Charlie Miller talks Mac, hacking
From NSA spook to celebrity Mac hacker, he’s traveled a rather unique career path and resides at an interesting crossroads — the “frenemy” insider the rest of us look to when security’s on the menu. Although he doesn’t always bear glad tidings for the fairer platform, Miller’s no hater and that kind of cognitive dissonance is sometimes difficult take.
MacDirectory, a site I hadn’t visited in quite a while and probably deserves a second look from you, too, has corralled pre-eminent Mac hacker Charlie Miller for an interview. If you want to chew the whole, you know what to do.
For everyone else, here are some soundbites:
- MacDirectory Are Macs safer or just fewer?
Miller > They are safer exactly for the reason that not many criminals are looking at them. Most malware is written with the purpose of compromising as many hosts as possible, and that means Windows. There is nothing inherently more secure about Macs, in fact they’re probably a little easier to break into, but really they are protected for the moment by their limited market share.
MacDirectory Safari is obviously a pretty easy target. Why isn’t it being
exploited more in the wild?
Miller Same as above. It’s a little easier to hack because it is so full functional. Out of the box, Safari will run any Quicktime file, Flash, Java, etc. By contrast, Internet Explorer won’t parse any of those files. The reason it isn’t being exploited is simply that with only slightly more effort, bad guys can write IE exploits and can break into way more computers with it.
MacDirectory Because the Mac OS is built from a lot of open source components (from Apache to Unix), does that make it an easier target?
Miller Yes and no. I’m of the opinion that most well-known open source software is comparable in security to closed source, proprietary software. However, it does present a problem for Apple in keeping all of these open source components up to date. For example, in the past, there have been vulnerabilities that were known to the open source project, but had not yet been patched in the version that was current on Mac OS X.
From open-source holes to an opaque corporate culture, Apple’s got a lot of ground to make up. Are you taking security more seriously or is all of the hubbub about hacking the Mac just so much smoke and mirrors…
What’s your take?
Related Posts:
September 8th, 2010
What the hell did you expect? ANY operating system has its flaws. Mac OS, since it is not being targeted, has a lot of flaws…you may ask why –> reason is simple: since no one even cares about it, Apple doesn’t waste time/money/resources to fix all the flaws which is why they seem to always do stuff that “works” since they concentrate on all the user related stuff…
Soon this will change though, as the user-base of Macs is increasing
September 8th, 2010
No-one ever follows through on this nonsense about how “its easer to target IE” and that there aren’t enough Macs for it to be worth it.
Economics suggest that the guy with the Mac has a bunch more disposable income than the turkey with the cheap chinese PC.
Hackers don’t target Macs because they are a bunch of pansies, pure and simple.
September 9th, 2010
You mean all the MACs are not made in china. Nice to hear that. See there is not point of hacking a individual computer. They always target web servers, company networks and maximum damage. There is no point of hacking into rich kids toy unless there is a specific reason to attack single computer. In such case you dont have to look look in to complected hacking methods. There always easy ways to get pass words, credit card details or any information required even it is a MAC or PC.