Hmmm... its about time that someone made an effort to open up the eyes of Mac fiends. I'm so tired of hearing how great Apple does things, and how secure it is. At the end of the day an OS is only secure as the admin who's implemented it. Even Apple is rotten at its core.

It is clearly useful to uncover all of a platform's vulnerabilities but I have a real problem with the approach that these guys take. Publishing a vulnerability along with a working exploit aids the bad guys out there more than the OS vendors because it's quicker and easier to implement a virus or worm based on the exploit than it is to get a patch developed and distributed.

these guys are as bad as terrorists. Go get a fucking life!

I'd love to see all those MAC "experts" get their asses kicked even for just one day.
I'm sooo tired of hearing those MAC fanatics going on and on.....
FuckUm all.

Seems a bit queer to me. If they have a stockpile of problems why not give Apple the list for them to work on? Same with giving MS a list of problems found for their systems or apps.

Maybe next these guys will find a way to help spread the AIDS virus to encourage more research in that area.

As a Mac user (and have been one for 20 years) I think this is not a bad thing. Part of me wants to see MacOSX as secure as possible and I assume the reason for this planned attack is to help the vendors like Apple make it better... however, I do sense some "lets show them" sort of attitude and lets play havoc with Mac users for a while. This I have a problem with if that is the case.

But you know... I'll believe it when I see it and experience it. So far my iMac G5 and OSX has not had a hickup in a year and a half and I assume it will remain that way all the way through January too.

Oh... and anti-Microsoft and anti-Apple people should all get a life. These companies are both trying to make our life better with new innovations. Lets keep it in perspective... they are just tools and we all have our preferences. I would be happy if neither side had to deal with viruses, worms and cyber terrorists.

So after reading between the lines I wonder if his true motivation is making money $$$ with his Macrocosm software. You know the wonderful spyware prototype that "brings the Windows Web browsing experience to the Apple Macintosh platform."

Does his web browsing experience really mean identity theft, browser hi-jacking and malware installation? Oh and root kits too?

Maybe a lawsuit against this individual will stop his 'real' motivation.

Ken... to answer your question... they don't want to give Apple the list because if they did they would not get a drop of press and that's what this is really about.

Let this disrupt just one big business, the Feds will be on them. Maybe the OS companies would take them more seriously, and pay them, IF they were really about the health of the computing landscape.

They are wasting their talent and will never get the recognition they deserve if they don't work cooperatively. I think these efforts are good as well but there are more old people just looking to stay in touch and school kids exploring the internet than there are smarmy anti-MS mac users. Why mess with these people. They are the ones more likely to fall victim to malware, and do not have the money to get things fixed.

I like the push to the edge of the envelope but why hurt regular people. Folks just want a computer that works; the Mac opens doors for people and gets them computing quickly. Has Apple ignored or threatened these guys?

This action is like our preemptive-action foreign policy. Self-righteousness can turn on itself very quickly. Power to the smart smarmy developers? Ryan you may want to tell these guys to check themselves. Happy Holidays.

Okay, there are flaws might make me a target, but this kind of reminds me of the reporting about the Microsoft Word bug -- it doesn't tell me kind of a target I am.

Can the malicious hacker use my machine as a zombie spammer? Can the hacker access my files but only if they know the filename and complete path to the file? Will it log keystrokes?

Just telling me I'm a target but not describing what I might get hit with gives me no value from this article. It's like a bug that got released last month about the Mac -- except it's powerless unless the Admin grants rights to the process when the OS prompts him that this process is trying to change a system resource and the hacker still had to know the exact file name and path -- so the machine was theoretically vulnerable but realistically secure.

chuck

I find it interesting that people are saying things like "terrorists" and "the feds will get them" and "lawsuits".

First, what crime have they committed? It appears they are doing a public service to me, that is, exposing dangerous flaws. So they also show HOW to exploit it. Good. Companies like Apple and Microsoft have coasted for years with insecure systems, selling them to the uninformed as "easy to use!" and "online in seconds!" without educating the customer about the powerful tool they now own. You don't hand guns to untrained users, car keys to someone who has never driven, a plane to someone who can't even read a compass, etc.

Second, these people are spending their time doing what they choose. Here again, we have people throwing terms like "smarmy developers", "Self-righteousness", or this!... "find a way to help spread the AIDS virus". Who are you to dictate what others pursue? No one is "being hurt" accept companies that sell a false sense of security. You should be thankful someone is uncovering this crap and bringing it to light. Apple certainly isn't going to do it.

Lastly, welcome to the real world. It's a big, scary place and as an adult, you'll need to learn that you take care of yourself. If you want someone to protect you from everything, it'll cost you a lot more than Apple or MS charge for there products.

i bought a mac because i need something that in't going to be relentlessly attacked by viruses and spyware. i don't make a decent living and i can't really afford to have to buy another computer just because someone wants to prove some point. i don't like the idea of being used as cannon fodder for someone else's war against apple (or microsoft). waging e-war like this is uncool and unethical. you want to take swipes at the company but instead you bully innocent people like myself. virus writers might as well wear football jackets and shove the helpless kids who can't fight back into lockers, it's the same thing.

I thought it was funny that he wants someone to donate a Mac Mini for testing. Sounds like some little punk kid is behind this project. I mean, wouldn't any half-decent hacker have the funds to buy a $500 Mac Mini? What a freakin' dork. Well, it's January 2nd. Where's the second exploit?

I think this is hillarious! Apple runs a false and misleading add campaign (OK I admit those ads were great)and eventually someone comes along and contrarily points out that Macs are just as prone to exploits, bugs and crashing as anything else.
The real story here is the manner in which Apple responds to the bugs. Now that the news is out about the flaws, I suspect Apple will be forced to respond to them in an exemplary manner. I'll put my money on Apple. Any company that can successfully market the Ipod as if they were the ones who developed MP3 players and portable video devices will have no trouble fooling the sheep into blowing this off.

The concept that OS X is not bulletproof is obviously giving some of the anti-Mac brigade serious wet dreams, but there is still a huge gulf between the suggestion, or even theoretical demonstration of a vulnerability, and the actual implementation of a workable malicious piece of software.

OS X has a far better security record than Windows for two fairly simple reasons: (1) it is not the operating system of choice for the majority of computer users, and so has not been a major target for hackers and (2) its UNIX core is inherently more secure (not the same as unhackable).

It is clear that some Windows users have been annoyed by the Apple ad campaigns, and maybe by what they see as smugness by the Mac community, but that response has to have been driven largely by frustration with Windows, and the realization that for whatever reason, Macs are currently more secure. Arguing that they are not, because they perhaps could be attacked, is just fatuous when it is not happening. Apple is obviously going to try to take advantage of the situation, as Microsoft would if the positions were reversed. Mac users are clearly going to state the obvious - that they have not had the security problems that Windows users suffer from. Maybe in the future things will change, and security will become a big issue for Macs, but it is a bit disappointing to see so many people wishing for that to happen.

Isn't it funny how the only people who say OS X is invulnerable are the people who hate it? So they hate smug Mac users? Maybe they are not smug. Frankly, all these folks have a massive inferiority complex. They can try to explain away their maliciousness with all this 'It's for Apple's own good.' If that were true, they would notify Apple before releasing the info into the wild. In the long run, this is going to be good for OS X users. Now the haters won't have the 'OS X is secure because no one tries to exploit it' excuse. I wonder if these guys are doing the same thing with Microsoft's Vista? I doubt it.

Bucked: Please produce the proof that Macs are just as prone to exploits, bugs and crashing as everything else. And who exactly said that Apple invented the MP3 player? Sorry, but you are a sheep yourself. Your particular flock are those who confuse what they really want to believe for the accurate information.

I'm surprised that so many comments seem to begin with the assumption that this article has all the details of the MoAB event. Those interested in more details might want to read the SecurityFocus article on the subject. There's more information there about the context of this event with previous similar ones.

I work on Macs day in and day out, and yes, I find the whole "I'm a Mac" campaign as nothing but smug. "Macs are currently more secure ..."? Really? This is like saying my house is more secure by virtue of it not been burglarized. If the windows and doors are open, guess what? It's not secure. Should OSX suddenly dominate the OS market, OSX becomes the next target.

Considering the long term arrogance of Apple computer and Steve Jobs in particular I'm glad to see some one exposing the many issues with Apple software. The Apple TV commercials of late are a perfect example of this arrogance. I WAS a long time Macintosh user and after spending many thousands of dollars, many times the cost of the equivalent WinTel box I got fed up especially considering the horrendous quality of Apple software in the early to mid 1990's. Apple had to copy BSD UNIX to finally get a viable OS.