Security optimize

Apple could become rich target for hacktivists

The AntiSec hacking group gained access and published user names and passwords for an Apple server this week. How will Apple lock down rich targets like iTunes and iCloud?

While many of us were eating hot dogs and shooting off fireworks over the Fourth of July weekend (in the U.S., that is), security crackers of the "hacktivist" variety -- possibly including members of Anonymous and the supposedly defunct LulzSec -- were busy making forays into Apple security. As Larry Dignan reported for CNET News, a document released by the AntiSec "group" published user names and passwords for an Apple server.

While this list was relatively benign, it could be the first shot over the bow, signaling future interest in Apple's juicy iTunes and iCloud databases:

Hackers apparently are too "busy elsewhere" to mess with Apple, but that doesn't mean the company is bulletproof. One trigger--something that may annoy hackers--could set off a larger attack.

What could Apple do to set off a war with hacktivists? It's anyone's guess. Chad Perrin's post this week, "How do you protect yourself from hacktivist groups?" considers that question from the standpoint of organizations that become targets based on their perceived behavior by hacktivist groups.

How confident are you that Apple will remain impervious to security-cracking threats from these hacking groups?

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

22 comments
MacNewton
MacNewton

I think it's a very cute little app! Sometime when I get some free time, I'll click on the little Win7/ Parallels icon on my dock and run it just for fun! Yes, Sir, it's just a "App" for a lot of Mac users. Back to the main subject, does anyone have any real understanding on how iCloud is going to work, or is everyone just guessing! No one has the facts yet!

sharpear
sharpear

@Gr8music - I can just picture the guy with the 10' pole poking the MAC guy as his 1 minor annoyance to PCs thousands of issues. I also love how everyone uses LULZsec like they where the starting point of hacking (you will see plenty of copycats when something goes public). My next thing is besides being able to register your computer to their itunes account, and download music if they have a preloaded card or a left over funds, what are you going to do? Find an address and the last 4 of their CC if they even put one on file? Download all their already purchased music and hope you find a way to get past the Data Protection for when their Password changes and Apple corrects the false purchases? That is why so many places are coming out with Gift cards, so your not actually sharing personal information over the internet. Xbox though I can pull up your entire CC number because not only is it saved on the console, but it also is stored on MS servers. Idk about the rest of you, but fixing my Mac is cake walk. Insert CD, hold down shift to disable all add-ons. Restore, and I am done in 15-30 mins tops. I don't loose any of my Apps or data. Windows I spend that same 15-30 mins just loading the recovery screen, and another 10 mins to attempt a windows repair, which fails and wants to send data to MS. Then turns into wiping the HD and fresh install windows again. Then I spend time installing all my programs. With loss of some data. No PC is secure, or have you forgotten what the World Wide Web was created for. Sharing Data with others all over the world. If your still feeling scared cut the ethernet on the back and dont use the internet. These companies that you buy software from are all monitoring your system (some more than others). Pulling where you go, what applications you use the most, what you search for in google, etc. They then take this data and sell it or use it to sell spam and ad space to other companies. If there was a way to remove all the spyware and Adware on my PC I would be very happy. My Windows box spends way too much of my resources, to send data to Intel, MS, AV, Adobe, etc. My phone is constantly communicating with Google, and any 3rd party software that is installed can also pull the same data. My Mac sits content to only do what I want it to do, only every verifying during install that it's legit copy (It does some checking for updates about once a week, but not as bad as sending data every day). If your still worried about Security I suggest getting a file cabinet and pen and paper to secure your data from everything but a physical intrusion. Not only that, but they will not be able to find what they are looking for conviently as everyone has a different filing system compared to a PC or MAC standard.

markholland
markholland like.author.displayName 1 Like

Actually it sits waiting to do only what Apple wants it to do. Don't be naive.

Vulpinemac
Vulpinemac

... since the Mac is content to do whatever the user wants it to and not some anonymous third party who has taken over that Windows machine. What is a few tens of thousands of Macs infected compared to the hundreds of millions of Windows machines infected? What is 0.002% of Macs infected compared to over 30% of Windows machines sitting out there with active infections? I don't care how you look at it, Windows is still the most hazardous operating system for the user than OS X. Sure, this can change, but it will be a long time before OS X malware comes close to matching the amount of Windows malware.

Vulpinemac
Vulpinemac

More arrogance comes from the Window-using community than Mac users; they've lived so long with the dominant OS that they can't imagine anything could be equal, much less better. They're so used to dealing with scheduled maintenance routines that they can't conceive of an OS that doesn't need to be tweaked constantly as having the power and capability to match their favored OS for raw computing power. No, the superiority complex belongs to the Windows community. Here's the difference: Apple started with its original MacOS back in 1984. Over the years the OS grew and improved in power and capability but, believe it or not, they also saw a number of viruses and other issues that they had to patch, plug and bypass. After over 15 years the MacOS was becoming rather bloated and unwieldy. The interesting thing is that Steve Jobs recognized this fairly early on and had already devised a solution -- build a new Mac OS on the old UNIX kernel. By the time he returned to Apple, he'd already been selling (albeit minimally) PCs carrying his NeXt OS. In 2001 Apple abandoned its old MacOS and released OS X. Now, ten years later, Apple has yet to see a truly viable virus or worm and every successful malware so far has had to rely on the human element to enter an OS X machine. Microsoft, however, has not recognized that in order to secure their OS they're going to need to so significantly change it that it bears almost no relationship with its legacy OS. Windows still sits on top of the old DOS kernel and is simply so full of patches and plugs that the OS is almost twice the size of OS X. Yes, Windows 7 is a great improvement--I use it myself--but that doesn't mean that it doesn't still have 15- and 20-year-old code that can be exploited. Earlier this year, in fact, one of the most interesting patches covered a Windows 95 vulnerability that MS claimed a hacker couldn't reach anyway but that they were adding another layer of protection over it just to be sure. That's like patching a nail hole in your tire without removing the nail. Is this really such a superior OS when you have to cover a hole in an obsolete version just to protect the newer? No, the "false sense of security" seems to be with those who literally have to use AV applications because they have something they can see working and have control of how and when to scan their computers while real security is knowing you don't need that AV but use it as an early-warning system. Imagine if the US installed the Cold War Era DEW Line radar network but left so many gaps that Soviet bombers overflew the continental US with impunity. The population would believe they were secure, but would soon wonder why fighter jets were being launched from places like Kansas or Utah to intercept those Soviet bombers. In many ways, Windows AVs are like that DEW line. The problem is Microsoft is still having to send up those fighter jets to shoot down the bombers that get through with its Malicious Software Removal Tool. This isn't to say Apple isn't doing something similar, but those jets aren't getting launched nearly as often.

BlazingEagle
BlazingEagle

Macs might be ???more secure??? than computers running Windows, but Windows is also a massive target compared to Macs because obviously Windows has a much bigger user base. Windows would be a juicer target than Macs even if a Windows had uber security. The arrogance & naivete coupled with the superiority complex attitude of Mac users is a troublesome mixture. Macs MIGHT truly be more secure than Windows but Macs aren???t impervious. Nothing is impervious. Apples air of puffed up superiority gives its users a false sense of security. This false sense of security is an invitation for trouble.

aflynnhpg
aflynnhpg

To the author, Your question:"How confident are you that Apple will remain impervious to security-cracking threats..." appears to be a logical fallicy. Please refer to the article "Apple Tops Secunia Vulnerability Ranking" found here: http://www.securitygeneration.com/security/apple-tops-secunia-vulnerability-ranking/ It seems the conclusion contained in your question is factually innacurate. Apple is not impervious.

Vulpinemac
Vulpinemac

... but I will say 'resistant.' For whatever reason you choose, as yet OS X hasn't fallen to any public attack that hasn't required user intervention to install itself. I'm sick and tired of zealots crowing about how the Mac always falls first at the Pwn-2-Own competition when it has never fallen to an attack in the wild the same way while Windows is still the one that sees the majority of successful attacks year in and year out. No, no machine is impervious, but for whatever reason, OS X is still proving to be the most resistant.

rvgammill
rvgammill like.author.displayName like.author.displayName 2 Like

MS gets attacked because it is ubiquitous. Mac has always just been the small fry art crowd sipping one cognac in the jazz bar all night long with the big head and the beret. Maybe Anonymous (political hackers) want in, but maybe it is the real Blackhats who 'go for the plunder' who are attacking MacTopia. After all, there is a lot of booty in MacShip's holds, and no security, and so many little bereted fish now out there with their wide open media player iPhones, linked right to the server with automatic payments just waiting so they can auto download a song for 99 cents. "There's no business like Show Business..." PS I still like my TP2 Windows Mobile phone better, anyway. It just does so much more...

Gr8Music
Gr8Music like.author.displayName 1 Like

... security-cracking threats from these hacking groups? Come on now - what kinda' dumb-ass question is this! No one is "impervious" and its that type of inflammatory statement (to us Mac owners) that keeps this misnomer going. And I think it would be even funnier if Mac was in a room with one "bad guy" pokig him with a 10' pole, talking to PC in a room with unlimited bad guys shooting them video game style yet they're instantly replaced. I crack myself up!!!

Slayer_
Slayer_ like.author.displayName like.author.displayName like.author.displayName like.author.displayName like.author.displayName 5 Like

Mac vs PC. A scene with our Mac fella standing outside his house with a cell phone, people are running in and out of his house carrying the TV, couches, etc. Mac calls PC and says "Hey man, I need your help" Cut to a scene with PC using a computer in his office, surrounded by agents in black suits. PC Replies "Sorry man, I got too much work to do" Mac Replies "So do I, but but hackers are stealing everything!" PC Replies "I'm sorry, maybe you should get yourself some anti virus and anti malware agents" Mac falls to the ground sad. Cut to white screen with text "PC's, at least we don't hide how insecure we are."

AnsuGisalas
AnsuGisalas like.author.displayName like.author.displayName 2 Like

that last phrase inspires: Mac guy goes into a public lavatory to pee, standing between huge leatherclad bikers at the urinals. When the bikers take a peek, they find an iPad conveniently obscures view Mac guy's junk. PC guy, in the meanwhile slips into a booth to pee. ..."PC's, at least we don't hide how insecure we are."

Slayer_
Slayer_

This could be a good thread if others come up with more :)

loidab
loidab like.author.displayName like.author.displayName 2 Like

I think that they were testing to see the reaction by Apple and the media. Apple's wants everyone to believe they are secure when in reality they are not. The hacker groups are merely pointing that out. http://bit.ly/dI3hcF

Romaboy
Romaboy

Macs aren't secure, just more secure.

Slayer_
Slayer_ like.author.displayName 1 Like

The common Mac user browses the web naked. That's not very secure.

Vulpinemac
Vulpinemac

Most of my clients are retired and use their computers for chatting back and forth across the state and across the country (ex-military group that holds annual reunions) which means they also swap photos, jokes, video clips and other things.) Those folks have to be hand-guided through every little issue. Fortunately the SMBs I work with are better. That said, I get paid reasonably well for my time and usually keep them running bug free until they click on the wrong link. You won't believe the hoops I had to jump through on last week's issue (then again, maybe you would.) I always warn my clients about watching what they click and entering personal information and so far nobody has had any financial difficulties online. However, one client currently refuses to upgrade from WinXP until she has to replace her machine despite the fact that Microsoft isn't sending updates any more. To her, the lack of updates is an advantage because she doesn't have to put up with the approval processes (I know, I could have made it automatic, but I wanted her to be aware of each update.) You're right, most personal users don't have that luxury, but that's one of the services I provide and I get paid for it.

Slayer_
Slayer_ like.author.displayName 1 Like

Most personal users don't have that luxury, incidentally, these are the same users that enter their credit card information into those ebay emails. On the flip side, the majority of users on Windows PC's know they need some sort of virus protection, even if they understand nothing beyond that and gleefully enter their credit card information into those ebay emails.

Vulpinemac
Vulpinemac

The answer is "Yes", I administer their personal machines and yes I have AV software on their Macs and their PCs. Interestingly, their Macs have never been compromised but just this past week one of my clients had her PC pwned by a trojan horse that forced me to use a boot disk to disable it and get her machine running well enough to run additional scans. What's interesting to me now is that some of these trojans seem to be reverting to the old 'disrupt usage for bragging rights' paradigm than the more recent and subtle 'identity theft' process that has been so dominant. My point is that for whatever reason, be it lack of interest, too small a user base or simply a more secure system, Macs still aren't seeing as many viable attacks and for at least the last ten years the only successful malware has relied on the user to infect their machines while drive-by attacks still hit Windows regularly.

Slayer_
Slayer_ like.author.displayName 1 Like

Do your clients have you administer their personal machines? Apple spends a lot of money advertising that their system is secure.

Vulpinemac
Vulpinemac

Everybody here knows I'm a Mac user from WAY back, and I use security software on my machines, as do my clients.