Friday, March 20, 2009

On hacking cute shiny objects (via Reddit)

"Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it."


Dzembu Gaijin said...

Yes, this is true. ( while old news of course)

Luckily, as one dude said, "bad guys" would rather steel Honda Civic than Jaguar :-) That is for now, while we still have like 6% of market or less.

I did a quick write up:

how to harden your "shiny" system a bit :-)

But basically, if you do not go to "bad sites" ( that may not yet be that wide spread for Macs) and/or disable JavaScript :-) you may still be kind of OK for now :-) they did not found/revealed any remote exploits this year, you had to go to hacked web site.

That to say, Windows + IE was hacked as well, despite all these "hardening". ( Vista+ FireFox 3.0 is a toughest cookie so far :-)

Bottom line : in real life and numbers ... Windows is still much less secure . That sucks, because they even install viruses on ATM ( that run Windows !!!) and it is no good :-(

Dzembu Gaijin said...

For the records:

"making it harder" or "been hacked first" is all just for the press. :-)

Once system was hacked, and all system was, sadly, it is all history and work on instance.

Weaponized ZeroDay kits are on market and they even run it for you and provide technical support :-)

So... it is all... screwed up. We need to do some thing about it.

The current computer architecture and programing languages are JOKE.

Like ... just read Charles Miller write up on "defragmenting heap' from JavaScript with simple lopped allocations and loading code to memory with just a string and than making CPU jump using some simple overflow to run this code with all the privileges. This is SO FUCKING RIDICULES!

Sergey Solyanik said...

Honda vs. Jaguar comparison is very apt - both in terms of that market share and the price.

But there is one question I have about Jaguar owners - do they also turn every conversation to how Jaguar rocks, and H$nda sucks?

BadTux said...

Vista undeniably has greatly improved resistance to many common exploits, but at a price. I predicted, looking at the list of changes in deep core structures of Vista, that it would take three years before Vista was truly stable. My prediction sadly appears to have been true, SP2 will be released shortly to finish off the last of the issues that were caused by this massive change in how things are done at the kernel internals level. The good news is that now Vista is stable just as it is about to be replaced :-). Hopefully this means we can get some of those old Windows XP systems out of the workplace and out of people's homes all of which are a zombie infestation spreading enough penile enhancement spam for a legion of Rush Limbaughs.

It surprises me that MacOS does not incorporate some of the features that were mentioned such as the address space randomization and non-executable data areas, though. There is certainly nothing inherent in the Unix OS which prevents either of these from being done. Perhaps I've been spoiled by the fact that my prior employer sold a hardened Linux which turned off execution privileges on data areas and which used the built-in security features of the Linux kernel to drop privileges that were not needed for the applications we were running as well as turn on all the randomization features available to us. Add in a trick UnionFS setup where changes you thought you were making to the root filesystem were actually being made in a mirror filesystem not accessed by anything other than the particular application, and most exploits ended up going nowhere, which is exactly where you want them to go :-). That said, the typical Red Hat Enterprise Linux installation probably is no harder to write an exploit for than MacOS, so I suppose I should not be smug. The capabilities are there to be secure, but people do not use them, or do not know they are there, or Red Hat Software does not make it easy to access them, so they aren't used. It is the same old story, security is hard, so people do not do it :-(.