Operating systems optimize

Black Hat 2011 update: Macs in the crosshairs, Kaminsky on BitCoin

Deb Shinder reports on two of the sessions from Black Hat 2011 -- insecure default settings in Mac OS X and Dan Kaminsky on online payment systems, including BitCoin.

The first day of BlackHat was a long and hectic one, and the biggest dilemma for anyone in attendance was choosing between all the interesting sessions that were going on at the same time.

Windows and Mac OS X

As I mentioned in this week's Microsoft InSights blog, this year's conference shows an ever-widening diversity of operating system focus. Whereas Windows vulnerabilities were once center stage, this year we have talks about hacking Mac iOS, Android, Google Chrome, etc. One of the first talks to kick off the morning was titled "Macs in the age of the APT," presented by Alex Stamos, Aaron Grattafiori, and Tom Daniels. APT, of course, stands for Advanced Persistent Threat. The talk compared Mac OS X to Windows and concluded that the default settings in OS X can allow easier hacking, and it's time for businesses that use Macs to get just as serious about security on those systems as they are with their Windows machines.

Dan Kaminsky on BitCoin and N00ter

Another interesting presentation came right after lunch in the form of Dan Kaminsky's "Black Ops of TCP/IP." Expectations were high, given Kaminsky's well-known revelations several years back about the vulnerability of DNS, on which the Internet relies for name resolution. The ongoing results of that crusade were evident at this year's conference, with founder Jeff Moss discussing the importance of DNSSec and signing your zones in his opening remarks on Wednesday.

This time, Kaminsky demonstrated the dangers of using online payment systems, in particular BitCoin, and showed how details of a transaction can be revealed with available tools. He also talked about the security -- or, rather the lack thereof -- of the typical home router/firewall, and showed how hackers can open up ports remotely using the Universal Plug and Play (UPnP) service. Finally, he talked about net neutrality and his new tool, N00ter, that detects and reports on violations of net neutrality rules.

Related reading:

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

8 comments
Cyberpawz
Cyberpawz

I have been using Macs longer than most people. It is not that Mac users think that their computers are immune from viruses or spyware, etc... it is the fact that the OS is designed in such a way that none can be interacted into the system unless you have the administrator password. Unlike windows in where you are pretty much given the ability to turn off the administration warning, because it acts like the boy who cried wolf ad nauseum, and people ignore it. Apple's Administrator warnings come up when the app comes up and says, hey... this is trying to access something, or install something that needs administrator rights to do so. Which means that whatever you install is your own fault, the same goes for web sites you go to. Any idiot can go to a website, an informed person (an administrator) can make sure that your computer is safe on the network. As for your home computer, that is where the greatest threat is... it is probably time for Apple to start introducing iFirewall an app and/or hardware that's sole purpose is a firewall, or put an update into the Airport Extreme to work as a true hardware firewall, instead of what it is. Apple has a chance to get ahead of hackers, instead they are doing what IBM and MS did... having the wait and see approach. The only way you are going to protect your mac is by knowing what is going on yourself.

jscott418-22447200638980614791982928182376
jscott418-22447200638980614791982928182376

As both a PC and Mac user I could see the day when Mac's would become the focus of malware. Its certainly nowhere near as bad as Windows. But I remember back when Windows was not targeted and all of a sudden people's computers were crashing and locked up because they never heeded the warnings. The same seems to be happening to Mac users. Apple made a huge mistake convincing Mac users that OS X was immune to the rath of viruses and malware that plagued Windows.

Neon Samurai
Neon Samurai

Anyone know if video or audio of talks will be made available for download by the Defcon folks?

Randy Hagan
Randy Hagan

I too regularly use both Mac and Windows systems in my business. For years I used to take flak from Mac fanatics when I'd say that security through obscurity was no real protection from malware attacks. The MacHeads would scream that there was no such thing, and that Macs were somehow intrinsically immune from malware problems because, well, Macs just are. It's cold comfort to actually win that argument. And if all these MacHeads didn't whine about it so much and expose themselves as easy targets, maybe they'd still be blissfully free from malware attacks.

Raymond Sirois
Raymond Sirois

Anyone who EVER thought that Macs were "immune" to a virus attack was deluding themselves. Macs were not "immune," they were "ignored."

pgit
pgit

I want to hear Kaminsky talk about both of these topics! If anyone can come up with a link to a video pu-leeeze post it here, thank you. I searched for 10 minutes using plus signs and quotes trying to find any video of this year's blackhat. Nothing.

pgit
pgit

I've always thought the main difference was between open and closed source code. With the latter, eg Mac and Windows, you naturally have fewer people both designing and testing/fixing the code. If there's some standard like "glaring security errors per developer" percentage, obviously the fewer people with access to the code would make such errors more likely in the proprietary world. I know this argument chases it's own tail, but I've always thought it was less "security through obscurity" and more a matter of the number of minds being applied to the task.

HypnoToad72
HypnoToad72

And I've grappled with pundits who say that anti-malware (including firewall) isn't necessary on Macs. *facepalm* I've ran Intego's software on mine, but might migrate to Kaspersky as I'd read they are coming out with Mac support, as their track record for Windows is top notch.