(Page 2 of 2)
Dino Dai Zovi, an independent security researcher who specializes in Macs, says that Iozzo's work is "very interesting," particularly given the difficulties that he needed to overcome to make the stealthy technique work on OS X.
Dai Zovi says that, for now, there are few Mac attacks sophisticated enough to need protection of this kind. But he adds that the technique could prove an effective way to get past advanced antivirus software in the future.
Attackers haven't focused much on the Mac to date because its smaller audience means smaller potential gains. But Dai Zovi notes that this is starting to change, and he says that researching the system's vulnerabilities now should give defenders time to prepare for future malware.
Iozzo says that it may take time for Apple to respond to his technique because it exploits fundamental elements of the operating system's structure that can't be changed with a simple software patch. He says that it may require a larger upgrade, such as the introduction of the new version of OS X, called Snow Leopard, which is scheduled to ship in 2010.
In the meantime, Iozzo says that users can protect themselves by keeping their systems up to date with any security patches released for OS X. Since the technique relies on other flaws that an attacker might exploit, users should focus on reducing those other threats as much as possible, he says.
However, the technique could soon pose a threat to another kind of device. Iozzo says that he is currently working with another security researcher to extend his technique to the iPhone.
A Web browser loophole could make it easier for crooks to scam the unwary.
Dan Kaminsky discovered a fundamental problem and got people to care in time. We were lucky this time.
No assumptions can be made on this sophisticated hacking technique, as there is not enough evidence to support how many mac OS have been affected by it yet. As long as hackers dont get their dirty hands on this technique, apple pc users can still expect to be safe as ever.
However, it would be appreciable if security researchers are pro-active and find a solution to this as soon as possible, especially before the process of the technique is widely spread out for hackers to feast on.
Guest (kstar)
Re: Quick Solution are necessary
AFAIK, the "sophisticated hacking technique" of infection is getting the user to run a program, i.e a trojan.
While the method of minimizing or eliminating evidence of the machine being hacked may be sophisticated, infection via trojan is not so sophisticated, IMO.
Best,
Kurt
Guest (kstar)
Re: Quick Solution are necessary
The above article could have been improved by stating clearly that Iozzo's technique is only applicable after a machine is compromised.
From Mr. Vincezo Iozzo himself, my emphasis in bold added:
It should be noted that my technique does not allow to break into a machine more easily, but makes it easier the execution of code within the system attacked.
Source: http://www.oneitsecurity.it/22/01/2009/mac-os-x-vulnerability-an-interview-with-vincenzo-iozzo/
FWIW.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Just Some Human
1 Comment
The missing piece of information is "How does the attacker gain access to the machine"?
Reply
Guest (kstar)
Re:
Agreed.
This appears to be an article without substance . . . from one of my favorite sites.
Reply
californian
1 Comment
Re:
Well, the only way a hacker can run an exploit is by having the user run a compromised application. Basically, as long as one knows exactly what he's installing, he should be fine.
Reply
Guest (kstar)
Re:
Right.
The "attack" mentioned in this article is a trojan, AFAIK.
I guess the meat of the story is the "covering path" element, not the "attack." Of course, running a story about OS X "attacks" brings a bunch of folks out from the shadows, like us. LOL.
Best,
Kurt
Reply