[Dailydave] PWN to OWN (was Re: How Apple orchestrated web attack on researchers)
Nicolas RUFF
nruff at security-labs.org
Wed Mar 21 15:03:00 EDT 2007
> I've tried a number of times to get details of actual OSX compromises
> in the wild, without success. I'd like to know details of a real
> computer being used by a real person, compromised by a real
> attacker. I've been told a number of times (even here) that examples
> exist. But I've never gotten real info.
>From my personal experience, Top 2 flaws "in the wild" are:
- Insecure PHP applications
- SSH bruteforce
Given that both exist on Mac OS X ...
(Even unpatched Windows machines are getting low these days, thanks to
Automatic Windows Update).
> I am genuinely interested- while I use a Mac, nothing is
> invulnerable. It seems reasonable that such an example must exist.
> But I have never seen or been pointed to one.
Well, you have at least:
http://www.zone-h.org/index.php?option=com_attacks&Itemid=43&filter=1
6227 defacements involving Mac OS X from January, 1st 1999 to now.
Regards,
- Nicolas RUFF
More information about the Dailydave
mailing list