Download PDF version of this article PDF

Attackers Set Sights on Macs

It’s official: the party’s over. Mac users can no longer surf the Web unprotected. Recently, in the span of just one week, three vulnerabilities to Mac OS X were discovered. The first two were worms: one, “Inqtana,” targeted Bluetooth; and the other, “Leap,” targeted Mac instant messaging software. The third was a vulnerability discovered in the Safari Web browser, which if not remedied could allow malicious code to be executed automatically.

While none of these exploits caused significant damage, they have caused Mac users to reassess their vulnerability. Perhaps even more importantly, the vulnerabilities have set into high relief the question of motivation. It’s commonly said that the days when attackers compromised systems just for the sheer challenge of it are long gone. Today, hackers are supposedly motivated by monetary gain, which has been a boon to Mac users, as attackers typically bypass the smaller Mac user base in favor of the PC majority. The recent attacks suggest otherwise. With Macs still making up a much smaller percentage of connected computers, what’s the motivation? Could we be seeing a resurgence of hacking for bragging rights?


Sneakernet Security

People might debate the relative security vulnerabilities of Macs and PCs on the Internet, but there is one risk that unites all platforms: the sneakernet. While corporate firewalls can protect against network attacks, they are no match for someone with physical access to a computer network. A recent experiment by a British tech training company called Training Camp shed some light on the risks of this type of attack. Commuters in London were handed CD-ROMs from Training Camp and told they contained a special Valentine’s Day promotion. When recipients arrived at work and loaded the disk, a program ran that notified Training Camp who opened it. The disks contained no malicious code, but they easily could have. Among those who fell for the ploy were employees of major investment banks and insurance companies.

The experiment showed that a company’s greatest security weakness could be the ignorance of its own employees. At the very least, the results suggest that companies need to do a better job of educating employees about security, both on and offline.

But that’s not the only problem. Companies could do a better job of preventing these vulnerabilities with technology, or so says security expert Bruce Schneier. “Rather than blaming this kind of behavior on the users, we would be better served by focusing on the technology,” he says. He thinks education alone won’t work because changes in technology outpace most employees’ understanding of it.

WANT MORE?,39024655,39156503,00.htm,39024655,39156644,00.htm

IT’s Paradox

Few would dispute that information technology can help businesses be more productive, yet new research shows that workers’ perceptions of their own productivity has dropped significantly. In a study conducted for Day-Timers, a company that makes daily planners and other organizational products, workers were polled on how their daily planned work measured up with what they actually accomplished. The results showed a marked decrease in workers’ feelings of accomplishment. In 1994, 82 percent claimed to accomplish at least half of their daily planned work. That number dropped to 50 percent last year.

Why? Some think technology is to blame. That is, while technology can help businesses be more productive and innovative, it also makes workers feel like they’re accomplishing less. E-mail, instant messages, cellphone calls, and text messages all disrupt workers from absorption in a task, with the result being a feeling that they’re not accomplishing as much—even if they are. No solutions have arisen thus far, but we can be sure that technology will figure prominently.



Originally published in Queue vol. 4, no. 3
see this item in the ACM Digital Library


© ACM, Inc. All Rights Reserved.