artvader

I wonder lang how it will hit with the texting population. I know this phone wasn't really built for that, eh.

Was watching Masked Rider: The Next and there's this one character who has a nosy, paranoid lady neighbor who speaks Filipino.

The thing is... the longer that hole remains unpatched, the longer these mac hating hackers can exploit it properly. And contrary to popular notion, hackers doesn't even need to specifically target a particular computer among millions in order to hack into that computer. All they have to do is run an automated program to do it for them. Next thing you know, your machine could become a spam sending 'zombie', all without your knowledge and the hacker without even knowing he's even targeting your machine.

I disagree. Most holes are hard to exploit anyways and it takes a good hacker to properly exploit these (in all OSes - except Windows). But combine a good hacker with a "dumb" user and you have the recipe for disaster.

While boomouse's advice is good (don't download suspicious programs), it doesn't always work in reality as most people doesn't really follow it. Especially when you have this mind-set that you will ALWAYS be safe no matter what you do. It's like saying you'll dare to go in that dark alley with a stranger because you have that anting-anting you wear around your neck that will protect you from all harm.

But didn't it got patched before (10.4.11)? And was later exposed again? What I'm trying to say is - it is possible to patch it... just wondering why it's taking this long.

How about that one flaw that Mac OS X 10.5.4 didn't fix?

OMG!!! I guess I'll be buying the AT&T jailbroken version.

Why? would it come out cheaper?

Can't wait for the new PhP13,000 iPhones. Now everyone can buy one. It will be the new RAZR. That totally rocks!

permanent nga lang. so have a very steady hand. but if it's gonna be used for a perfect grade naman, that wouldn't pose much of a problem...

You can also buy a .05 marker in Deovir art shops. Thay have branches in 3/f SM City North Edsa, and 5/f SM City Manila. I think they also have a branchs in Recto, but haven't seen it yet.

My point is: no machine is if the guy using it is stupid. If someones tells you to go to a site you don't know, would you?

But what if that mac exploit code was embedded in a legitimate website (maybe the server got compromised with another trojan bearing this mac exploit code)? But at least you're starting to realize that mac users, as well as the rest of the computer users should be cautious and not just laugh off these security threats...

Who Patches Bugs Faster, Apple or Microsoft?

Apple's ads imply its software is safer than Microsoft's, but the facts show it's worse at patching zero-day flaws, study says.

Jeremy Kirk, IDG News Service

Saturday, March 29, 2008 3:00 PM PDT

Apple's teasing commercials that imply its software is safer than Microsoft's may not quite match the facts, according to new research revealed at the Black Hat conference on Thursday.

Researchers from the Swiss Federal Institute of Technology looked at how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the zero-day patch rate.

They analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple. They looked at only high- and medium-risk bugs, according to the classification used by the National Vulnerability Database, said Stefan Frei, one of the researchers involved in the study.

What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.

"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," Frei said. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple."

It's generally good for vendors to have a software fix available when a vulnerability is disclosed, since hackers often try to find out where the problem is in order to write malicious software to hack a machine.

For a vendor to have a patch ready when the bug is detailed in public, it needs to get prior information from either its security analysts or external ones. Otherwise the vendor has to hurry to create a patch, but that process can be lengthy, given the rigorous testing needed to test the patch to ensure it does not conflict with other software.

Apple only started patching zero-day vulnerabilities in late 2003, Frei said.

"We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community."

Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said.

Curiously, both vendors' abilities to have zero-day patches ready at disclosure seemed to dip in the six months before a major product release. That trend was most pronounced in 2004 and 2005. Frei theorized that the buildup to big software releases took away software engineering resources.

Andrew Cushman, director of Microsoft's Security and Research, said he couldn't pinpoint what might cause that trend. But in 2004 and 2005, Microsoft had a rash of vulnerabilities pop up in its Office products that it did not get advance notice of, which may have contributed to a higher percentage of unpatched publicly disclosed bugs.

However, the study proved to be such a glowing affirmation of Microsoft's increased focus on security in the past few years that it prompted Cushman to ask Frei, "Did Microsoft fund this research?"

"This is independent academic research," Frei replied.

Vista, MacBook Out--Only Linux Left in Hacking Contest

With Vista hacked Friday, a Linux laptop remained uncompromised at the CanSecWest PWN 2 OWN hacking contest.

Robert McMillan, IDG News Service

Saturday, March 29, 2008 5:00 AM PDT

The MacBook Air went first; a tiny Fujitsu laptop running Vista was hacked on the last day of the contest; but it was Linux, running on a Sony Vaio, that remained undefeated as conference organizers ended a three-way computer hacking challenge Friday at the CanSecWest conference.

Earlier this week, contest sponsors had put three laptops up for grabs to anyone who could hack into one of the systems and run their own software. A US$20,000 cash prize sweetened the deal, but the payout was halved each day as contest rules were relaxed and it became easier to penetrate the computers.

On day two, Independent Security Evaluators' Charlie Miller took the Mac after hitting it with a still-undisclosed exploit that targeted the Safari Web browser. After about two minutes work, Thursday, Miller took home $10,000, courtesy of 3Com's TippingPoint division, in addition to his new laptop.

It took two days of work, but Shane Macaulay, finally cracked the Vista box on Friday, with a little help from his friends.

Macaulay, who was a co-winner of last year's hacking contest, needed a few hacking tricks courtesy of VMware researcher Alexander Sotirov to make his bug work. That's because Macaulay hadn't been expecting to attack the Service Pack 1 version of Vista, which comes with additional security measures. He also got a little help from co-worker Derek Callaway.

Under contest rules, Macaulay and Miller aren't allowed to divulge specific details about their bugs until they are patched, but Macaulay said the flaw that he exploited was a cross-platform bug that took advantage of Java to circumvent Vista's security.

"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place," he said in an interview shortly after he claimed his prize Friday. "This could affect Linux or Mac OS X."

Macaulay said he chose to work on Vista because he had done contract work for Microsoft in the past and was more familiar with its products.

Although several attendees tried to crack the Linux box, nobody could pull it off, said Terri Forslof, a manager of security response with TippingPoint. "I was surprised that it didn't go," she said.

Some of the show's 400 attendees had found bugs in the Linux operating system, she said, but many of them didn't want to put the work into developing the exploit code that would be required to win the contest.

Earlier, Miller said that he chose to hack the Mac because he thought it would be easiest target. Vista hacker Macaulay didn't dispute that assertion: "I think it might be," he said.

You call that a hack? Success depended on the end user being stupid!!!! Under those terms, even the most secure computer of the US NSA can be hacked.

 

Rather than hacking that is more 'social engineering'. Which is why a general in the Pentagon would click on an email from the pretty secretary accross the hall… an email with "I Love You" in the subject header.

 

Put it in perspective guys. And in this context, incidents like this exploit happen zillions of times more to users of Windows. More than proportionately more.

But in this context we're not talking about Windows, are we?

So the hackers have indeed proven a point: even Macs are not impervious to security risks.

Gone in 2 Minutes: Mac Gets Hacked First in Contest

A MacBook Air goes down first at the CanSecWest security conference's hacking contest.

Robert McMillan, IDG News Service

Thursday, March 27, 2008 1:36 PM PDT

It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple's Safari browser.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.

Bro kahit yung pera mo nasa neck mo safe ka...safe dito sa HK...if ever nagkaproblema ka PM mo ako maybe makatulong ako...

I wouldn't go that far. My former boss lost his wallet to a pickpocket while visiting one of the night markets there. But compared to the Philippines, mas safe nga sa HK.

That would be the Taipei Zoo. The zoo is fine... you'll smell like a zoo afterwards, though.

You can also try the Maokong Gondola ride just right next to the zoo. If it's open, that is.

Cool. As long as they are cheaper than the shops here in Manila. Hope I can find an Asus Eee in the airport.

Oh definitely, if you can find one. Asus EEE in Taiwan only costs around PhP 12,000. Even if you get it for PhP 15,000 there, you'd still save a lot...

Yup may mga electronic stores din sa airport. However, I can't say the price is as low as the ones in downtown.

You could always just put the ice in boiling water to k*ll bacteria first, of course if you really want to be safe...

But then...

can you recommend where and what store in taiwan is a good place to buy this laptop? maybe you can give me an exact address? TIA

Try the GuangHua district (get off from the NTU MRT station and walk past the school). If you're coming from Taipei Main Station and facing the direction of Taipei 101, then you should walk towards the left for one block.

To compare prices, go to the TsanKuenn (the one with the yellow 3C signs) store in the corner (parang Octagon sila ng pinas) and look for the Asus EEE price. Now shop around the area and if you see prices lower than that in TsanKuenn, then take it na.

You'll have to modify some things to make the OS english, though. There's a tutorial on how to do this on some websites, however.

Tasted it months ago and I think it tasted...

...like diet Coke. I don't like it.

pede po ba ito sa mga laro gaya ng CS?

gusto ko po bumili ng laptop na affordable din sana, na pede sa mga laro.

I don't think this laptop is for you, then. This is designed for the casual users and have a so-so specs. Definitely underpowered when it comes to gaming.

And to think G.I. Joes were 30-60 pesos each figure when they first came out. Now they're 700++ pesos...

Yun nga lang you have to tweak it a bit to make the interface into English. But it's a minor tweak lang naman.

http://forum.eeeuser.com/viewtopic.php?id=510&p=1

It looks really cute... and much more practical and full featured than that Mac Air...