Posted on 01/03/2007 11:04:31 AM PST by newgeezer
The Month of Apple Bugs project kicked off Monday by posting a zero-day vulnerability in Apple's QuickTime media player. It also posted an exploit that could be used by attackers to compromise, hijack, or infect computers running either Windows or Mac OS X.
The Month of Apple Bugs (MoAB), which will announce a new security vulnerability in Apple's operating system or other Mac OS X software each day in January, is a follow-on to November's "Month of Kernel Bugs" campaign, and is co-hosted by that project's poster, a hacker who goes by the initials "LMH," and a partner, Kevin Finisterre, a researcher who has posted numerous Mac vulnerabilities and analyses on his own site.
The debut vulnerability is in QuickTime 7's parsing of RTSP (RealTime Streaming Protocol); the protocol is used to transmit streaming audio, video, and 3-D animation over the Web. Users duped into clicking on an overlong rtsp:// link could find their PCs or Macs compromised. It also may be possible to automatically trigger an attack simply by enticing users to a malicious Web site.
"Exploitation of this issue is trivial," said LMH in the vulnerability's write-up on the MoAB Web site. The associated exploit code has been tested on Mac OS X running on Intel-based systems, and works against QuickTime 7.1.3, the current version of the player, LMH and Finisterre said.
Other security researchers rang alarms Tuesday. Danish vulnerability tracker Secunia, for example, pegged the bug as "highly critical," the second-from-the-top threat in its five-step score, and Symantec alerted customers of its DeepSight threat network of the vulnerability.
An Apple spokesman declined to confirm the vulnerability, or, if it was legitimate, when the flaw might be fixed. In an e-mail, he said that "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."
LMH, who didn't immediately reply to several questions sent via e-mail, said on the MoAB site that Apple's Mac OS X operating system was chosen as the target for the month of vulnerabilities because "we like to play with OS X, we enjoy hate e-mail, and it's not as crowded as (random software vendor), yet. Thus, it's really comfortable for research and there's so much to be worked out."
He also said that Apple -- and other vendors whose Mac OS X applications might be the focus of a bug posted during the month's run -- would not be notified in most cases before the information went live, and dismissed that practice. "The point is releasing them without vendor notification. The problem with so-called 'responsible disclosure' is that for some people, it means keeping others on hold for insane amounts of time, even when the fix should be trivial. And the reward (automated responses and euphemism-heavy advisories) doesn't pay off in the end."
LMH, Finisterre, and commercial security vendors recommended that users cripple QuickTime's ability to process rtsp:// links. In Windows, launch QuickTime, select Edit|Preferences|QuickTime Preferences, click the File Types tab, expand Streaming, and clear the box marked "RTSP stream descriptor." In Mac OS X, select System Preferences|QuickTime|Advanced|MIME Settings|Streaming|Streaming Movies and clear the "RTSP stream descriptor" box.
Apple's QuickTime was last in the news during December, when a bug in the player was exploited by fraudsters on MySpace. That vulnerability remains unpatched.
LMH expects to see more QuickTime attacks now that his newest flaw has gone public. He said, "It's a matter of time to see this getting abused in the wild."
I'm obviously not making any of this up. You claim over and over you've never defended that whacko leftist Stallman and now suddenly respect copyright protection like DRM. Well how could this be, here's a post from almost 2 years ago when defended Stallman and criticized DRM copyright protection.
http://www.freerepublic.com/focus/f-news/1377815/posts?page=35#35
"It is exactly this kind of consumer control and fair use that will be hindered when DRM is embedded into the hardware. That's why it's a bad thing and why Stallman is right in concept..."
You want to know why I said you sounded like those Westboro freaks? You know, the ones you defended?
I heard an exchange between one of them and a (what most would consider normal) Christian on the radio. No matter how much of the Bible, of the love of Jesus, that the Christian tried to use to reason with the Westboro woman, the woman just kept ranting and raving "Going to hell ... gays ... sin ... God's wrath ... blah blah blah." No amount of reason could get through to her. She was purely a broken record of her paranoia and preconceived notions that no amount of logic or hard evidence could cure.
That's why you remind me of them.
When did I ever say I respect DRM?
I LOVE your obvious stripping of the context. You quote me:
That's why it's a bad thing and why Stallman is right in concept..."
Here's the quote including what's behind the ellipsis you put in:
That's why it's a bad thing and why Stallman is right in concept (stripped of all the extremist hippie talk).
Wow, sounds like I think Stallman is an extremist hippie if you include the WHOLE QUOTE.
You can put my view of him further in context and include another quote where I call Stallman a bastard for wanting to control hardware with the GPL. But you wouldn't do that -- it would be too honest.
You obviously still lied as your own posts prove have been defending Stallman for years, and you do not respect intellectual property or copyright protections like DRM, despite your claims to the contrary. You have even outright admitted to lying in defense of illegal hacking, for you to think this is any of this is actually still being debated is hysterical LMAO. The record is clear, and intact. Here you are claiming there should be no IP at all, again:
http://www.freerepublic.com/focus/f-news/1372993/posts?page=62#62
"BTW, there would be no IP if Jefferson had had his way, since he was afraid that even a limited monopoly would be abused. And he was right."
i'm not neutral as in I don't have an opinion. I make up my own mind based on the facts as I see them. sure ge has made mistakes in the past as we all have, but you're still the only admitted/proven liar.
Context again. The context is that "IP"* is not property in the real sense. Its constitutional basis (yes, "IP"* stems directly from the Constitution) is to "advance the arts and sciences." To help that advance, a limited monopoly is given. Jefferson was afraid even a limited monopoly would be abused. And he was clearly correct. The Constitution assumed the honesty of Congress and the courts to follow the clear intent of the Constitution, and both did for over a hundred years. But not anymore.
* Hilights why "IP" should never be used. Trademark is "IP" but it has no constitutional basis. Trademark is essentially a consumer protection device to prevent confusion in the marketplace. Corporate secrets, also lumped under "IP" also have no constitutional basis, and therefore also don't fall under the same social compact restrictions that copyright and patent do.
BTW, no response to your very obvious instance of taking my earlier post out of context? You get caught with a lie and simply sidestep it and continue with more lies. That is your pattern.
It goes beyond his obvious untrustworthiness, to his motive. Just as we've seen here, he purposefully lies on behalf of theives, and well known leftists. He attacks my words as if I'm the one defending the theives and leftists, when clearly I am the one opposing them. I also oppose his constant criticisms pointed at Christians and President Bush, something else he is very well known for.
Being an admitted atheist, who constantly criticizes Christians and the President, and knowingly and purposefully lies in defense of illegal hacking with obscene lies incorporating the DoD, he obviously has zero credibility.
ROFL! You were supposed to be denying you actually believed in IP! LMAO!
"Mistakes"? More like several documented, proven lies in this very thread, not to mention numerous instances of taking my posts completely out of context to make it look like I was saying something I was not.
For example, in 499 he says I show a disdain for "intellectual property" with the connotation that I don't think patent and copyright should exist. He then posts a snippet of an earlier post where I said "'Intellectual Property' is a fiction and the term shouldn't be used."
Now read 502 (not by me) and 503 to see the context, which is that I am against the term "intellectual property" since it can result in confusion. Copyright, patent, trademark and trade secrets all operate under very different laws and concepts and therefore shouldn't be lumped together. In fact, that post was a response to confusion created by the term "IP."
Then look at 523 where I catch him doing it again. And again at 526. He of course never retracts any of it, never comes clean. He just gets caught in a lie and moves onto the next one.
Only a truly dishonest person can support such blatant, repeated, unrepentant dishonesty.
ROFL! You were supposed to be SHOWing you actually believed in IP! LMAO! This snake twists in so many circles it's hard to keep up.
Obviously, since you keep trying to claim you support Intellectual Property when you're clearly on record against it. You just claimed in your last post that Intellectual Property isn't even "property" LOL.
Are you going for some kind of record for "Most posts taken out of context in one thread"?
Forget trying. I think you actually set the record for most posts taken out of context.
You just claimed in your last post that Intellectual Property isn't even "property" LOL.
Because it really isn't. Yes, it can be bought and sold as normal property is, but the right that's being bought and sold in such transactions isn't absolute. It's only one side of the social contract between the creator and the public that the Constitution allowed.
I don't have to let anyone just move into my garage, but I do have to let anyone parody my copyrighted works, let teachers make academic use copies and let people quote my works in reviews. Such are the limitations of my limited monopoly rights on my works.
If you want a concrete example of abuse that applies here, just look no further than those news organizations that keep us from posting even parts of stories from them. They have abused copyright in order to prevent FReepers from posting fair-use portions of their articles for criticism, discussion and review.
You can try to play word games all you want, but based on your history and my memory of those posts I would probably see it the same way GE does. You are either playing a game of gotcha "I didn't say that exactly as you paraphrased", but the meaning and interpretation is there for most to see it that way. If you don't like your posts being misinterpretted try to write them more clearly to leave less room for interpretation.
The problem with this thread is you forget that you have a history of posts that others remember. People on CONSERVATIVE forums are generally pretty smart and they can remember your past posts that show your opinions/beliefs. Then when you post new items they are read in context of your history.
You suffer from the samething that swordmaker suffers from...you claim one thing, but when called on it you say I Never said that exactly. Which means your first statement is meaningless as it no longer is relevant to the discusion thread/question.
But you haven't read the history, so you're only guessing based on GE's lies. I am for copyright and patent, just not the abuse of copyright and patent.
People on CONSERVATIVE forums are generally pretty smart
Which is why you find yourself alone in defending GE. Ever stop to think about that?
You suffer from the samething that swordmaker suffers from...you claim one thing, but when called on it you say I Never said that exactly.
Keep trying. I've shown posts where GE flat-out lied about what I said. Where he cut off the end of posts where the latter part of those same posts makes people come to a conclusion that is the opposite of what GE claims I wrote. He takes my disdain for the term "intellectual property" to mean all patent, copyright, trademark and trade secret when my stated problem (throughout my history) is in the term itself, not what it represents.
ROFL! Your history has been directly linked, as well as your posts here, a clear disdain for copyright, copyright protection like DRM, and software patents. You've only been lying for months in defense of Russian hackers who cracked Apple's DRM/copyright LMAO.
Which is why you find yourself alone in defending GE.
And the only posters with a shred of credibility have abandoned you. Even your evil twin FLAMING DEATH has returned to hades leaving you here for a spanking LOL.
I've shown posts where GE flat-out lied about what I said.
BS. Every time you try to claim I lied it's just more of your defense of illegal hacking and radical leftists, since in your mind that trumps all, when to most honest conservatives, of which you are not a member, truth does.
ROFL, who does he think he is trying to kid, now trying to claim he supports Apple's copyright protection/DRM, even though he's been lying in defense of illegal hacking Apple for months? His posting history is full of links like these, get a load of this exchange from over a year ago:
"Mac OS X will only run on Macs"
"That'll be hacked about five minutes out of the gate."
http://www.freerepublic.com/focus/f-news/1426853/posts?page=50#50
Another lie... and more ad hominem. Find any post where I wrote that OS X or the Mac is perfect or has no flaws. I have provided multiple links to threads showing that what YOU claim I wrote is twisted from what I actually wrote.
By the way, it is rude to discuss another Freeper without addressing the comment to him as well.
Anti, For-Q uses the same techniques. Look at his "quotations" of what I have written in this thread alone. Look at his mis-comprehension of the nature of the "Crack-a-Mac" challenges of the past where he thinks I said he could currently win $25,000 in the past thread.
For-Q thinks his "quotations" taken out of context and misrepresentations of actual positions are proper. He has no problem insulting both you and me, thinking it somehow makes debate points. You are not going to convince him that his approach to argument would get him flunked in any debate class.
Quite frankly, I am surprised the Admin Moderators have not given him a "time out" for his behavior on this thread. They have to several other Freepers who have acted similarly in the past.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.