• United States



The Mac has been hacked! “在ig deal

Apr 26, 20073 mins
Data and Information SecurityIT Leadership

It happened! It finally happened. The Mac has been hacked! “Śbig deal. As I read Slashdot this week one of the looming headlines proclaimed that the might Mac was hacked. Is this really a big deal? I am a proud Mac fanatic, and I love all things Apple, but what I also am is a realist. The reality is that Macs are fallible. They can be hacked. They can get viruses. They can make you want to use them as a shiny silver hockey puck.

I am not really sure where this began, but there is a common belief that the Mac is impenetrable to attack. Who really believes this? My guess is that it’s the same people that believe in Bigfoot, the Loch Ness monster, and Santa Clause. Well, I hate to disappoint the blissfully ignorant, but it ain’t so. There is no Santa Clause. The esteemed OSX is as flawed as Window, Linux and probably any other operating system in existence. The façade has been broken.

This does relate to a larger problem in the IT industry. The common thought that security can be bought like a commodity or a can of green beans at the grocery store. I often hear (usually from faculty) that,” we have a firewall, so we don’t need to worry about patches or viruses right?” I also hear, “you use a Mac because it’s more secure than a PC.” Well, if you really believe either of these then I’m guessing that Santa Clause and Bigfoot are coming to your house for dinner as soon as they leave Nessie’s pool party.

Come on people use common sense. OSX was written by humans for humans, and it is the nature of humans to make mistakes. These mistakes are called vulnerabilities. These vulnerabilities can be exploited by hackers, viruses, and worms. I can’t make it any more simple than that. Security is a process, not a product. It can’t be bought, and it must be built. Until the masses learn this we will continue to see eyes open in amazement when they read headline like, “Mac Hacked!”, “OSX SOS!”, or “Santa Loses 200 Pounds on The Atkins Diet”.

It is my sincere hope that since the halo has slipped from the Mac’s head that we all can get on with our lives. Maybe this has once and for all shattered the misplaced belief that Macs are “secure”. “ŚI doubt it, but here’s hoping. I suppose that somewhere in the world someone is writing a letter to Santa right now, wishing for a sleek new MacBook dressed all in black”Śbecause its secure.

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.