Written by WATYF on Friday, 28 March 2008 (10009 hits)
Category: Apple Bashing
Well, well, ladies and gentlemen... it's that time again. I realize that I have been shirking my Apple-Bashing responsibilities as of late, but this is one opportunity that I just could not pass up.
I appears that there was a big "hacker" convention the other day... the theme of this little get-together was, "If you can hack it, you can have it". Now, the average Mac fanboy would assume that millions of attendees walked away with free Windows PCs, but lo and behold... the MacBook Air was the FIRST machine to be hacked!!! Yes... that's right folks... not Windows... definitely not Linux... but instead, a Mac. And it only took two minutes to do it. Oh dear... this is so much fun I don't know where to start... how about I start by dispelling some of the feeble attempts that Mac fanboys are going to make to minimize this wondrous trouncing of an Apple product.
The first attempt at minimizing the damage (which I've already seen bandied about at a few places) is to state that the attack didn't occur until the second day of the conference, after the rules had been eased a bit. Which is true, but also... irrelevant. The point isn't what day it happened on, or even under what circumstances. The point is that it happened (to begin with) and more importantly, that it happened first. People were hacking away at Windows and Linux machines as well, but the Mac was the first to be compromised. Remember, the rules were eased for Windows machines and the rules were eased for Linux machines, and yet it was the MacBook Air that fell in just a scant few minutes.
Another one I'm hearing is that it was done via a cross-over cable, and so it wouldn't really work in the "real world". Well, the information we have available to us is that it was done by navigating the user to a web-page (requiring no download or other interaction from the user after that point). There's no reason to believe that this wouldn't also work in the real world. A router isn't going to stop it... it just looks like normal HTTP traffic.
Yet another excuse is that it required interaction from the user. Ignoring the fact that even though the Windows hackers had the same options available to them (and couldn't compromise a Vista machine), this is still irrelevant. Many (if not most) viruses are distributed using social engineering (in other words, getting the user to do something that seems harmless in order to deliver the payload). And "navigating to a webpage" is about as harmless of an action as there is. All you'd have to do is post link to it on someone's MySpace page or in a forum as part of an innocuous comment or whatever. In fact, I'm pretty sure you could take down half of "Mac nation" just by going on a popular mac forum and posting a link your virus webpage under the title, "LEAKED PICS OF THE NEW iMacPodPhoneBook!!!!! CLICK HERE!!! OMG! PONIES!!!".
The fact is, the Mac got pwned and it got pwned fast. There is no mitigating this.
As of this writing, it's the last day of the conference and the Windows and Linux machines are still standing. They've opened up the rules even more to allow third party software to be installed, so we'll see if that makes any difference, but if they hold out through that, it looks like Apple will end up being the only one with pie on its face.