you'd realise how effective ant-virus programmes are and how commercial and massive the Windows world is in comparison to Apple. 

Let's face it, with prat-falls like this going on, Apple's hardly a shining beacon of programming excellence at the moment, is it:

http://crave.cnet.co.uk/software/mac-os-x-lion-passwords-can-be-changed-by-hackers-50005249/

Should you be worried? Not if you're the only user of your Mac. Miscreants can only take advantage of the bug -- calling it a hack is a bit strong -- if they have local access to the computer and Directory Service access. That means the only people who can mess with your stuff are people who've had accounts set up for them.

[F17BAD]

windows sucks balls..