this post was submitted on 08 Aug 2023
129 points (100.0% liked)

Technology

37712 readers
219 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Based on research across established dark web forums, threat actors are targeting macOS, with exploits trading for millions of dollars

all 35 comments
sorted by: hot top controversial new old
[–] roofuskit@kbin.social 55 points 1 year ago* (last edited 1 year ago) (2 children)

Apple used to brag about how Macs didn't get viruses. I used to laugh because it wasn't that they were that much more secur but because their market share was too small to be a profitable target.

Now they've cultivated the perfect target user base. A large collection of tech ignorant or adverse people who have lots of money to burn.

[–] min0nim@aussie.zone 29 points 1 year ago (1 children)

Well, they were significantly more secure by default than Windows due to various design measures including the separation of user land. And old OS9 was friggin brilliant for a web facing machine back in the day.

[–] argv_minus_one@beehaw.org 7 points 1 year ago

OS9 ran absolutely everything with full privileges. It was not even remotely secure. It was basically Windows 95-level security.

[–] abhibeckert@beehaw.org 11 points 1 year ago* (last edited 1 year ago) (1 children)

When did Apple brag about that? All I can think of is a brief ad campaign where the "PC Guy" had a cold. That's hardly a claim that Macs have perfect security.

Apple has, in fact, gone on the record as saying they don't think the Mac is secure enough, and that's why iOS is locked down as tight as it is.

[–] interolivary@beehaw.org 21 points 1 year ago (2 children)

Welp, maybe I'll finally have to get around to installing some sort of anti-virus/malware software after 20 years of macOS and/or Linux. At least the system architecture isn't quite as much of a dumpster fire as Windows' is, but nothing is invulnerable when there's enough incentive

[–] ultratiem@lemmy.ca 23 points 1 year ago* (last edited 1 year ago) (3 children)

Naw. This is just FUD. I mean it’s coming from Accenture ffs.

Keep calm and keep computing.

[–] anagram3k@lemmy.ml 12 points 1 year ago (1 children)

I agree, Accenture is not a reliable source.

[–] GreatAlbatross@feddit.uk 5 points 1 year ago

"Does your company have macs? Mac attacks are up 1000% percent. If you don't have the IT resources to install antivirus on all your shiny macs, you can pay us to do it for you."

[–] combustible_lemon_engineer@kbin.social 6 points 1 year ago (1 children)

Yep. Seems to be a sensationalized piece that basically boils down to "Mac market share in enterprise is now more than a rounding error, so hackers might start targeting it"

[–] ultratiem@lemmy.ca 2 points 1 year ago

Anker did just that. Turned out you could just copy paste the url into VLC and watch someone’s feed without them even knowing. They suppressed the info and hid.

[–] interolivary@beehaw.org 4 points 1 year ago (1 children)

Yeah I'm not exactly in a hurry here, but more widespread malware is still just a question of incentive. macOS isn't invulnerable, it's just mainly been a smaller and less easy target so it's not gotten the same sort of attention as Windows

[–] ultratiem@lemmy.ca 6 points 1 year ago* (last edited 1 year ago)

Every software has holes. Not saying macOS is bullet proof. But it’s much harder to infect thanks to its Unix core and the fact the entire OS is on a read only partition. That with their own anti malware tool (Gatekeeper) that took on a much more active roll in macOS’s defenses come Ventura.

I’m far more worried Apple replaces macOS or closes it just like all their other OSes and we end up bouncing between jailbreaks.

[–] BarryZuckerkorn@beehaw.org 8 points 1 year ago

The general recommendation is to configure your system to allow the use of the minimum number of privileges. If you don't have the need to use software that doesn't come from a trusted repository (like the Apple App Store itself, but also things like homebrew), go ahead and turn off the ability to run software from other sources. If you're coding, make sure your code is properly sandboxed, and that you're not blindly relying on untested packages (see compromised npm packages). Don't give apps accessibility or other rights if they don't need them, etc. And then stay current on all software updates.

Even zero-days often rely on certain configurations, and you can always lock down the built-in apps to not auto-run or auto-preview things they receive. Some of it requires an active user maintenance to decide how to balance convenience versus security on your own system.

[–] crow@beehaw.org 14 points 1 year ago* (last edited 1 year ago) (5 children)

The trick is to use an operating system so niche and different that no one is prepared to hack it.

[–] phi1997@kbin.social 18 points 1 year ago (1 children)

For those who take this seriously: don't. Security by obscurity does not work.

[–] mobyduck648@beehaw.org 5 points 1 year ago* (last edited 1 year ago)

I practice security through obsolescence instead, all my data is stored on 3 1/2” floppies and if I need to send someone a voice message I post it on a cassette.

[–] lichtmetzger@feddit.de 16 points 1 year ago

Installing TempleOS in da club

[–] drwho@beehaw.org 8 points 1 year ago

I know a couple of greybeards who're building a SCO UNIX virtual machine to troll skiddies. I wonder if they're going to sneak it onto the network at hacker summer camp.

[–] sandriver@beehaw.org 6 points 1 year ago

Finally, it's Plan 9's time to shine!

[–] JaymesRS@midwest.social 3 points 1 year ago* (last edited 1 year ago)

That’s why I’m still running A/UX.

[–] theinspectorst@kbin.social 13 points 1 year ago (1 children)
[–] beefcat@beehaw.org 4 points 1 year ago

Uploaded 16 years ago