Dailydave mailing list archives
Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers)
From: Nicolas RUFF <nruff () security-labs org>
Date: Wed, 21 Mar 2007 20:03:00 +0100
I've tried a number of times to get details of actual OSX compromises in the wild, without success. I'd like to know details of a real computer being used by a real person, compromised by a real attacker. I've been told a number of times (even here) that examples exist. But I've never gotten real info.
From my personal experience, Top 2 flaws "in the wild" are:
- Insecure PHP applications - SSH bruteforce Given that both exist on Mac OS X ... (Even unpatched Windows machines are getting low these days, thanks to Automatic Windows Update).
I am genuinely interested- while I use a Mac, nothing is invulnerable. It seems reasonable that such an example must exist. But I have never seen or been pointed to one.
Well, you have at least: http://www.zone-h.org/index.php?option=com_attacks&Itemid=43&filter=1 6227 defacements involving Mac OS X from January, 1st 1999 to now. Regards, - Nicolas RUFF _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- How Apple orchestrated web attack on researchers, (continued)
- How Apple orchestrated web attack on researchers George Ou (Mar 20)
- Re: How Apple orchestrated web attack on researchers Daniel (Mar 20)
- Re: How Apple orchestrated web attack on researchers James Sineath (Mar 20)
- Re: How Apple orchestrated web attack on researchers Daniel (Mar 20)
- Re: How Apple orchestrated web attack on researchers Ralph Logan (Mar 20)
- Re: How Apple orchestrated web attack on researchers Matt Beaumont (Mar 21)
- Re: How Apple orchestrated web attack on researchers Mark J Cox (Mar 21)
- PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Dragos Ruiu (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Bob Mahoney (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Adriel T. Desautels (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Nicolas RUFF (Mar 21)
- Re: How Apple orchestrated web attack on researchers Thomas Ptacek (Mar 20)
- Re: my idea of the day Trey Keifer (Mar 16)