Is “20,000 Microsoft sites hacked” a case of dog bites man?
When the MacBook Air was hacked in under two minutes during the latest “Pwn to Own” contest, the news grabbed headlines around the world. Yet in a somewhat unsettling and comparatively under-reported turn of events, faithful Macenstein reader Odin has alerted us that over 20,000 sites running on Microsoft’s Internet Information Server and SQL Server have been hacked since January.
So, is this a case of “dog bites man” vs. “man bites dog”? Are people in the tech media so accustomed to Windows security holes that it barely passes for news when a fairly major Microsoft security hack surfaces affecting hundreds of thousands of people, but when someone can win a sexy MacBook Air by hacking a as a prize it makes the front page?
Above: Apple vs. Microsoft
My theory is that the Apple is the Angelina Jolie of the computing world, where any trip to the local WaWa can grab headlines. Microsoft, on the other hand, seems to be the Nick Nolte of the computing world, and has to really mess up earn those headlines.
People always seem to forget, in order for that macbook air to be hacked:
there has to be some USER INTERACTION!
Mmmm…Angelina Jolie…Yummm… 😉
I agree, more pics of Angelina.
10 times out of 10 I would keep private information on a Vista over Mac OS X. Why? Modern anti-intrusion techniques are built into Vista, making known, reliable bugs a pain in the butt to exploit. Mac OS X on the other hand has none of these, and it basically just relies on the fact its market share is low to avoid attackers. Plan 9 is the most secure OS, according to this “logic”.
The reason 20,000 sites got hacked is this: someone found a bug or read about an old one. Instead of being a targetted, skilled attack, the person rooted all of those computers, which were running XP or what have you – all the same setup and all vulnerable because of it. 20,000 servers because the person was unskilled and because of Microsoft’s high market share..
In the pwn2own contest this year, Vista went down first. However, the exploit the attacker used was in Flash, a component of most modern browsers that can’t run with protection schemes because of compatibility issues. The Vista was owned, but the exploit would have worked on the Mac and Ubuntu just as well. He chose to attack Vista because he wanted to keep the Vista over a Mac or Ubuntu.
Mac is not secure. It is just safer for the time being because very few people want to hack Macs quite yet. The greater the market share, the more that will change.
I implore you to learn how information security works so that you can make informed decisions in the future.