Posted on 06/13/2007 2:05:03 PM PDT by PajamaTruthMafia
Isn’t this a beta and not an actual supported release? You expect a lot more bugs in betas. I’m sure they will be gone for the real version.
Exactly ... it is a matter of numbers and intent.
“Even with all that, there hasnt been a real in-the-wild computer-being-taken-over-by-something type problem that I recall since the Autostart Worm more than 10 years ago. The solution to that was to check a checkbox to keep executables from automatically starting when you inserted a CD in the CD drive.”
Not true - look at the Metasploit and CANVAS links i posted. That’s not even counting what the bad guys have.
“That vulnerability required the user to click on a link that the user had no way to know whether it was trustworthy or not.
Only the stupid do such clicking.”
That’s a silly assumption. Thanks to XSS you can click without clicking, or have a trustworty link rewritten to go to a fake one. Or fall victim to a phishing attack. Calling people who those (and more) things happen to, stupid, is well... uninformed.
I was referring to that particular vulnerability that YOU mentioned. It required the user to purposely click on the link.
At least that’s the way it was described in the tech article I read at the time. Do you have contrary info about that?
No interest at all in all those UNIX servers either I guess. The U.S. Army Switched to Apache running on OSX and haven't been hacked since.
“At least thats the way it was described in the tech article I read at the time. Do you have contrary info about that?”
Search the thread for ‘metasploit’ and you’ll find the post with links to actual remote exploit code for macs.
These are remote listening network services.
Some of them are 3rd party apps... too bad they didn’t enable the NX bit.
“No interest at all in all those UNIX servers either I guess. The U.S. Army Switched to Apache running on OSX and haven’t been hacked since”
You don’t know that for sure.
I an sure many have tried to tried to rob Fort Knox, well haven't they? Uh, never mind.
PS I don't need your expensive expertise to keep my Mac's running, that is what really gets the goat of all you IT Pros, fess up. Stay with the platform that makes you the money.
Yep, you are correct in that the kernal is UNIX, a fact that most OS X users forget about. You would be wrong about UNIX hacks in the DOD...can’t go into detail but you are wrong. We have RCERT in here more often then not......The Army still has a long way to go.
Dude, I could care less what you use....just don’t feed me a line of bullcrap about its security when those in the industry know different. It makes you look.....uninformed.
First, you’re changing the subject from the challenge I posted to you.
Second, none of those is current, and none of them broke out into the wild, so what’s the point?
The MacBook Pro that the thread was originally talking about was set up with none of the available security devices enabled, and there were tons of hackers trying to beat its doors down, yet it took a very long time for it to be opened up, and even then, the rules of the challenge needed to be broken in order for the guy to get in.
Come on.
“First, youre changing the subject from the challenge I posted to you.”
What challenge?
“Second, none of those is current, and none of them broke out into the wild, so whats the point?”
The one supported by ImmunitySec is current. They were all in the wild - those are actual exploit code.
There’s a difference between an exploit and a worm or virus. They can use one to spread. In these cases no one cared enough to write one. I’m not sure what your point is here other than to carry the water for Jobs.
You claimed in post #11 that Apple has falsely claimed these problems were nothing but hot air. I challenged you to give examples of that.
So far, you haven’t posted a single claim by Apple that any of these reported exploits were merely hot air.
It’s simple: If you can’t back that claim up with quotes from Apple, then you’re full of hot air with that wild claim.
‘You claimed in post #11 that Apple has falsely claimed these problems were nothing but hot air. I challenged you to give examples of that.’
Here is what I really said:
“Remember, people have claimed a lot of bugs with OS X before that Apple falsely claimed to be a lot of hot air.”
I answered you back in post #48
Dave Maynor who is in this article and the apple wifi driver vulns Apple claimed not to exist... and then patched.
Microsoft used to really be a joke but they’ve really improved their software development lifecycle in terms of security. If you want to learn more look for any book by Michael Howard.
You didn’t answer in #48. You haven’t quoted Apple saying anything of the sort. Rather, you are relying on the PC Magazine author to be accurate in his characterization of official Apple responses to Maynor.
His hack was the same event I mentioned in my previous post, isn’t it? After many hours and many failures, they changed the rules of the challenge in order to break into the MacBook Pro, right? And the exploit did require user intervention to trigger it, right?
“You didnt answer in #48. You havent quoted Apple saying anything of the sort. Rather, you are relying on the PC Magazine author to be accurate in his characterization of official Apple responses to Maynor.
His hack was the same event I mentioned in my previous post, isnt it? After many hours and many failures, they changed the rules of the challenge in order to break into the MacBook Pro, right? And the exploit did require user intervention to trigger it, right?”
No, I said it based on personal knowledge of the situation, and that’s all I have to say about that. :)
I was referring to MAYONR’s bug, the wifi driver issue. Not the Quicktime issue discovered by Dino Dai Zovi.
Interview
http://blogs.zdnet.com/security/?p=176
Some of his other Apple exploits:
http://www.theta44.org/research.html
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.