Mac hacker toolkits being improved
It may be that we are just hearing more about it because of publicity, or it may be that Apple’s increased popularity is to blame, but Mac hacking seems to be becoming a more popular sport.
Charlie Miller, who just won the Pwn2Own contest at CanSecWest, and Dino Dai Zovi are updating the Mac version of a famous hackers toolkit, according to an article in PC World. Both of the authors of the kit are “independent security researchers.” That seems to mean that they sit around searching for holes in operating systems and browser software so that they can hack them. Sometimes they report what they find. Other times they use their finds to win hacking contests. One could puzzle over the ethics of this for some time without any real conclusions.
What is known, however, is that the two are adding hacking tools to the Mac version of a well-known hacker’s toolkit called Metasploit. Like much software, this toolkit for hackers is available in various versions for various operating systems, in this case Windows, Linux, and the Mac. The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research. One wonders what a competent but sociopathic hacker could do with such a tool.
One can be sure that there is value to the research being done. At the same time, it is hard not to wonder whether too much is being made of all this in the harsh glare of publicity. Let us assume that Miller and Zovi are two of the good guys. Let us further assume that the more publicity they seek and get, the more likely the bad guys are to learn from them. And here I was thinking that the idea was to keep the bad guys from getting better…
Related Posts:
March 21st, 2009
I believe these guys are working with an agenda.
BTW is there a virus for Macs out there yet since Miller claimed the Mac OS is easily hacked. Can he do it without all the help like admin password.
March 21st, 2009
“One could puzzle over the ethics of this for some time without any real conclusions.”
I don’t see the debate. Distilling and extending Miller’s own points on this:
- That store has a faulty alarm system, but I don’t have to tell anyone because I’m not being paid to do so.
- That female tourist is about to go for a stroll in a park where a number of women have been raped lately. But I don’t have to tell her or the police because I’m not being paid to do so.
- There’s a vulnerability in this computer system. But I can sit on the info and not tell anyone, because I’m not being paid to do so.
I don’t see the difference.
March 22nd, 2009
The trick isn’t being able to write a virus. The trick is being able to get it to spread.