Slashdot Mirror
FBI Agent Talks Crime, Macs
hype7 writes "There's an article at SecurityFocus describing a visit an FBI agent to Washington University. His visit was ostensibly about computer security and the general public's complete lack of any idea on computer security whatsoever: 'I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.' His talk ranged from some of the pranks he's seen played on unsuspecting users, to Eastern European extortion of big banks." WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' Another good quote: 'If you're a bad guy and you want to frustrate law enforcement, use a Mac.'"
...what about BeOS? BSD?
I think the prob is they haven't yet gotten all the protocol worked out on this... the hfs+ file system causes some problems. Really they can boot those Macs into firewire target disk mode and dump em quite easily. Maybe an Open Firmware password is blocking that, there's steps to disable this also, perhaps it's just fear of the unknown. ;-) I think most of the criminals they run into are running Windows or Linux, price reasons and such... parents basements. ;-)
Cwm, fjord-bank glyphs vext quiz
I would not trust an "out of the box" install of any OS.
1) Watch TV (lord knows what . . .)
2) drink some booze and hang with the buddies
3) read about Internet Security so he doesn't go around speading some damn garbage around to everyone else.
Numbers one and two likely describe your average user, number three is generally the type of person reading slashdot. I guess we need to get security "cool" now for people to take notice.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
They're only secure because, with such a minimal share, nobody cares about breaking into one.
Bullshit. Market share has nothing to do with it. There's at least as many Apache-based servers out there as IIS, but there are like 2 Apache worms.
And frankly, there are enough Mac-haters around that surely some would like to take Apple down a peg via a virus or some sort of exploit in OS X. How come it's never happened? How come in three years there hasn't been a single OS X virus discovered?
Apple have had several fixes just in the last few months fixing remote root access vulnerabilities.
Yeah, and the difference is, they were found and fixed without being maliciously exploited. Most of them were very unlikely to be exploited anyway, or were found in services that were off by default. The last one I heard about would allow a brand new machine to get owned if a rogue DHCP server happened to be sitting on the LAN. Yeah, that's likely to happen.
Contrast this with Windows, where shit is wide open by default, and the first anyone hears about a hole is usually when it has already brought the internet to a crawl. Not that patches for exploits do any good when people don't apply them-- I just took a look in my firewall logs, and I'm still getting Nimda and Code Red infection attempts.
is that they are technologically impaired halfwits. If they would accually take the time to hire *real* computer experts, maybe they would have a little bit more success in stopping something.
In the past, I could send them detailed logs, including TCP dumps, of people controlling DDOS networks, threatening people, bragging about committing DDOS. And nothing would happen. More recently, a friend of mine had serious threats to her and her child from a stalker - who authorities proceeded to track to Atlanta. But they seemed to miss the fact that he was repeatedly coming from a dialup IP address in Toronto.
Law enforcement on the internet needs to be put into the hands of a capable multinational group with laws that are defined to cross boarders. Until then, DDOS kiddies will still be running around quite loudly proclaiming their existance.
.
I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.
Seriously, to me this sounds like sensationalism. Like, a good sound byte to attract attention. If you tell people that things are worse than they could ever imagine, you're not going to do much except scare people. And most of the time it's not that bad.
I'd like to think that (like most slashdotters) I'm not unaware of what goes on in the "computer underground". I'm not in it, but it's not like I'm ignorant of the fact that it exists. The tools on packetstorm are enough to scare any non-tech person into submission, if they knew what they could do, yet I don't lose sleep over it.
I'd like to think that, while there are lots of "dumb" users out there, there are a lot of us tech guys, the guys behind the switches and administering the servers, who are looking out for them, much like shepards.
There are a couple of simple rules to follow:
1.) If it's on the internet, it can be hacked.
2.) If it's backed up, it can be restored.
3.) If it's patched, it's less likely to be exploited.
4.) Ease of use and security are inversely proportional.
I don't resent people like my mom who wouldn't know spyware from cookware. I do what I can for her, computer wise. And she cooks for me when I come home. I consider it an even trade.
~Will
sig?
Two things. The assertion that Platform X is 'just as insecure as Windows' is technopolitik Vunderbabble of the worst sort; the fact is that the claim that they are 'as insecure' as Windows is unfounded, and undemonstrable unless and until there are as many targets for would-be virus/trojan/hack/script kiddie toolbox writers that are platform X as there are Windows boxen for them to excercise their nefarious talents upon. It's an outgrowth of the kind of sloppy thinking that suggests that all programmers produce equivalent code; they don't, as any programmer can tell you. So get over it.
Second, it's obvious that you are as near as one can come to being completely ignorant about anything but your precious "pro-MS fanboy bloatware"... I don't have a *single* *nix box (Linux, BSD, or Slowlaris) that will 1) decode (uudecode) a binary file as executable without my direct intervention to cause it to occur, or 2) execute said code in any way - even scripts for a scripting language that's embedded (for expandability and extensibility of the client) won't execute by clicking on them when they appear as an attachment in an email.
This is not to suggest that there are not undiscovered security vulnerabilities in *nix that may be revealed if and when it spreads across the face of the earth supplanting Windows boxen righteously; however, I will assert that I believe that those security failures will not approach the generalized impact of the Windows virii/trojans - and you know what? I have *exactly* as much data to support that view as the generalized "let's be nice to the poor little Winders crowd" Technopolitik 'your platform is just as bad' FUD. </FLAME>
Thinking outside my Head
"If you're a bad guy and you want to frustrate law enforcement, use a Mac." nah.. if you really want to frustrate them, use encryption and data shreading. Most of the stuff being talking about I am guessing is just data recovery of stuff once it has been deleted. Not really related, but I have been an MS user since the dawn of time, and for the past 3 years a Linux user (happy with both, as they do what they are supposed to do), but those new G5's with OSX may just have me making the "switch" :]
EFS which is the service that allows encryption of NTFS filesystems, under Windows 2000 it uses DESX which is a MS implementation of 3DES which provides ~128 bits level protection. Enabling encryption is as simple as right clicking the folder or file, advanced, click the checkbox that says encrypt.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
...but just because it's open source does not just mean that it's "secure". Actually... because some software is hacked and patched and exposed to a massive amounts of people... it gets more focus and makes it better software. Perhaps a mac *is* more sercure becuase open source software is made and used by more "hakers"... but that remains to be seen. And no I don't care what you think. Thanks, have a great day. The more you hack me the more I find out.
||| I still can't believe Parkay's not butter.
The directory structure is vastly different in a number of ways
/usr/local is still /usr/local.
True... and not true. All the OS stuff is stored in funny places, but
and the GUI isn't X
Yay!
Have a shared libary incompatibility problem? Forget using "ldd" to figure out how to resolve the situation.
1. No shared library problems on OS X. Frameworks include versioning to solve that particular problem.
2. ldd is hardly universal.
I suppose this was the "securuty" the FBI agent was talking about. If you don't know how to use the system, then you won't be able to figure out how to break into it.
Actually, what he was talking about is the fact that a Mac OS X box when first turned on is as close to impregnable as we can hope to see in this life. No services are running, not even SSH. If nobody's listening, you ain't getting in.
Tired of unsightly deficits? Vote Howard Dean [deanforamerica.com]!
Seriously, how am I supposed to trust a guy to run a country when his campaign is almost out of money after Iowa and New Hampshire???
It's "no one," not "noone." Who the hell is noone anyway?
So your G5 somehow makes it impossible for people to send you the MyDoom virus? Your powers of hyperbole are astounding.
If nobody's listening, you ain't getting in.
That's a common misconception. Intruders can get in by manipulating anything that goes into your system regardless of who initiated the connection. For instance, it is common that windows machines are exploited through holes in web browsers and email clients, not services that are listening for connections.
Linux is like a friend's old TR7. He spent more time under the hood trying to keep it running than he did actually driving it. Mac OS X is for those who want to get to a destination, in speed and with style; instead of piddling around tinkering with the machine.
I think that should read "...after GETTING HIS ASS KICKED in Iowa and New Hampshire???"
Dean is a goner. Glad I didn't give him any money. Once he started talking, he turned into a real prick.
Why yes, I AM a rocket scientist!
Morons, your train is leaving.
What, you say that like you expect every OS to ship with its pants pulled down to its ankles and bent over ready to take it without a firewall. Does 2k3 server ship with its firewall on by default yet (after 6 major OSes not counting OSRs?)? MacOSX does.
My friend brought his xp laptop over one day for some LAN gaming. He plugged it in to the LAN and it told him there were updates to install. I asked him when the last time he updated, and when he told me it had never been updated, I told him to turn on the firewall. He got to the network configuration box and was about 2 clicks away when the system told him it was shutting down. Doh!
So we've got Windows, and it shipping with a large number of services that are useless to nearly every user (such as the ms-blaster port, the spam-messenger port, and so on...) MacOSX client comes with... well, not much at all. I don't even think it runs apache out of the box.
And that remote root exploit? Its in the DHCP client's system configuration module. Meaning that 1) the attacker would have to be the DHCP server. 2) The system would have to have been configured to DHCP for an address. And 3) the system would have to be configured to fetch its configuration from the DHCP server, which isn't on by default, and would pretty much only be used in a corporate environment.
As for mail-transmitted worms/trojans/viruses, they'll certainly be around for the popular platform, but lets take a look at how they behave in windows. In fact, we'll use the w32.novarg.a@mm virus. According to that site, the third thing it does is
Whoa, there! Allowing USERS to overwrite SYSTEM FILES! -10 points! What about access levels? NT4 had it, and 2k and XP finally give it to the end users. Too bad that there are so many applications that require Administrator account privileges that most users effectively run as Administrator (if not actually use the Administrator account full time). Now of course, you can use various policy control tools and registry inspectors to determine what exactly the program is trying to access and granting specifically that access level to that program, but from what I've seen of Real Professional (ie not paper MCSE) Windows Administrators, its a long and thankless job that is repeated every new version of a program, for program after program from insert-nearly-any-game-here to your scanner. Now, get your mother to do that when she wants to use the scanner, or your 12 year old little brother who wants to play the latest Grand Theft Helicopter 14.
Oh and 5 words: "Don't click on any links"
I think the windows camp should worry more about the termites, cockroaches, and toxic mold infesting their own houses before calling the exterminator in on the ant in the Mac house.
All aboard!
If I have been able to see further than others, it is because I bought a pair of binoculars.
That is the way I feel too.
I've used Linux for a longer time than most of the slashkids in here have known how to read. Like a lot of Linux users, I went through the silly zealot phase, but luckily, matured enough to make my way out of those woods.
NeXTSTEP and then OS X, for me, was Unix without the hassle of Linux. Way too often on Linux, now and then, I spend more time dicking around with the machine- screwing around with libraries, configurations, all sorts of stuff- than I did doing "real work." That was all fine and dandy when I had an abundance of free-time, prime to be wasted. Not to say that learning- especially enjoyable learning- is a waste of time, but for me, configuring, installing, and doing all sorts of other maintenence on my Linux system is about as much fun as maintaining Windows. When I want to work I want it to work. Sometimes, I may go back on the random weekend to do that 'under the hood' stuff, but I don't want to *have to* spend time under the hood just to keep it running.
With OS X, I had the best of both worlds. I had oodles of stuff to tinker with, to my heart's content- and a lot of it is totally new to an old DOS and Linux user, a brave new world full of all sorts of fun stuff. I can go in and spend time under the hood as much as I like. But, when I haven't the time or the desire to do so, it just works.
For those of you with so much free time as "playing around" with Linux constitutes most of what you consider as using your computer- more power to you. Learning is fun and never a waste of time. But for those of us who want the perks provided by Linux or another Unix-like OS but with a number of positive advantages that impact silly things like "productivity", we have OS X.
Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
In a forensic environment, which was what this article was discussing, the examiner has to get past my login to get my data. so whie it might be easy to get me to run code that breaks my encryption, it's harder to get someone else to do it.
And, btw, these recent "email virus" things demonstrate nothing about how secure OS X is; it's harder to get OS X to run arbitrary attachments as binaries, simply because the mail client doesn't allow random attachments to have execute privileges.
--
$tar -xvf
Your main gripe is that Apple is closed-sourced.
Nah, closed source has its place, and it's ok with me. My main gripe is that people don't see how Apple manipulates the consumer just as badly, if not worse than, Microsoft, or any other corporation that never gave a xxxx about consumers to begin with - who would have the balls to use Gandhi and MLK in an advertising campaign? What pompous disregard Those "kind of products" you mention and the public's blind acceptance of them fuel the fires of Vendor Lock In, and this acceptance is the problem. Take a step to one side and look at Apple's product history and then talk to me about the concept of planned obsolescence. The same techniques created a Microsoft monopoly, and brought it to the point where you admit that taking some of Microsoft's market away would be fine by you. Apple and MS are lumped together. The only difference is that the one is smaller than the other.
To say that Apple just took from BSD is disingenuous, they have opened Darwin. You could say that's giving like for like.
"Disingenuous" is what Al Sharpton says about someone when he doesn't want to say "liar" on television.
I don't see the like for like. Darwin runs on what hardware? It cannot be as widely applied as what it was derived from. This is fine by the bsd license, and ok with me, but not "like for like".
If everyone thought it was like for like, maybe there wouldn't be a GNU-Darwin (I noticed Mac aficionados like to laugh him off as a crazy person)
Mainstream OSes have presumably been analyzed to death by foresnics companies.
Except that new viruses/worms/security holes keep coming out every day/week/month that others seem to find. Guess they need to get some more analysts...
News at 11: MS security problems kills analysts, others vulnerable!
You're just jealous because the voices only talk to me.
"This is false. 'ldd' does NOT run the program you give as an argument. As a proof of that try running 'ldd' on a graphical program (like xclock). Also 'ldd' works on shared libraries too."
/bin/ls' or if on FreeBSD 'ktrace ldd /usr/bin/true'. You'll see:
/usr/src/libexec/rtld-elf/rtld.c on FreeBSD, probably somewhere like that on most Linux distributions too.
Run most Linux distributions 'strace ldd
fork() = 3828
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) ---
wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG, NULL) = 3828
and
97444 ldd CALL fork
97444 ldd RET fork 97445/0x17ca5
97444 ldd CALL wait4(0xffffffff,0xbfbff580,0,0)
97444 ldd RET wait4 97445/0x17ca5
respectively, well after the ldd binary is loaded (you can see it in the full strace/ktrace output).
From FreeBSD's ldd:
case 0:
if (is_shlib == 0) {
execl(*argv, *argv, (char *)NULL);
warn("%s", *argv);
} else {
It runs the binary with a special environment variable which tells the dynamic loader to just spit out the library list. The code that does that is in
In regards to shared libraries, it uses dlopen instead of running the library - on FreeBSD.
lameness filter, usin' lowercase, damn slashcode
"Sic Semper Tyrannosaurus Rex."
There is no evidence the MacOS is fundamentally significantly more secure than Windows.
There is evidence Windows is fundamentally significantly more insecure than most Oses. Which other OS gives their office suite/mail/browser what is tantamount to su status?
Just because you have a stock portfolio full of MS stock does not make Windows as (or more) secure than other OSes.
Last time I posted a negative article (admittedly somewhat provocative/aggressive) on the Mac, I was not only marked troll, but someone went through my past articles, and modded one or two of those down. Gotta love the Mac community. Wonder what'll happen this time.
You'll get a bonus for your efforts from Redmond?
Informative at +3 indeed. bleah.
If FBI security guys are using Macs because they're secure out of the box then none of them have any chances to be hired to work in MIS in any company that cares about its security. I don't say that there anything wrong with OSX per se (which is a subject of another discussion). But I do believe that real surity guys are supposed to make their system secure no matter if it's secure out of the box or not.
I knew that there is no smart people in FBI, but I didn't expect to see it published in so explicit way. And those guys are supposed to protect America from terrorists?!? Ha-ha-ha! The only protection Americans have is even bigger ignorance of terrorists.
Less is more !
I agree with most, but "Every single USB/1.0-2.0 and/or FireWire-400/800 device you can get your hands on is already compatible with OS X...If you can plug it into your mac, it works" isn't true. There's loads of USB stuff it doesn't work with: take the MyCam 120 web cam I tried the other day: nada. There's a small list of supported ones you can get drivers for on sourceforge, but that's it.
Updating libraries, fixing missing includes, or paths, is not all that bad. You learn in the process what role libraries and includes and paths play in an environment where software development is encouraged, and some tinkering to compile an application might be required.
The thing I did not like was how hard small things were. Changing the font in xterm. Plugging in an external display. Getting the optimal resolution/refresh rate/color scheme. Laying out your desktop and having the OS remember the layout.
Those things are more annoying than they should be but with OSX, it takes a second to change all of the above, and more.
There is value in knowing how a system operates underneath, but wasting endless hours reading xterm man pages and entering font strings into a config only for them to make no difference is a big waste of time.
OSX still lets you play with the internals but also eliminates the useless functionalities.
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
If I was a law enforcement offical and I wanted to give a bad guy a false sense of security. I would recommend a partially closed source OS that appears to be very secure. However, it could possibly have an NSA/FBI backdoor. Then at a big security convention I would say that said partially closed OS would frustrate law enforcement!