This is no different than what the hackers do with WinOS.
You think they find the exploits over night?
It takes some skill and work to do it.
Now before you blast me let me say this.
All OS's are exploitable. Some make it easier than others so they
gravitate to this,
Plus remember with Windoze at 90+% of all computers being used they
will hack and crack at Windows all day long as it gives them the best returns.
I am not defending the programmers as I am sure they could make it harder.
Stewart
At 12:41 PM 7/23/2009, you wrote:
I see where you get that from, but for me, the fact that this all occurs
over months ("Several months ago, he had done some poking around the Mac
OS X's operating system and applications looking for vulnerabilities and
found a few promising places") leaves me with a different sense of
timing.
Thank you,
Mark Snyder
-----Original Message-----
Sure.
http://www.securityfocus.com/news/11461
Note Dai Zovi admits to being a mac fanboy also. Here is a relevant few
paragraphs. I love at the end where he practically talks to Tom. In
all he found the flaw friday morning, wrote the exploit in a couple
hours and then the exploit took seconds to take down the mac.
*At about 10 p.m., the New York City-based security expert sat down and
started looking in likely places for a serious bug that could satisfy
the challenge. Several months ago, he had done some poking around the
Mac OS X's operating system and applications looking for vulnerabilities
and found a few promising places in the software that could hide flaws,
Dai Zovi said. Checking the suspect code early Friday morning, Dai Zovi
discovered a single
flaw.*
* "I only found one," he said. "But by later that morning, I had a
working
exploit."*
* Despite their success, Dai Zovi and Macaulay are not maintaining that
the Mac OS X is any more or less secure than, say, a Windows Vista
system or some variant of Unix. While Macaulay uses a MacBook installed
with Windows Vista, Dai Zovi considers himself a Mac fanboy and uses
Macs regularly. The contest just shows that Mac users have to worry
about vulnerabilities just as much as other computer users, Dai Zovi
said. It's a fact of life with which all security experts are familiar,
but to which some Mac users seem resistant.*
* "It works. It is real. This is not something that I have made up," Dai
Zovi said. "It seems that a lot of people harbor the belief that the Mac
doesn't have these problems, but it does."*
On Thu, Jul 23, 2009 at 8:15 AM, Snyder, Mark - IdM (IS) <
mark.sny...@ngc.com> wrote:
> Mike, can you defend this "couple of hours" with reference? I recall
> reading that he spent several days or a few weeks finding the
> vulnerability and writing the exploit script before the Pwn2own
> competition (I searched, but found no reference to offer).
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
Rev. Stewart A. Marshall
mailto:popoz...@earthlink.net
Prince of Peace www.princeofpeaceozark.org
Ozark, AL SL 82
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
