[scuzzo84]

My friend who I recommended a mac too, said that w/in the last month or 2 he said that it seemed that someone "hacked" his computer and that he saw some screens getting minimized and that a 4 panes came up. He said he then turned on his updates and firewall or something and that now it hasnt happened since.

So does this sound familiar to anyone? He said he uses his airport and that he read something to how there was an exploit out.

He got his mac laptop new, about 4 months ago.

[Chuckit]

Not that I've ever heard.

[ghporter]

In June there was a post about an exploit through VNC, and in March there was one about a reputed exploit, but it didn't seem to be anything major.

However there was a big fuss in May about something (from March it seems) to do with Safari's "auto open" behavior that could allow a malicious JPEG file to run Terminal commands. A minor bug, and not something anyone would call a "big OS X exploit."

[Chuckit]

Originally Posted by ghporter

In June there was a post about an exploit through VNC

I'm not sure having an easily guessed password counts as an exploit.

[seanc]

I think your friend was a bit stupid not to have his firewall on.

[ghporter]

Originally Posted by Chuckit

I'm not sure having an easily guessed password counts as an exploit.

That was the closest I could come to a "recent exploit" as discussed here.

[parsec_kadets]

Originally Posted by scuzzo84

My friend who I recommended a mac too, said that w/in the last month or 2 he said that it seemed that someone "hacked" his computer and that he saw some screens getting minimized and that a 4 panes came up. He said he then turned on his updates and firewall or something and that now it hasnt happened since.

So does this sound familiar to anyone? He said he uses his airport and that he read something to how there was an exploit out.

He got his mac laptop new, about 4 months ago.

There was a bunch of hub bub relating to an Airport exploit on the Macbook that the doom and gloomers made a big deal out of. Some guys demonstrated it but didn't tell anyone how they achieved the results at first. Turns out they changed the Airport drivers the Macbook was using to those provided by a manufacturer other than Apple. This means that there's no vulerability in the Macbook as it currently ships.

[goMac]

Originally Posted by scuzzo84

My friend who I recommended a mac too, said that w/in the last month or 2 he said that it seemed that someone "hacked" his computer and that he saw some screens getting minimized and that a 4 panes came up. He said he then turned on his updates and firewall or something and that now it hasnt happened since.

So does this sound familiar to anyone? He said he uses his airport and that he read something to how there was an exploit out.

He got his mac laptop new, about 4 months ago.

Sounds like OS X had a bug (maybe it thought a key was being held down when it wasn't), but that doesn't sound like a hack to me.

[Gavin]

he saw some screens getting minimized and that 4 panes came up

Your friend accidentally discovered Exposé.

Like anything new it can be a little frightening at first.

Hit F9 or drag your mouse into the hot corner (if so configured) to see your mac get "hacked."

[Horsepoo!!!]

Hehe...Gavin wins.

I suppose my Mac gets hacked dozens of times a day. Because my current window minimizes and anywhere between 3 to 20 panes come up on regularl basis.

Too many movies can do that to someone I suppose. In movies, a computer being hacked always visually shows that it's being hacked through things being deleted in front of the user's eyes or progress bars showing how much time the user's got before the computer is broken into or some kind of message warning them that the computer is being hacked. (If computers were smart enough to detect they're being hacked, they wouldn't be displaying a message to you...they'd try to counter the hack or shut itself down.)

In reality, if you're being hacked, you won't see a damn thing until it's really too late. You'll rarely ever see the progress of the hacking being done unless you're fiddling around in Terminal with some very specific commands or if you have a Firewall that warns you everytime something is trying to access ports in OS X.

[Gavin]

Right, and there's always that convenient pop up alert box that lets the hacker know the hackee is on to him. Usually with some kind of blue CIA-like insignia and a handy progress bar showing the "trace" so they know just when to get out. I think it's part of the win32 API

[besson3c]

Originally Posted by seanc

I think your friend was a bit stupid not to have his firewall on.

Why? What good would have it done in this case?

[pat++]

Originally Posted by seanc

I think your friend was a bit stupid not to have his firewall on.

Turning the firewall on is pretty much useless on Mac OS X with the default configuration as no remote service is turned on by default. Moreover most people these days connect to the internet with Airport which means they are already protected because of the network address translation used on the wireless network (assuming they are connecting from their home network and not a public network of course). Next time think twice before posting stupid comments.

[besson3c]

Originally Posted by pat++

Turning the firewall on is pretty much useless on Mac OS X with the default configuration as no remote service is turned on by default. Moreover most people these days connect to the internet with Airport which means they are already protected because of the network address translation used on the wireless network. Next time think twice before posting stupid comments.

Firewalls have become some sort of strange voodoo that people somehow associate with magically making everything safe at the flick of a switch.

The relevant part of the default ipfw configuration is not the open ports, but the fact that all ports that are *not* open are protected by the firewall, and the ports selected on the pref pane are the exception.

Why would protecting ports that are not even being used be helpful? Well, while a service obviously can't be exploited that is disabled, a firewall is kernel level protection. Think of it is a sort of forcefield. If an attacker were to try to denial of service your machine, with the firewall off the networking layer of your OS needs to deal with these incoming requests. With the firewall on, these requests are cut off by the kernel before they even reach your networking layer, if this makes sense.... my language might be a little inaccurate here.

[seanc]

Originally Posted by pat++

Turning the firewall on is pretty much useless on Mac OS X with the default configuration as no remote service is turned on by default. Moreover most people these days connect to the internet with Airport which means they are already protected because of the network address translation used on the wireless network (assuming they are connecting from their home network and not a public network of course). Next time think twice before posting stupid comments.

Yes it was a stupid comment, I missed the Airport bit and assumed it was a modem connected straight to a Mac. I thought that when he'd turned on the firewall he'd previously had NO firewall and in my opinion you should ALWAYS have a firewall.

[Hi I'm Ben]

ugh the hackers got me too! I hope Apple sends out a patch for this quick...

[Chuckit]

Dude, they made your dock look funny!

[CharlesS]

Originally Posted by pat++

Turning the firewall on is pretty much useless on Mac OS X with the default configuration as no remote service is turned on by default. Moreover most people these days connect to the internet with Airport which means they are already protected because of the network address translation used on the wireless network (assuming they are connecting from their home network and not a public network of course). Next time think twice before posting stupid comments.

Not so. While it's true that turning on the firewall isn't as extremely urgent as it is in Windows where there are some service ports open by default, it's still a good idea to turn it on because otherwise, any program running on your system can open up whatever ports they please, thus opening you up to security holes even if those holes weren't present in the base OS install. There is no reason not to turn the firewall on.

[besson3c]

Originally Posted by CharlesS

Not so. While it's true that turning on the firewall isn't as extremely urgent as it is in Windows where there are some service ports open by default, it's still a good idea to turn it on because otherwise, any program running on your system can open up whatever ports they please, thus opening you up to security holes even if those holes weren't present in the base OS install. There is no reason not to turn the firewall on.

Of course, these same programs could also just disable a legitimate service you have enabled, and claim that port for its own use.

In a way, just telling everybody to turn on a firewall is a good and bad thing. It's better than nothing, but a user wanting this level of security would be best off learning a little bit about what a firewall actually is, rather than just sort of trusting this faceless abstract "black box"-type mechanism.

My approach to security is pretty simple, I don't advocate being downright paranoid, but if something can be made secure relatively easily with no real significant inconvenience, go for it. I really advocate more people take a little time to learn about what a firewall is, it doesn't have to be as complicated as one might think.

It is for this reason that I also recommend not using FTP. If SFTP isn't available and you have no other options, okay, but if it is just a matter of changing your client or connection protocol, I think users should definitely ditch FTP.

Maybe one of us should create a new thread about intelligent and relatively straight forward security practices that are easy to implement.

[CharlesS]

Originally Posted by besson3c

Of course, these same programs could also just disable a legitimate service you have enabled, and claim that port for its own use.

Right, but most people don't enable any ports, so most of the time all the ports will just be closed, period.

In a way, just telling everybody to turn on a firewall is a good and bad thing. It's better than nothing, but a user wanting this level of security would be best off learning a little bit about what a firewall actually is, rather than just sort of trusting this faceless abstract "black box"-type mechanism.

Well, in an ideal world it would be best for everyone to know what a firewall does. But even if they don't, they're better off having it on than having it off. I think this is fairly evident.

[besson3c]

Originally Posted by CharlesS

Right, but most people don't enable any ports, so most of the time all the ports will just be closed, period.


Well, in an ideal world it would be best for everyone to know what a firewall does. But even if they don't, they're better off having it on than having it off. I think this is fairly evident.

agreed...