Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

To: for-q-clinton
Absolutely it's a linux vulnerability.

No it isn't! An Adobe Acrobat exploit was just found, and it's on almost every Windows system, but I wouldn't count that as a Windows exploit, because it's a problem with Acrobat, not Windows. IIS exploit? That's Windows. Apache? Not part of Windows. If the vendor wrote it and shipped it with the OS, and it's among the regular component options, then it's part of the OS. If not, it's just packaged third-party tools with their own problems.

This does get a little vague with open source, but when you're talking about a desktop, Perl and Ruby almost never come into the picture. To hype them as desktop exploit vectors is pure FUD (aside from the fact that it took a lot of deliberate effort just to get the vector to work on a target machine).

You also get problems with different Windows versions, because an exploit on XP Pro could have no effect on XP Home. Then you have to specify which version the exploit counts against.

But given all of that, I do like the work that MOAB is doing, although I always disagree with 0-day disclosure policies. The vendor should always have a chance to fix it first. Microsoft is known to sit on exploit notices for months before fixing them, and in those cases I definitely understand a pre-fix release (this has actually gotten third-parties to fix Windows holes before MS did). But in general, Apple is basically getting free security testing, and that's good.

148 posted on 01/05/2007 12:04:58 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 141 | View Replies ]


To: antiRepublicrat

Once again...this is getting really really old and you've been schooled on this in the past. But here goes.

Is Adobe distro'd with Windows? If so then the update will be available via windowsupdate and will "self-heal". If not then it's adobe's job to fix it. I could careless who wrote it. do you really think all windows software/code is written by MS? If it ships with the OS it's M$ responsibility. If it was 3rd party add-on after the OS ships then it's the 3rd party.

BTW: I don't believe acrobat is on windows by default, so it's not a MS bug. However, if Mac ships with adobe on the OS install disk then yes it's a mac bug that apple has to be sure it gets fixed.


149 posted on 01/05/2007 12:08:58 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 148 | View Replies ]

To: antiRepublicrat

also by your logic if notepad has a bug that's exploitable by opening a text file, it's an a windows issue.

somehow I believe you'd be on here complaining about how bad windows is even if the problem was in notepad.


150 posted on 01/05/2007 12:10:05 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 148 | View Replies ]

To: antiRepublicrat
This does get a little vague with open source, but when you're talking about a desktop, Perl and Ruby almost never come into the picture. To hype them as desktop exploit vectors is pure FUD (aside from the fact that it took a lot of deliberate effort just to get the vector to work on a target machine).

So we are ONLY talking about desktops now? What about the Army and their webservers? Think they may be running Ruby or Perl? So which is it...do you withdraw your desktops only comment or the Army uses Mac for a server?

the typical discussion I seem to have with you...you keep changing the target to fit your twisted logic, but if you step back you'll see that it's full of holes.

153 posted on 01/05/2007 12:13:43 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 148 | View Replies ]

Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson