Safari is exploitable, oh my!

I’ve taken a couple of days to think about this before I posted my opinions. I’ve gone from apathy to anger pretty quickly, as I’ve seen more and more publications trying to “smear” apple’s virus image. I guess when you’re the top dog, all the bitches try to bring you down a peg on occasion. Anyway, I really don’t know what all the fuss is about.

As far as we know, and have been led to believe, Safari had an exploit in it and this led to the Air being hacked in 2 minutes. How people can reach this conclusion without having inside knowledge about the exploit is beyond me. The “hacker” had to sign an NDA and notify the vendor of the problem, so for all we know there could have been a problem with the underlying *nix framework. But, lets say for arguments sake that it was Safari. The “hacker”, and I use that term loosely here, could not break into the machine over a network. Here’s a quote from Yahoo,

“Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network”

No one at the conference even tried, so what does that say about the security of OS X? The first day was an EPIC Fail by everyone there who intended on busting into the machine. Is this not the most used avenue by hackers on say…the windows operating system? Does the average windows system not get owned in 10 minutes of internet time on a clean install, without any user assistance? If this “hacker” could pull that off on leopard that would be news worthy. But, they couldn’t, and didn’t…so it’s not?

But, the fact remains, the “hacker” had to have physical access to the machine before he could successfully “own” the box. To me, that makes this a joke! The even bigger joke however is that all the “windows” journalists are playing this off as a victory, and thus, evangelizing the hell out of it. Give someone physical access to a machine, and it doesn’t stand a chance. You don’t need to be a hacker to “own” a box in this way, all you need to do is watch a couple of podcasts, and most people would be able to get into a “secured” machine.

The “hacker” had to rely on user intervention. He had to trick someone, theoretically, into visiting a malicious website, that had some kind of executable code that took over the machine. So, the problem didn’t exist with the machine…the problem existed with the user. If you clicked on a random email, or a random IM from someone you don’t know, if you installed and ran an application without really knowing what it was, if you provided said application with your password to the admin account… and your machine becomes a slave to someone else… you got hacked… not your computer.

There’s an internet adage that explains this phenomenon…its called PEBKAC. The problem exists between the keyboard and chair. That problem is You!

I’m not worried about this. And, unless you’re the type of person that does all these things mentioned above, you shouldn’t be either.

Now, this hole should be closed, and should be a concern for the company that had their code exploited. It would be in their best interest, as well as ours, to have that hole closed up, but I would not say OS X was vulnerable to an attack, and I certainly wouldn’t put all the onus on Apple. If you don’t know by now that users are solely resonsbile for their own problems because they can’t resist the tempatation to click a link then maybe you should think about giving your ‘puter back. Take some responsibility and stop blaming others. But for most of us, we don’t do this kind of thing. A word to the wise… don’t give your computer to a hacker… because he might be able to “hack it”. Who would have thought that possible…lol.

Joshua is the Content Marketing Manager at BuySellAds. He’s also the founder of Macgasm.net. And since all that doesn’t quite give him enough content to wrangle, he’s also a technology journalist in his spare time, with bylines at PCWorld, Macworld… Full Bio