Still, the question of whether Mac or Windows is more secure is no longer relevant. The computer security paradigm is shifting at this very moment. Cloud computing, Web 2.0, and mobile technologies are exploding, and with those changes, traditional attacks are making way for a new crop that ignore platforms. Think ANSI bombs, boot sector infectors, macro viruses — seen any of those lately?
While still not great, the operating systems behind Apple desktops, laptops and phones are getting more secure, researchers at Black Hat say.
While not recommended for corporate use unless it’s in islands within larger networks, the OSX operating system has made strides, says Alex Stamos, who lead a team of researchers from iSec Partners that researched the OSX and Windows 7 operating systems.
Their conclusion is that Apple does pretty well, but Microsoft wins. Even so, earlier versions of Apple’s software were more vulnerable to initial exploitation than Win 7, but the latest Apple version known as Lion makes up ground.
After Black Hat, DefCon, and the recent McAfee report, you are probably tired of all of the hype around APTs. I agree that the industry has co-opted and obfuscated but these “low-and-slow” attacks are something we need to understand and address before more of our private information and intellectual property flies out the IP-connected door.
One of the characteristics of APTs is some type of social engineering tactic where the bad guys somehow con an internal user to download a malicious executable. This creates an internal outpost where hackers can steal credentials, scan the network, and ultimately steal valuable data.
Microsoft today warned that multiple gaping security holes in its Internet Explorer browser could expose millions of Web surfers to hacker attacks via rigged web pages.
As part of this months’ Patch Tuesday release, Microsoft shipped a “critical” IE bulletin MS11-057 with fixes for total of 7 security flaws. Two of the vulnerabilities were publicly discussed prior to the availability of the patch.
Only five nations would be capable of sponsoring a massive cyber-espionage campaign that infiltrated governments, international organizations, and high-tech companies, persisted over years, and stole billions of dollars’ worth of intellectual property—like the operation unveiled by security firm McAfee this week.
The United States and the U.K. can be removed from the equation because they don’t spy on each other. Iran and Russia are capable, but the evidence doesnt suggest they were involved. Taking into account past campaigns of monumental hacking, and considering the Asian focus in the recent attack, there’s only one country left, according to James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, in a Twitter post.
As part of a new initiative, called Cyber Fast Track, described Thursday at the Black Hat confernce in Las Vegas, the U.S. Defense Department will fund small hacker groups and independent researchers in the development of cutting-edge solutions that can be created in short intervals for a low cost.
It relies on the fact that due to the “dispute” between Adobe and Apple, Apple’s latest Mac OS X version “Lion” comes without any flash player, enhancing the odds people do not find it strange to have to install it separately.
McAfee published an interesting report yesterday about what they called Operation Shady RAT, focusing on a series of what some may call “advanced persistent threat” attacks. The attacks were dubbed in some quarters as “one of the largest series of cyber attacks ever.” While quite a bit of data was presented regarding the potential scale of these attacks, details on the threats and how the attacks were staged were somewhat limited.
Apple has shipped a high-priority QuickTime update to fix at least 14 security holes that expose computer users to hacker attacks.
The QuickTime 7.7 update, available for both Windows and Mac OS X, addresses flaws that could be exploited via rigged image, audio and movie files.
Corporate cybercrime costs skyrocket
Security threats such as malware, insider attacks, phishing, botnets and a host of other problems are costing large corporations more money to handle.