Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers)

From: Nicolas RUFF <nruff () security-labs org>
Date: Wed, 21 Mar 2007 20:03:00 +0100
I've tried a number of times to get details of actual OSX compromises  
in the wild, without success.  I'd like to know details of a real  
computer being used by a real person, compromised by a real  
attacker.  I've been told a number of times (even here) that examples  
exist.  But I've never gotten real info.



From my personal experience, Top 2 flaws "in the wild" are:

- Insecure PHP applications
- SSH bruteforce

Given that both exist on Mac OS X ...

(Even unpatched Windows machines are getting low these days, thanks to
Automatic Windows Update).



I am genuinely interested- while I use a Mac, nothing is  
invulnerable.  It seems reasonable that such an example must exist.   
But I have never seen or been pointed to one.


Well, you have at least:
http://www.zone-h.org/index.php?option=com_attacks&Itemid=43&filter=1

6227 defacements involving Mac OS X from January, 1st 1999 to now.

Regards,
- Nicolas RUFF
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: