Free Republic

MacOSXRumors claims that according to "reliable sources", Apple is developing virtualization software to be incorporated into the next version of Mac OS X - Leopard. According to the rumor site, the upcoming software is code named "Chameleon" and is being developed alongside both Intel and Microsoft. Virtualization software would potentially allow users to run alternative operating systems alongside Mac OS X. There has been previous discussion about Virtualization Technology support in Intel's processors. Microsoft has been reported as being committed to porting Virtual PC to the Intel Macs, but early claims indicated that Apple had "yet to provide developers with...

Microsoft program manager Stephen Toulouse today publicly challenged Apple to hire a security expert and overhaul the way information is released when Mac OS X updates are released. "Look, the only way you can tackle security issues is by getting out ahead of them and clearly communicating to your users the threat, and the clear guidance on how to be safe," Toulouse said. "Here's the reality, for the next couple of years the Mac OS will experience increasing security threats and mark my words, the company will have to seek outside expertise in the form of a head of security...

Going above and beyondSelected by five Network World contributors, these category-breaking products raise the bar with their novel approaches to solving today's enterprise challenges. The category breaker: Apple's MacTel Selected by Winn Schwartau, president of Interpac, "On Security" columnist. In April 2005, Apple introduced the OS X 10.4, also known as Tiger. In January, it announced MacTel computing. And now imagine desktop and laptop computers that don't crash for months at a time. Imagine PCs that are close to immune to the endless train wrecks caused by viruses and worms. Imagine increasing the performance of a secure computing environment by...

Apple today released a third security update--presumably to fix issues found in the second security update released earlier this week. Ironically, the previous update was also released to address inadequate security fixes and bugs introduced in the first update released earlier this month. Available for Mac OS X 10.4.5 Tiger on both Intel client and PPC Server/Client systems, Security Update 2006-002 v1.1 outlines the same updated components: apache_mod_php, CoreTypes, LaunchServices, Mail, rsync, and Safari, but is now labeled as v1.1. Further information is not yet available. The updates are not yet available via the Software Update. The update comes on...

A contest to see who could get Windows XP working first on an Intel Mac has been won, according to the contest’s coordinator, Colin Nederkoorn. The Windows XP on an Intel Mac page provides a link to a download that includes software and instructions for use. Nederkoorn first put the contest together after he ordered an Intel-based MacBook Pro for work. “I told my boss that this would replace my IBM desktop and I could boot Windows XP on it,” he said, and to put his money where his mouth was, he put up $100. He suggested that others with...

With its sleek iPod nano and all-in-one iMac computer, Apple is often perceived by its fans as a pre-eminent innovator. It may come as a surprise, then, that much of the company's recent financial -- and stock -- success has resulted from merely holding the line on one of the sources of that innovation: its spending on research and development. Even while Apple's revenue has skyrocketed in recent years -- and even as expectations for future products and success have exploded -- what the company has spent on R&D has risen only modestly. As a portion of overall sales, such...

There has been a lot of talk in the press recently about how secure Mac OS X really is and how much Mac users have to be concerned about security. While Apple said they are very serious about security concerns, Mac users, for the most part, have been unaffected. “Proof of concepts are out there but end users have not been affected by exploits in the wild the way they typically are with some other platforms,” Bud Tribble, Apple’s vice president of Software Technology, told Macworld. “It’s never good to say don’t be concerned about security, however, the actual affects...

Apple on Monday released a security update for Intel and PowerPC-based machines running Mac OS X. The update addresses a number of issues with apache_mod_php, CoreTypes, LaunchServices, Mail, Safari and rsync, according to notes from Apple. This update also includes the previous Security Update, which fixed security issues with apache_mod_php, Automount, Bom, Directory Services, iChat, IPSec, LaunchServices, LibSystem, Loginwindow, Mail, Rsync, Safari Syndication. The update can be downloaded from AppleÂ’s Web site or via the Software Update mechanism in Mac OS X.

To maintain public confidence in its operating system, Jobs & Co. should consider hiring a security czar The second potentially major Mac security incident in as many weeks has thankfully been debunked. Earlier this week I wrote a blog entry about a Mac Mini owner in Sweden who configured his machine as a server and challenged hackers to gain access to it. The Mini was -- as hackers like to say -- "owned" only 30 minutes after the challenge started. By "owned," I mean rooted. An outside attacker, through a remote Internet connection, was able to get "root" access --...

HackMyMac.com “Go Ahead...Hack My Mac!” Ok, my Apple Macintosh you’re attempting to hack may not be the SystemX Supercomputer at Virginia Tech, but it is a brand new iMac Intel Core Duo with a default installation of Mac OS X Tiger 10.4.5 and iLife 06. It is directly connected to the Internet here in Sweden thru a 24Mbps ADSL2+ line with the Firewall left OFF. ( OSX default installation and no router) The only port open is 80 for display of this webpage. There are no anti-virus or spyware software programs on this iMac computer. (IMHO, I believe they...

An unpublished security vulnerability in Apple's Mac OS X operating system that first came to light after a hacking competition has sparked concern in the user community. Mark Borrie, IT security manager at New Zealand's University of Otago, said the vulnerability could cause potential difficulties. He manages a total of 12,000 desktops, including nearly 5,000 Macs. As reported by ZDNet Australia on Monday, the flaw surfaced when a hacker, going by the name 'gwerdna', won a Mac OS X contest recently. The vulnerability allows users -- with local access -- to escalate their privileges to a point where they can...

Claims of Mac OS X being hacked in under 30 minutes are not quite what they seem, according to Dave Schroeder, Senior Systems Engineer at the University of Wisconsin - Madison. A recent ZDNet article told the story of a Swedish man who setup his Mac mini as a server and invited people to try to break into the system and gain root control. Having root control of a computer allows you do install applications, move or delete files. Within hours of the challenge going live, it was over as a hacker gained root control of the Mac mini. However,...

One hacker was able to gain control of a Mac OS X machine within 30 minutes, according to a new report. ZDNet Australia reports that Mac OS X was hacked within 30 minutes using an unpublished security vulnerability. The "gwerdna" hacker, who was able to quickly gain root access to the Mac, was responding to a "rm-my-mac" challenge issued in late February by a Sweden-based Mac enthusiast. While the hacker said that the Mac could have been better protected, he said that it would not have made a difference, as he exploited a vulnerability that has not yet been made...

updateGaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability. On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications. Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This...

Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability. On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications. Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This...

Apple today released Security Update 2006-001 for both Mac OS X Panther and Mac OS X Tiger, which is recommended for all users and improves Safari by fixng four different security issues, including the 'extremely critical' Mac OS X zero-day exploit and three other exploits that could enable arbitrary code execution by a malicious user. It also fixes 13 other bugs in the following components: apache_mod_php, automount, Bom, Directory Services, iChat, IPSec, LaunchServices, LibSystem, loginwindow, Mail, rsync, and Syndication. Apple also said that its AES-128 encrypted FileVault disk images are now created with more restrictive operating system permissions and that...

The iChat malware has been dubbed Leap-A by antivirus firm Sophos FEBRUARY 16, 2006 (TECHWORLD.COM) - Apple Computer Inc.’s Mac OS X software has been hit by a mischievous instant messaging virus -- the first ever to target the operating system. The virus, dubbed Leap-A by antivirus company Sophos PLC, apparently spreads using Apple’s iChat IM service, forwarding itself as a file called “latestpics.tgz” to an infected user’s buddy contacts, according to information from U.K.-based Sophos.<> Clicking on the file allows the malware to install and disguise itself as a harmless-seeming .jpeg icon. Leap-A is believed to have originally been...

This would be the most phenomenal turnabout in the history of desktop computing. There's just one fly in the ointment.

LEAP-A. Inqtana-A. Safari preference flaw. It’s been a tough week for stalwart Mac supporters who crow about the platform’s security compared to Windows. While the Mac remains a very secure and stable platform, these issues demonstrate the need for increased user awareness, education and protection, according to several security analysts polled by Macworld. And the motivation behind these recent security incidents is money, some said. “This is all tied to the issue of cybercrime for profit,” said Stacey Quandt, research director for technology-research firm Aberdeen Group. “We’re seeing cybercrime as the driver, and I think that no platform is safe...

According to Dave Cole, director of Symantec Security Response, Symantec has given the new Safari flaw a fairly severe rating of 8.3 out of 10 and an urgency rating of 7.3 out of 10. "We would rate this as a severe vulnerability, to put it succinctly," he said. On Tuesday, security experts announced the discovery of another vulnerability in Apple's Mac OS X operating system. It is the third vulnerability found in less than a week. Security and antivirus firms have issued advisories classifying the flaw as "extremely critical." Discovered by Michael Lehn, a graduate student and research assistant at...