That was a pretty interesting security conference last week in Vancouver including an annual contest that promises cash prizes if really smart people can hack into fully patched and secure computer systems and devices.
This was not the conference to attend if you are an Apple Fan-Boy.
An Apple iPhone 3GS was fully compromised in 20 seconds by two hackers, the first time the mighty iPhone 2.0 has fallen to a crack. And the infamous Charlie Miller, who has successfully hacked into fully patched Macs for the last two years, this year wormed his way into fully patched and secure MacBook Pro to take home a cool $10,000. Another guy slammed into a fully-patched Windows 7 machine.
What were the main lessons learned from the conference and what can we do to protect ourselves? Tony Bradley of PC World blogged correctly, “Despite the common perception that the Mac OS X operating system is just inherently more secure than Windows, the reality is that the primary reason Macs aren’t attacked and compromised more often is that the platform with 92 percent market share promises malware developers a significantly higher return on investment than the platform with five percent market share,” he said.
Yes, I am sure the Apple folks are blowing up his inbox too but the point is made. Smart people can hack just as readily into Apple products too. They just don’t feel like it as often.
So what can we do? As Bradley points out, the hack above all used the weak point our computing experience, namely the Internet browser. In the Apple MacBook attack, a weakness in the Apple Safari browser was exploited. In the Windows 7 attack, the hacker used an exploit in Internet Explorer 8. Even the iPhone was hacked using … you guessed it … the mobile version of the Safari browser.
So what we need to do as consumers is keep our browsers up to date. The “safest” browser is a question that starts a fistfight in a nerd bar but whatever browser you use, keep it up to date. Don’t install browsers you are not going to use regularly. That just opens a security hole on your system. Many of us got Safari, for example, courtesy of Apple when we installed iTunes on our Windows machines. If you don’t plan to use Safari, remove it. If you plan to use it, patch it.
I usually recommend having two browsers on your system. If you use a Windows machine, that is Internet Explorer and something else. A year ago I would have recommended Mozilla Firefox. Today I would recommend Google’s Chrome to be your main browser and keep IE as your backup. (It is Google’s world and we’re just living in it.)
And pay attention. Patch your system regularly. On March 31, Microsoft released an emergency patch for Internet Explorer to patch a gaping hole that could allow a hacker to take over your computer. Did you get the patch? Did you install it? Did you reboot? Do you have Windows Updates set to install on schedule? Do you install the patches and reboot? Do you check for Apple updates?
You have to be vigilant these days and even then, don’t store anything on your connected computer you would not want swiped.
Resource:
http://www.newschief.com/article/20100404/NEWS/4045024/1009/LIVING?Title=The-Apple-iPhone-is-easily-hacked&tc=ar
