Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Mac Coming into Focus As Attack Target



 By: Lisa Vaas
2007-06-01
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Mac Coming into Focus As Attack Target
  2. ' 2 '

Rate This Article:
Poor Best
Mac Coming into Focus As Attack Target
( Page 1 of 2 )

News Analysis: There haven't been mass Mac exploits to date, but interest is growing, as evidenced by the quick turnout of exploit code for a recently disclosed vulnerability.Compared with Windows, the Macintosh platform is still largely untouched by vulnerability exploits. But the prompt release of exploit code for a vulnerability detailed in a May 24 set of updates shows that its catching up fast when it comes to grabbing the attention of exploit writers.

"It is very Microsoft. Its something weve grown to expect in Microsoft: The descriptions of patches lead people to write exploits for something thats been patched," said Rob Enderle, principal analyst for the Enderle Group. "It was only a matter of time before that kind of behavior hit [the Mac] platform. People are going after consumers, and theyre going after consumers broadly."

Security research company Immunity released the exploit code—which leveraged a buffer overflow vulnerability in the UPnP Internet Gateway Device Standardized Device Control code thats used to create port mappings on home NAT (Network Address Translation) gateways in the OS X mDNSResponder implementation—less than 24 hours after Apple had released a patch for it. Apple implements the protocol in its Bonjour technology to enable devices to automatically discover each other without users having to enter IP addresses or configure DNS servers.

The release of the exploit code for this flaw shows that interest in Mac vulnerabilities is high, analysts say. Thats not surprising; even though Macs arent used as broadly in businesses as Windows machines, plenty of consumers use them, Enderle said. Another factor that may be causing attackers to focus more on Macs is that Windows operating systems are getting "much [harder] to penetrate," he said. And to top it all off, Mac users constitute a "relatively lucrative demographic."

Resource Library:
"These arent bottom-feeding notebook buyers," he said. "In overall terms, their number is small. But its always been an attractive target, increasingly so since [Macs] lack secondary protections that Windows [users] enjoy [such as a rich selection of third-party security software], though the primary platform itself [has been] in many cases and still is more secure."

At any rate, as pointed out by Ray Wagner, an analyst at Gartner, nobody ever said OS X was impregnable. "Any large code base has vulnerabilities," he said.

So no, security analysts arent heading for the hills over the specter of attackers paying more attention to the Mac platform. Rich Mogull, another Gartner analyst, said that the buzz in the hacker underground is that "the bad guys are targeting Macs a little more [but] not enough to be worried about yet."

Besides, one has to question the motivations behind the release of Mac exploit code, Wagner said.

"Often the motivation is some kind of publicity," he said. "Recognizing vulnerabilities in OS X does have some cachet these days."

Still, many analysts would like Apple to get more serious about security.

"Apple is as much out of touch as Microsoft was half a decade ago," Enderle said, pointing to the fact that Apple has no chief security officer. "Everybody has to take security seriously. Theres no Switzerland when it comes to attacks. If you have something somebody wants theyre going to find a way to get it."

Why is the Mac platform more secure than Windows? Click here for David Morgensterns view.

Another thing that analysts fault is Apples lack of a solid patch process—one thats regularly scheduled, such as Microsofts Patch Tuesday or Oracles tri-monthly patch releases. "To date [Apple isnt] warning users much about problems and exposures," Enderle said. "[Its] kind of easing into this, not embracing a security ecosystem that lets people get ahead of the curve and take care of problems before they occur. … [It tackles] individual problems and [it thinks that] if it fixes a given problem it will go away."

Mogull credits Apple with being increasingly responsive with putting out patches, in spite of not having a process as formalized as Microsofts.

Still, he said, there are things Apple should be doing to its operating system that would help to secure it.

Next Page: Analysts want to see ASLR in the Mac OS.





  Reader Comments: Mac Coming into Focus As Attack Target
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}ks㶲*Q3皢H=m4%[X'ciƙVi)S$I٣d'['7n7%?&>wg6Fh4#ooD.0 :ܢdC3齿O$wmL9P[Ϡ^=WZj:@a5˜NzpDwd>J`OS{S )5'Ӡ6ޙ =/3mB}F7\3mgb^Q$Ё_ ¢%y#Rp֥qȏB;iEacoN g&4ob Q6#R*^b&{Bq<%;^7;F~L {.Y^Z∌,GZUX'[vb1BE8 wKA%˙8I@ؓIuh m5r'ӨRcb#9Qހ]ݱ&R,RE͌iAw4ԬkScG 7GCLH<~0[QM9$7 V\jRNxaO,ӇqtRpce[7G0ml_j| 4v9s8"sz3 wj%ؘEozcnhK Tw<-0;zt\a_dY33[~i ˇjP8.VKB~/^ߛiϿ7;z}BEQBۿ_H #Ko -'ijQ=vN{ـ\>/.ɣ NNֶ߈+Q\"*+Jxzg I%oJtXT Z, Ԏ$0L"J3zĢ(C$NdВL-AoA>CF,[SAVU衂Ġ`W:kԩ^tܜn.9n:MIs#)|v5 0\68jZz<-/x_fl M u4}Gʇ{Cw:|&޺xr9%9Io/0dio,Yn_H.żMa)(7F`XӀ7? iP2ZM8X@.@ש#07ۯrxxf-Mf "dh|]w)P3Z$923QÜ#ͶOCGs>h2胆6ml-ƹh$ ,70}Hg@zQI$wX8<sOv/|TaPn=J$ >6Zχ`j˦MfB9{ǻergm͠~(wMnHi>X^0{@`^@Z8`88ʼE ]qksB7}ŜiL L<ģ\~q C|'s\(L7^"{bA2 EEKi@( $h5N`r,lbo(?LHX)VpDm'8.3T/ڹ&,R,ЂW-Kᗄtfh(L=?꺾n1!G,D`v9r,L.Y O6JԭyRp|:IoB{<6u0 uUM MXb HK%\EwT-::ޟx=F~ h? OuG  +ZsξS : jI!VB!7OH wf@nmHݤ|r:#wTB~*)dzz#JC͸^`é3h{q#%Ag=U檳@d:[6[7˦EI8ʴ.R.Ui,a70Ԣ(`|M(" !tsqʹ,C /0k断,0!/Ȁ2n7$XsQ[ ҆|tku:.`Cϱȧ.點vo0]r 6*|>Jeǝ:~Ҧ ;BUjJb3}Ä끄_ƅ/Љc`{:[ CZ\Sa.IMip!jh>n GCd= 0ɉV*a0؋TMk <͝lļRF_AiXWʅĨ_$Q?{2,exY΁5mIr'j3 4]}ZJtM{ \jpf Rqqf~~i~R`X88l]7, 2q͝a&?@&R)Ö13gdimFǙXT&jAbPI}&Xk5F><}*O|qNx@ E .҈ ڀ. m"X`b H$*U `n*tVѱ(թ%6=,.JI:hdT{>S7Ϗ9(ghW9d*>GHZ+kP+Rj _=>2z4Ebwc:1оz,LH0u 0-dq])TkE}VW7{%|h#R @ j` Kx{ZCAm1۩Dw]܁c2P=H(Tg7gME]ac6U{zn&)Z-MӫU;4 OcIۛp|5]|j9s#OP MGF T,ۀ ^093F[H]-M:f2/cȣ#WTKHDO"+>A:T{7 s0X3f~ru5086 ([wO4vʭ_Lׂܱ -&oc d.ōfπïǖ2mCL zXZ`gOpTcHj;m%X`w*f΁ۇMBPr =cx864>s'Si mmKQ CzF;9&K!GTжU0Hz6.qLsP$Xv'MU"[WX HXٌJ_ kbT 4@DJ\SGV:N<͠1p FM41HNJb DuATn URXUʅ7O \ZE/ha~%36R-ܛ`,@N|K]T2wI$̸y0ŗ%K' o@@lXC-B5)7 u -r/鉚ƲR@3a YvHԚkEI= OM= hQˤ̓G\\7hg?"X7P)~31Ȕ:ɹT)j l[-W+c"]0`!`0T}QD( ,E~w9ـo9 |R)TU+ ePxp|{W !i*6ǷWXOdK!MWF@"'! M+73,`jbUܘ㯌&м~>Z+=NLп" }MX_Uv٩kcyó&m!'LGޏcﻛNkp~D*>]fsW~_HUtzGuPp> ﵲeϕ%<ZԹl9"c?\>^N͏.4oR=; J@F$=ĸڈ}dvjZ56|v> 72SH4|7Nys)}ڻ]zsٖ zW's=B nTH͋·#F_!zN/fS L k;d8) hdqH=^p@Wһn9`\Rh5c5I'“ EE׏7y4eZyy_aY[XHe`|C WktvcBXH\T dDӿh~Nle؋^s  m! D785S e,$+e3ғ2p&ڧ&' <"&9gxDw~mp/R~C<B</Mp<& ]l=8,rl%uF;DzdNlp l_tEcr4-K_w jEާ5PARB9kũ-pOӖO\gax!u-(q؁B;DQ2Ea~=m2첨v]$L<1GL)dJHs%E=)!I$28JU42eI?Md5㓘PVl Hɂ#'59ݻ<]~عm|d<OvIJh 鳁VK I<R̅0Of Ӯr/гO*Unf=z@:M{섧q?Kl82UT(sXsw{B s?ݡMO6r=ICo6FϴS>% zv`蹳 =}G-{ `C@'n` \>d_'h5dnlW،3DtQW% Lt/tױW, }qi#]Mg~]é3s=|R]RX=AK<8\F> {ԧ3ӆ5eq&wRɆKZVX(Nb6^,J=Pm~cۚ/8|x4rrDM"M.f ¯="~c1b7-x㙾HpZ5I˜fz7سe~)b6d^șʹgǶF勳Ig:;gtx ^_R0 MLQ)E}69{ }d斜Lx''f#sN Hˢ,d'1oCErq^y עi|аϋY cn200DfQ/@yמĹ)f09j!qStdR6K]jGaѴXڼA!~#] XF dk;NN'ZAA֕jӫ3ݚ̓7bo9 $e (.#dH%gve*2MY`JA4R|";xy9@T,r~byKzc0D0x#~g)"r =MqZ䘿 !vzc7 -ozIQ$m]YEV, NUtꁵ3} K{m!AԎ4 j q؈)Gc %' UwQUٖFQ#/`5tDz aK@;Nhi-M߹^ 4p`I0KQa#DĖnlWo'JTؚJϮ>4:z o`H8b_bGU'GyǃD (h-;Q<Zx]*Sx*G(ڶ[~.Mj L)R֠3pDS͖Z ՂBjaǡɈr[jU峢%an._ےZHM$[Al,t@d-C:"RZ+{eDT$j7v\DNElWD͑|s-XU1ˉH/!B"ҫ gCҊ7YUDV,Mcý+ĭߜߜߜߜ/PUE|7M0CL0F@EPKH@aH/]ULLT*-|I)*ʲjxie9Xb})52*~X_Rx.x{:O%a>SK'ҹ?*Ri0oqAg 8j%6b',* y10aP߿|n$y<^~uK+cq[tLefX }I=qX?%<c3XD"HK<3ۭ[ԘP]Q<E <+G%U=Xc= SxObb m=J IT cW"m[8 i\)] `jRl[eLL.PZt6ΣHc-rtiHWY| %T*R_R[(Ss} 3}*aye/aaySG$jH)_ 1 v>`73CcL_- J#l>3 pK>cM|Q›`qA# [2Lgg]HM~2uST-)jmG 3 4K| cRhvp#Q;~_!e烵]ɣo????_Ak u?#}2F)K]ZHhtEע`bI-Ӡj$v%+^LD8$-AH5ʺuw\hy]nUaSv냁<@ m_SЮ: =A! A((:PSa7v}P;\161"иKB130EO^l?hێmͯfSDz4ȝ(G_0xd`{F4CQNx3 8+ ]L_ ]<#j"#*;=SXH I^j+D+(^yMb!&#$k{$#t!}2@cwJ쑼7  jE.M#il*>6[N@GPzn,{o46z|2O͑&]9 IB?͓ D$@fEĀy~6ᒻ#6z& #Ar~ɥ~X]eP<g g /j9 uZCY ϖ7cX\~qe j\W{q/߁t<^IEN 1A(Cm`$$;1LHJ~P}Aͽ=V42 nY[`cXkE90m5mYޣ3玮d]{URjj&&w;Mܝ9[%=zG©وj|ubC$4F87?S*,⌱fnm$%s&VI4P7$DVГw5z`{psƛ5O`z_Kݪ_xģyte^BT 'Ki>i-Wb1E+l@.]h }LӍg{®oE4i&ݝR^Y~ũ߳yxH]?<(e,7 hZP_7,%\k>1m!o A2@~X PAft~DY)˄=M])*a ?B~7긯L7v.F aL\LQXcL8UE0{1駠T#1AoW<5bѥ= h=6s _lO4=N+=5tݖUxul?̆GX*t`q+ ⫉P؆)R^/0߻s{YV^݀96YlnIΜDmx6-Sý^ -gw~9~K:hO1V׆>?d3+nіmmy.G4K,2;4]slS;  :Iߥ`߷b~u9rlF%rz WbF+ .o3մN {;OeLwN(<İ2$ ƈ[ RU&wܠ~z*ڟOeh^f{B/j8 5 oLUP8AnK]ʹXr>xN !'& )<]Сܛ ꁢߒMq4<ڀkE~E:xdJ6ȝ>B&s'?W9\v! CRY `Oi$~b ɳ2vFf.BT0 0!`NmA\M=aC_8s&FC^Oį6aj >aV[t؀ (]Af!&n(/p٥OV<?qarnho9gH0 r ݖחa9՝ chT`sj(d5B&t857>|?_YJ0% aArKۈX 9S"`" aں5g1y}$d2 \16Faŷ~(l8*wxc||>8+0/ (Z`F(aWE@O,,(Ϗpk*%n67PFͭ03L\Xej xpX<6swe~rt6L"棙`~\oNի |{#@us{sΥIEVzxN]ƒ $B1Ӝh1A2_7=}c?ݩ2{xCbwT IhR tX(r!xW`NJRN/|.OO&jYݬ(e/co\iBR, ?$5G쌆xɺk$:j,\yuuI]ۤzݹtz}ѻU֚_ԝ^iY}uݹgRd&E`<eJf9ũi_,jO4WdȀW.}V X\m/ţ0? .E_CTĨҋci?fzz uWr :xq3/_M:FyS /uR_*GM& Ip4ħEt@z\#4[EEFPsFPkF5_o.?m63{P(GJl.oZS(?\~97wrN+2ʡsQd~s?3\~/2kt3 f Y v? ta݌w>f'e/?As(?(# ݌rˌKˌA{eȟȗ^|ʠ+x*k  2o # 埲a|2 )7P~U{A7MF7@7ug+\8=r ds z)W@^d_~*%YF!gȳJ3Vڍ^V`{J1g+~W kJ+ťW 7YKxUy%k{F1nvd bCa 5KPe^ۛT#GP npKxEó#"htoĶ.b!Iy=0?$Mu{2پWߕ\*ܲ}:QOkXE)9K8GX%Üf1'x* %ܻ Gz‰nQ2L~4̊lOApt_Ew9MAw0[Wa\zP[ԙqebޢD)Fy5b8Vj?f>x|fOvHy1j~h|V/O 8uߜ:RNw ߽,R+tAc,~q)N_Bhع>vM)5ZȪQJ#{0 K#:ԌΓIΝJIUKJ~+jZ'\#5("CQaFUV rF.'aT,.g /(@#غ̷|'C3<8iRq x+k&.M45~ɉdL(1 kEF(t#Bw*KYN/Ǧ a4:XVX#e u EݩcE\cͅx{p_Via?>N@3`b K,H :BVZ`{MgY{6DOn fiy] ,pd+A{gٺ*عiUhHm;:h2֭0kc'p' !MX⽍> ;:γA\WC ⁜2ћ[ԘPa$(+nOvD'>6كl4hM@(D 0F-9D/7a{~ r@b]lO&\fn[Y}"sE%X,8/# uf㿶ƝMQh| 9,Bux [] E peӵx2 WV|JRX}P/(W:OOgsZ %nH_Hv›*w} X^c 0,:09EE6<=܈x{ͺŘg 3HTxX?l׉Q#iHWTFE®,:u` {];<{.*kW؁nl`TLxq;s[_08V0|6,lp/>CwϏq` 3[u~Zg[8K cd.XI@ qk,(Ma4,Lb5 "[]QI(fvX3e3},@a)5ZBO PoO80Ux|-h\};M_\9/8LgѼ:"?X9<d'KWܱ0^5El݁*Ԉp>8ZS|ڻ]`[^zVju.?$+}={T7v r9Fͳp7*Р~oQWԊZMĽFv3HZ\֓BV^۽wߺ"f/F ۲M) i29Z{) q֫"mxTɉY+z[;6Nw6ЄM b7;i1Բ`B*