What is Digg?102 Comments
- blixel, on 10/12/2007, -0/+4Headline for this digg submission is misleading.
This guy is basically saying he'll pay $500 to anyone that can prove an exploit has already happened. But he's not willing to pay someone $500 if they discover a new vulnerability and exploit it?
From his blog: "I will only offer this bounty once, and as you can see, the deadline for the viruses to have done their dirty work is in the past. So, if you're planning to write a new virus just to win the challenge, well... that won't work unless you also make a time machine."
That doesn't instill much faith in the product. He's just banking on the hope that nobody has bothered writing an exploit up to this point.
Don't get me wrong - I don't have anything against OSX. (I own an iBook. Though I prefer using my PC with Gentoo for all my normal stuff. The iBook is a nice piece of portable computing hardware though.) But I think his challenge is kind of flawed. - jacobvance, on 10/12/2007, -0/+2Wow. Good job reading the story, guys...
- dcharti, on 10/12/2007, -0/+2Too bad mdweezer didn't actually read Wil Shipley's post, which I actually just went and did. He isn't offering the $$ for someone who WRITES the virus; he's offering it if someone can prove that OS X's been infected, there's a difference. He isn't inciting some coder to start going at it, he's trying to find definitive proof that OS X (not say, Microsoft Crap™) has been infected.
- xofc, on 10/12/2007, -1/+2Wow. I'd say about 10% of the people who commented on this actually read the article. Awesome.
- PCGUY112887, on 10/12/2007, -1/+2Actually this is a good idea for any OS. Say Bill Gates offered $1000 to anyone who found a new hole in Windows, kept it secret and filled out the correct layout for reporting the exploit and turned it in. If it was reviewed and deemed as a real security issue, it could be fixed and Windows would be 1 step safer.
- inactive, on 10/12/2007, -0/+1whoever submitted this kinda distorted what it REALLY is...it is not WRITING a virus...it is proving someone has had one.
- mdweezer, on 10/12/2007, -0/+1My guess the goal is to get a root shell.
- mushroom, on 10/12/2007, -0/+1http://www.insecure.org/sploits_mac.html
http://www.frsirt.com/exploits/20050322.xosx-cf.c.php
http://translate.google.com/translate?hl=en&sl=de&u=http://www.i-eye.net/exploits/Apple.php&prev=/search%3Fq%3Dapple%2Bexploit%26hl%3Den%26lr%3D
http://www.eweek.com/article2/0,1895,1761834,00.asp
http://www.wired.com/news/mac/0,2125,63528,00.html
http://www.webdesignsnow.com/news/051005c.html - jediboytj, on 10/12/2007, -1/+2berean... I think you have this topic confused with Windows.
anyway, Its not necessarly flawed, he just wants someone to show him a Mac OS X virus that replicates itself, and gets down into the os x base system to wreck havoc, all without the user knowing what happened, or knowing how it happened. He just wants to prove a point about how people call OSX "MOSTLY virus free", when it is (depending on the results of this investigation), basically fully virus free. now, he is not saying that someone CANT write a virus, he just wants to prove that no one HAS written a virus for the mac. simple as that - giant.robot, on 10/12/2007, -0/+1Digg: Misleading article titles and insipid comments.
Wil's argument is that journalists tend to say Macs are "mostly virus free". He uses a very good analogy, if a reporter asked if you (Bob Smith) had herpes and you said that you absolutely did not and the next day you see "Bob Smith is mostly herpes free" you'd be pissed. Mac fans tend to get equally pissed when they see "Macs mostly virus free" when there's been no reports of viruses on OSX actually infecting anyone or doing any damage. This isn't to say it is impossible and Wil isn't challenging anyone to write a Mac virus. He's offering a reward to anyone that shows that someone has been infected by a Mac virus prior to 9/20/05.
Mac users tend to be a bit smug about viruses and such because in almost twenty two years there's only ever been a few dozen viruses written for Macs and with none of those actually infecting people running OSX. Only a handful of Mac users rub it in anyone's face though. The rest are just content that they can use their computers without having to reformat it every four months or do daily virus scans. Macs aren't perfect by any means but on the whole they're far more secure than the typical Windows PC. If you take the time to lock down Windows it can be fairly secure but you need to know what you're doing.
Hating on Macs because of some sort of irrational bias is old and childish. I dislike using Windows because I think it's got a boneheaded design philosophy. That doesn't stop me from appreciating the fact it's a capable OS and does have some good engineering in it. I don't like using it personally but I know why some people do. - Shish, on 10/12/2007, -0/+0Does the base install include user?
- zamolx3, on 10/12/2007, -0/+0giant.robot, do you have some suggestions on how to lock down Windows?
I (and probably others) would be very interested in this. - greatdevourer, on 10/12/2007, -0/+0Oh dear... not another one...
People have tried. There was one a few years ago from UGMPT. It was... ish. The problem was that it required an admin password both to be installed and to do anything, as keychain requires user-intevention (well, for another app to access it first time), NetINFO needs an admin password... you can't do much to the system without an admin password. I'm not saying it's impregnable, but writing a virus is gonna be pretty hard to get working - moisie, on 10/12/2007, -0/+0The whole point of the article and contest is to prove that OS X is currently virus free as opposed to "mostly virus free" or any similar cop out description which gets used by a lot of the media. It's not being disputed that something will eventually be written to exploit it but it hasn't yet. It's an interesting piece.
- tanveer, on 10/12/2007, -0/+0"@mdweezer: those are some of the worst ideas I've ever heard. If you require people to digg X amount of stories... They'll digg the first X stories they see. If you require people to submit X amount of stories... They'll submit X stories.
"I will only offer this bounty once, and as you can see, the deadline for the viruses to have done their dirty work is in the past."
Also you don't have very good reading comprehension skills for someone with 8 stories on the frontpage. Maybe because it has nothing to do with it?"
posted by aneeley (0).
I second that. - .Steven, on 10/12/2007, -0/+0Virus or Worm?
Becaase you could just write some code that moves your mouse pointer around... done Virus. - ketsugi, on 10/12/2007, -0/+0@aneeley: well, not that new, but I would've thought that I wouldn't be the first to point that out. Maybe I'm the only one anal enough to bother. Oh well.
- a_greer, on 10/12/2007, -1/+1I am sure the pricks that run the antivirus companies would gladly pay 100 times that for a working mac virus and 1000 times that for a self propagating worm.
- adamcurtis, on 10/12/2007, -1/+1I had my iBook a little less than a year and I never turned it off and it never crashed once. But there are exploits happening all over the place for OS X, they are just not as widely used as those for Windows.
- bigred, on 10/12/2007, -1/+1Will $500 cover bail these days?
- Magallanes, on 10/12/2007, -0/+0giving only $500 for a new virus is the easy way to reach the conclusion of "osx is virus free".
- Rndm_Tngnt, on 10/12/2007, -1/+1Why is that funny, Oreos? Computers crash all the time.
- inactive, on 10/12/2007, -0/+0The premise of this reminds me of the "Hack IIS 5.0/6.0 and win an xbox" contests. As stated before, even if Apple had a larger market share, good 0-days are worth thousands.
--
http://3couleurs.blogspot.com - mdweezer, on 10/12/2007, -1/+1Gab00n: "The challenge ends at 23:59:00, October 16, 2005"
RTFA.
Thanks. - ketsugi, on 10/12/2007, -0/+0Nobody seems to have noticed that his post states that he is merely considering this idea and has not yet actually offered the bounty?
- AaronD12, on 10/12/2007, -0/+0I wonder if this includes social engineering?
- Vincenze, on 10/12/2007, -0/+0"I'll do it for a case of beer!"
- FRAGaLOT, on 10/12/2007, -0/+0Wait a sec.. there already WAS a virus found on OSX about 2 years ago or so. Why does he want proof of something that's already happened?
And the thing is. The only reason there are so few trojans, viruses and other mal-ware for OSX is because it's not as large of a target as Windows' market share is. An OSX virus wouldn't cause as much collateral damage. Spyware on OSX wouldn't be in the face of as many people.
But that may change considering the increase use of unix and Linux which OSX is based on. - Seaton, on 10/12/2007, -0/+0"Best way to lock down windows is to simply leave the computer unplugged from the wall... Just pretend it's on... You won't get any viruses or spyware that way"
I think some Mac users are simply amazed at the fact that PC users are actually able to post Digg comments. I mean, with my PC constantly flooded with viruses and malware, it's amazing I can even turn the thing on without something exploding.
What I can't believe is when you buy a computer from an Apple Retail Store, the employees take great delight in pointing out that every Apple computer is immune to any and all viruses or spyware. This sort of complacency is scary. I scan my PC at least once a week for viruses and spyware. Even though I use common sense and my computer has never been infected, I still run the scans religiously.
I have seen Macs infected with a virus before (CDEF). It just seems the Mac viruses were not as malicious as their PC counterparts. OSX users could have a virus on their computers right now, but because they were told they were immune, they aren't actively looking for an infection.
A virus is only a virus when it has been discovered and then detected. In other words, when it is identified as such. Up until that point it is simply an application or process running on your computer without your knowledge. - mdweezer, on 10/12/2007, -0/+0Insecure link - Those exploits look like they either all attack specific software and if not software it's OS9 or so (all are pre year 2000)
frsirt - This is a local attack, not a remote attack like he was looking for.
Translated page contains all old exploits.
eWeeek article - Current patched version of OSX is 10.4.x, article states it's for 10.0.0 through 10.3.7.
Wired - Again, attacks through a running webserver and not the OS. Apache does not run by default in a stock system...
Webdesignnow - The user must assist in the attack. This is just like spyware... Plus this was fixed in a recent patch...
The key focus of this attack is the OS and not software. Think of it as attacking UPnP on a XP box; something native to the OS and enabled by default that isn't a 3rd party app.
Nice try and interesting reading though. - Jyakku, on 10/12/2007, -0/+0I think it should be made clear one more time that
THE DEADLINE FOR THE VIRUS IS IN THE PAST (Sept 20)
This "contest" does not intend to encourage people to write new viruses because you can't win with a new virus. - cessax, on 10/12/2007, -0/+0btw, this guy said the virus had to have already existed prior to him writing the article, meaning, you're not gonna get paid to make a virus unless it was made before 9/20/05. people always takin thing outta context...
- macattacks10, on 10/12/2007, -1/+1I don't think it has to do with the audience totally. I am sure there are lots of people that want to stick it to Apple heads and show them they aren't invincible. While we aren't, no one has created anything, even with many proof of concepts, I am surprised one person hasn't jumped on one of those concepts and created anything. All the most serious holes are still very hard to spread around, even if everyone was a Mac user.
- pixelmatrix, on 10/12/2007, -0/+0arent viruses illegal anyway?
- Jyakku, on 10/12/2007, -0/+0This "contest" is just to prove once and for all that at least RIGHT NOW there are ZERO VIRUSES for OS X. I am really sick of reading pundits saying things like "mostly virus free" when the actuality is "Completely Virus Free".
Also a lot of windoze users don't even know that there are ZERO viruses and Malware for OS X. This is a HUGE benefit and hopefully this contest will get the word out. Macs Rock! They are easy to use, fun to use, and they have no viruses. - belcorriko, on 10/12/2007, -0/+0Best way to lock down windows is to simply leave the computer unplugged from the wall... Just pretend it's on... You won't get any viruses or spyware that way
- giant.robot, on 10/12/2007, -0/+0@zamolx3
Securing Windows involves a lot of work. Before even connecting it to the internet you need to disable damn near every service running on it. Most will throw up warnings but very few are actually needed to run. Search Digg for a links to lists of Windows services and what they do IIRC there was a link recently on how to run Windows with no services. Also before connecting to the net you need to enable the built-in firewall that came with Windows 2000 and up. Once connected you need to hit up Windows Update and make sure everything is up to date. Running as the default user doesn't do you much good because you're essentially root. You need to make basic or power users for day to day tasks and leave an Admin account for actually installing/removing software and the like. If software requires admin access to run it's poorly designed or built and should be ditched for a properly designed competitor. Once you've taken those basic steps use Firefox and Thunderbird over Microsoft's offerings. Doing all of this will keep you safe from a good portion of infection vectors. A hardware firewall and malware scanners don't hurt either.
Securing a Mac involves...turning it on. There's no network services enabled by default and the built-in web browser and mail client will not arbitrarily execute downloaded programs or scripts. If you want a little more security activate the built-in firewall and enable Stealth mode.
What some Mac haters can't seem to fathom is Mac users tend to get smug because despite OSX's popularity with the press and general computer industry mindshare there's still no viruses on it. There's no stories about Mac using organizations being crippled because someone plugged their laptop in behind the firewall and every machine on the network got infected by whatever the laptop had. There's increasing numbers of companies ditching Windows for Macs or Linux PCs because of inherent and some would say ridiculous security problems in Windows. Even if Macs were as popular as Windows PCs there would be a fraction of the viruses and worms for Macs than there would be for Windows. Windows is not insecure because it is popular, the effect of its problems are simply widespread because it is popular. - anagami, on 07/02/2008, -0/+0"Well i'm all for some good ol fashioned mac hating, but that's going too far. Why spoil something that has been good so far? Is it to shut up the mac fanboys? I just don't think exposing vulnerabilities (without notifying apple to fix them) will get us anywhere. If someone wants to shut them up, fix what problems windows has, and then you've fixed the problem entirely."
Are you really using Windows? - McZiggz, on 10/12/2007, -0/+0HAHA!
Berean has no idea what he's talking about! :-P - mushroom, on 10/12/2007, -0/+0@mdweezer I'm saying it just a matter of time if i was a mac user i would watch what i do.
I will be the first to say Apple has been good with patches but how long can this last with more ppl getting macs now in days it will come - cessax, on 10/12/2007, -0/+0ps - people always posting the same comments, before they read the other comments (like me lol)
- wastern, on 10/12/2007, -1/+0there was already a place that offered $25,000 and no one came through. what makes him think $500 will produce a better pool of writers
there was also $50,000 offered on the BSD operating system (what OS X is based in), and again there was nothing that came of it - inactive, on 10/12/2007, -1/+0$500 whole dollars? Wow how generous.
- TheNik, on 10/12/2007, -1/+0If I can write a virus for Nix, can someone give me money?
- mushroom, on 10/12/2007, -1/+0"i would like to see someone actually produce a virus and mass spread it.. infecting many OS X users... i believe that will almost never happen..."
It will happen and it will put Apple out of the game so many Mac user think they cant get a virus and when it comes i cant wait - OreosRgood4me, on 10/12/2007, -3/+2Hehe, a G5 crashed on me today in the Apple store.
I had a good laugh. - caffeinated, on 10/12/2007, -1/+0The premise of this reminds me of the "Hack IIS 5.0/6.0 and win an xbox" contests. As stated before, even if Apple had a larger market share, good 0-days are worth thousands.
- mdweezer, on 10/12/2007, -1/+0RTFA - It says "to the first person".
Aka get moving - inactive, on 10/12/2007, -1/+0> RTFA - It says "to the first person".
Not only that, but it's only $500. While that may seem pretty attractive to somebody in, say, the Philippines or Thailand or china, keep in mind just how Mac cost. Nobody in the third world who would be attracted to a $500 prize and who lacks the situational advantage of being able to say, "I can make more money doing positive, productive work; why would I even want to do this", has a firkin mac anyway. - Linuxrocks, on 10/12/2007, -1/+0Apple fanboys think their OS is impenetrable, any software is hackable.
-
Show 51 - 92 of 92 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is