Steve Jobs is dead - the state of computer security is sorry

 

The late Steve Jobs, left, interviewed
together with Bill Gates,
at D5 conference in 2007

Ok, hopefully no-one died from heart attacks reading this yet, but it's just a bad joke. When covering the Apple Keynote in the Macworld conference today, the extremely popular web site Mac Rumors got its live coverage web site hacked by people crediting Anonymous / 4chan.

No shadow on Mac Rumors staff really, since in my opinion computer security in general is in a very sorry state. I want to carry on writing on this topic soon, but be sure, it was Mac Rumors today, it can very well be your site or service tomorrow. It's not a matter of some being more vulnerable than others - if you are unlucky to be targeted, you are very likely to get huge trouble.

Stitched screenshot of the defaced live stream below:


A yawn or not, Macworld is still receiving a lot of coverage in the press, such as here, here, here, here, here, here, here, here, here and here.

Be back later for more of my rants and info about the hack.

So you thought your OS was secure?

When looking for information about the IDA disassembler (anyone who knows it and can give me a few hints?) I found an interesting video at Google Videos. Alex Sotirov discussed how he found a very applicable "ANI" exploit in WinXP and Vista, including showing his best IDA tricks. Quite academic and extremely technical. As food for thought he ends the lectures with this diagrams about what OS provides what security measures:


We Mac users sometimes brag about how secure OS X is, while in reality it probably has a pretty solid base in Darwin and provides a reliable development environment with Cocoa... but when bugs and exploits are found, OS X is standing there almost absolutely naked and defenseless.

Of course, Windows drags a larger pile of legacy code behind itself, but it also is a lot more under fire, it makes a lot more sense to produce exploits and viruses for Windows.

My advice (which I hope will soon be published at mjukvara.se are still simple: 1) use good, secure software which throws away popups and spam 2) install system updates as they become available 3) run some sort of firewall and maybe free antivirus software . You, or if someone does it for you, need to keep your computer reasonably clean and well-oiled. Don't blame a virus if it's you who's filled up your disk. By these simple principles, my systems have been essentially perfectly free from virus trouble for at least five years. Knock on wood :-)

A little PS about that dangerous Internet hole which recently was "discovered" by Anton Kapela and Alex Pilosov. Experts are saying that indeed the "hole" is there, but everyone concerned were already aware of it and will not have much problems with it. If anything it is a small reminder that whenever you transmit passwords or any sensitive data over the Internet, you should not make any assumptions that the network is not wiretapped.