Alright, GE. What's your take on this picture?
Posted on 01/03/2007 11:04:31 AM PST by newgeezer
The Month of Apple Bugs project kicked off Monday by posting a zero-day vulnerability in Apple's QuickTime media player. It also posted an exploit that could be used by attackers to compromise, hijack, or infect computers running either Windows or Mac OS X.
The Month of Apple Bugs (MoAB), which will announce a new security vulnerability in Apple's operating system or other Mac OS X software each day in January, is a follow-on to November's "Month of Kernel Bugs" campaign, and is co-hosted by that project's poster, a hacker who goes by the initials "LMH," and a partner, Kevin Finisterre, a researcher who has posted numerous Mac vulnerabilities and analyses on his own site.
The debut vulnerability is in QuickTime 7's parsing of RTSP (RealTime Streaming Protocol); the protocol is used to transmit streaming audio, video, and 3-D animation over the Web. Users duped into clicking on an overlong rtsp:// link could find their PCs or Macs compromised. It also may be possible to automatically trigger an attack simply by enticing users to a malicious Web site.
"Exploitation of this issue is trivial," said LMH in the vulnerability's write-up on the MoAB Web site. The associated exploit code has been tested on Mac OS X running on Intel-based systems, and works against QuickTime 7.1.3, the current version of the player, LMH and Finisterre said.
Other security researchers rang alarms Tuesday. Danish vulnerability tracker Secunia, for example, pegged the bug as "highly critical," the second-from-the-top threat in its five-step score, and Symantec alerted customers of its DeepSight threat network of the vulnerability.
An Apple spokesman declined to confirm the vulnerability, or, if it was legitimate, when the flaw might be fixed. In an e-mail, he said that "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."
LMH, who didn't immediately reply to several questions sent via e-mail, said on the MoAB site that Apple's Mac OS X operating system was chosen as the target for the month of vulnerabilities because "we like to play with OS X, we enjoy hate e-mail, and it's not as crowded as (random software vendor), yet. Thus, it's really comfortable for research and there's so much to be worked out."
He also said that Apple -- and other vendors whose Mac OS X applications might be the focus of a bug posted during the month's run -- would not be notified in most cases before the information went live, and dismissed that practice. "The point is releasing them without vendor notification. The problem with so-called 'responsible disclosure' is that for some people, it means keeping others on hold for insane amounts of time, even when the fix should be trivial. And the reward (automated responses and euphemism-heavy advisories) doesn't pay off in the end."
LMH, Finisterre, and commercial security vendors recommended that users cripple QuickTime's ability to process rtsp:// links. In Windows, launch QuickTime, select Edit|Preferences|QuickTime Preferences, click the File Types tab, expand Streaming, and clear the box marked "RTSP stream descriptor." In Mac OS X, select System Preferences|QuickTime|Advanced|MIME Settings|Streaming|Streaming Movies and clear the "RTSP stream descriptor" box.
Apple's QuickTime was last in the news during December, when a bug in the player was exploited by fraudsters on MySpace. That vulnerability remains unpatched.
LMH expects to see more QuickTime attacks now that his newest flaw has gone public. He said, "It's a matter of time to see this getting abused in the wild."
Nice, you yet again evade. Thank you for proving my point in 311.
Unlike you, and contrary to your lie, I am the one who told the truth myself (you have the link in 298, go look) after misleading you for months. On this thread I shoved the truth in your face in opposition to your lies, and you don't dare to actually address that, or even try to defend yourself. You prefer rants and personal attacks.
Rather pathetic and cowardly.
Oh you must have obviously missed my points several posts ago where I said I would no longer debate facts with you as I won't know if you're lying or not. The only point now is to remind you and all that you admitted to lying.
And you give a very lame excuse as to why you lied.
I can see you in divorce court telling a judge. "Your honor, I had to cheat on my wife to save our marriage. I was bored and wanted to have some fun. I only intended to do it once, but it was so much fun I had to keep it going. Once caught I quickly admitted to my wife that I did it to save our marriage.
You're a joke.
Wow will your lies ever end? At first you admit to lying, but you see that was a huge error on your part, so now you're trying to switch it to you're an honest guy for telling the truth about your lie (which you lied about for months).
Nice try. Just keep lying to yourself...I'm sure YOU'LL eventually believe it (but no one else will).
Refute post #298, then we can talk. Until then you're just ranting.
You can't debate facts. Facts are immutable. Unless JimRob goes into the database, the hard evidence of the truth, and GE's lies, libel and distortion are in #298. And I see neither of you still dare to try to refute #298.
Once caught I quickly admitted to my wife that I did it to save our marriage.
There's where you believe GE's lie, factually documented with proof in #298. Your analogy is false since it's based on a lie. But of course you don't want to read #298, because it would disturb your biased view.
Alright, GE. What's your take on this picture?
See you're missing the point again. A) You admitted to lying for months to trap GE B) I can't trust you C) The marriage analogy is dead-on as you already ADMITTED to lying and now you're just trying to say GE lied too look at this post. I guess you buy the Clinton's "Everyone lies about sex excuse". To you it's everyone lies on conservative discussion borads. Take your lying arse out of here. And that's not name calling as you already admitted to lying for months.
<GE Mode>
BLASPHEMER!!! I am all holy! I defend all that is religious! I am such a defender of religion that I even attack people for denigrating idiotic, anti-American cults!
</GE Mode>
LOL pathetic and cowardly is lying on purpose for months, then trying to blame others for your own sinful actions. Only one of us is guilty of that, even though I'm sure in your sick world you still think it was all my fault ROFL.
I remember that quite well...
or how about FD's picture on that thread?
You don't have to. You only have to read and attempt to refute #298. If you can't refute it, then admit your bias in supporting an unconfessed liar who continues his lies in this very thread.
The marriage analogy is dead-on as you already ADMITTED to lying
You're getting close to comprehension. Exactly, I "already ADMITTED." How can you get "caught" (as you and GE claim) on something when you ADMIT it first? You can't, it's illogical. You can admit, then people can complain about what you did, but you can't get "caught."
you're just trying to say GE lied too look at this post
You seem to trust him. You trusted his statement that he caught me on the "lie," yet that statement is proven false in #298. That is in addition to me proving that one of the quotes he used to convince you is taken completely out of context and is thus a false accusation against me. It's all there, linked to proof, in plain text. Again, no need to believe me. The straight timeline of the exchange itself shows two blatant lies. He's had over a day to say "Oops, got the timeline wrong," but he prefers to continue rants and attacks instead.
That post shows why you shouldn't trust him, as he has lied multiple times about the very case on which you are basing your opinion. The logical conclusion from this is that your opinion, being based on lies, is faulty.
To you it's everyone lies on conservative discussion borads
To all of us, it's "GE always lies, the rest of us just have fun at his expense due to the constant frustration of dealing with him and his lies."
Is GE paying you or something? You are the only one I can remember who has ever come to the defense of his lies. Bush2000 argued on the same side of certain subjects as GE, and against us, but he was rational and truthful.
I never even really knew who you were talking about since you never identified what you were talking about initially, " some tool used by DoD" is all you said when you began your trail of lies. If you finally admitted it and I recollected incorrectly busting you for it so what, it's minor peripheral memory issue I admit to, it's not like I purposefully made up a lie and continued it for months, just so I could run cover for criminal Russian hackers. That is what you have admitted to, and there is no known equivalent, anywhere. You lied, for months, purposefully, just because you finally admitted it doesn't get you a medal LOL, you're still a sick twisted fool who lies to defend Russian hackers. You're still doing that on this thread LMAO.
No, that was fun, and you deserved it since your paranoid rants ruined many a thread. It is still fun to see you lying about discovering the hoax yourself. Nobody would be believing you if your buddy/alter-ego weren't here, because everyone else actually reads the threads to discover your lies that you to this day deny.
You haven't proven I've lied on anything, while you have outright admitted to lying, on purpose, for months, in defense of Russian hackers, not to mention all your lies on this thread. Your hilarious excuse is "GE's paranioa of Russians". LMAO, there is no acceptable excuse for your actions, but that one is nowhere close to flying with most on this site, since your normal hell bound buddy Flaming Death hasn't showed up yet, the other kid who is always posting pictures mocking Christians isn't helping either. He gets his kicks posting Christian album art with pictures he thinks are funny, no wonder you two get along so well.
No, that was fun
So now you've admitted lying on purpose for months was quote "fun"! This is great, keep digging your hole deeper!
I caught you on that many, many posts ago using, BTW, your own links. You read the links before I did, you did the research for me. Claiming forgetfulness now does not gain you any credibility. You only say this because you're backed into a corner.
it's not like I purposefully made up a lie and continued it for months
No, you just lied and continued this lie several times in this thread after I caught you on it and kept reminding you and your buddy of it. And, unlike you, I have proof that I caught you, and you did not admit it of your own volition -- you were forced to admit.
it's not like I purposefully made up a lie and continued it for months, just so I could run cover for criminal Russian hackers
It was making fun of your paranoia. If those hackers are caught and sued and have to pay, then so be it -- they are in all likelihood pretty bad guys anyway (although for anyone else, I do have reservations regarding our legal right to fair use). However, contrary to your assertions, they are not criminal because their actions are, according to our laws, not criminal. When faced with these laws you just blew it off and later continued your lies.
In fact, you've been running that "criminal" lie for some months too. And I caught you on it, and you still refuse to recant.
Yes, it was. So what's your reason for running the same lie for months?
GE, denial is not just a river in Egypt. Post #298 documents your lies in exacting detail, with links to proof. You're just ranting unless you can actually disprove each accusation of lying in that post. It is now, over a day and several of your posts afterwards, too late to claim honest mistake on any of them.
Haha! The GE Rorschach test!
"I see demons! Oh Lawd, save me!"
Wow. Got two jackals pinned in the corner, eh?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.