Wednesday, February 21, 2007

Did I Read That Right?

Parsing the Kevin Finisterre interview with the BBC.

Kevin Finisterre caused ripples in the Mac community when he started a website in January revealing a different bug in Apple systems each day of the month.

Keving Finisterre was snickered at by the knowlegeable Mac community when he opened his silly site. The Mac users who didn't know, didn't seem to notice. Neither have they suffered any ill effects from the lack of understanding.

While some observers dismissed the survey, Apple recently issued a patch to plug holes outlined by Finisterre.
Non-observers didn't notice or care. There still have been no reports of malware in the wild.

Apple owners' attitude to security was "one of the main reasons we started the campaign," he said.

Apple makes great play of the fact that its OSX operating has yet to be attacked by a virus while Windows XP machines are plagued with problems.
Its recent global campaign of adverts pitching Macs versus PCs has focused on security issues.
XP machines are represented by a flu-ridden, sneezing individual while the Mac remains untouched by illness.

Apple is a pretty poor sport about the superior security record of their machines and software.

No Real Security Problems

Many of the problems highlighted by Finisterre are security holes in applications, which are not related to viruses.
Most of the problems could be exploited by an experienced hacker who was already sitting in front of your computer, with you logged on.

Apple recently plugged holes in Mac software such as iChat and Finder and a flaw in the user notification process that could potentially grant system privileges to malicious users.
Apple recently fixed some security problems in their software, none of which had ever been reported as actual exploits.

All three problems were highlighted by Finisterre, and a fellow researcher known only as LMH.
Kevin and LMH would like all you smug Mac users to be very, very sorry about your smugness.

Finisterre said: "Try calling any Apple store and ask any sales rep what you would do with regard to security, ask if there is anything you should have to worry about?
"They will happily reinforce the feeling of 'Security on a Mac? What? Me worry?'."

Just because there is no malware in the wild for OS X is no reason for Apple store geniuses to be so smug about it.

He said the Month of Apple Bugs (MOAB) project had succeeded in its original aim of raising the level of awareness around Mac security.
Mac users are scared now. We busted our asses for a whole month to come up with a total of three hacks that rise above the level of "total bullshit" to the pinnacle of "kinda lame." Fear us.

"I would really hope that people got the point that there are most definitely some things under the OSX hood that need a closer look," he said.
Buy a Mac.

But Mac experts have pointed out that none of the exploits have ever successfully been used to hijack an Apple computer.
By contrast hundreds of thousands of Windows machines have been taken over as part of so-called bot nets, which use the hijacked machines to deliver millions of spam e-mails around the world.


He said Apple had opened up dialogue about security issues.
He thinks he sees a way to get money from Apple.

"They have certainly given some extra efforts on the backend to open up lines of communication, at least with me.
With any luck they'll pay me to shut up, anyway.

"That sort of progress is what I am after rather than a particular set of bugs."
All I really care about is a steady paycheck.

He said that Apple had in the past not been open to dialogue about security matters, but things were changing for the better.
"I chat quite regularly with some of the security engineers," he said.

Did you ever wonder what it's like to be me?

At the moment there are no plans for the MOAB website to continue.
"Real life comes in to play; the cost of living, the fact that we did it all for free.
"If someone wanted to invest some of their own resources I would be more than willing to continue."

Did I forget to mention that I'm really interested in getting my hands on some money?

Did I miss anything?

21st Century American Presidents for $500 please, Alex.