Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Microsoft Research Demos Motion Sensing Keyboard with Gestures

Exhale said:
Yeah... Apple had one of the most amateur security slips in a core security application thats ever been seen just 2 months ago, and they didn't even locate the problem themselves. A bug that was caused not by a single failure, but by a long chain of entry-level failures.

Nobody with a clue holds them in high esteem in regards to security right now. Security programming is a serious business, but an error of this type is the sort that'll see whoever was responsible barred from working security again, possibly for life. I've seen it happen many a time for far lesser errors.
Click to expand...

exactly my point ... apple isn't developing this stuff (and if they are they aren't going to be releasing a video of some guy in an office using it). they fix their OS constantly with updates.

its funny how the dept of homeland security has to warn people not to use IE. i can't recall a time they had to warn the public not to use an Apple product.
 
luckydcxx said:
its funny how the dept of homeland security has to warn people not to use IE. i can't recall a time they had to warn the public not to use an Apple product.
Click to expand...
IE was among the most robust in recent security evaluations.
The exploit reported Sunday was for Adobe Flash, not IE that some sources reported.
(And if IE had EPM active the exploit would not work)
luckydcxx said:
they fix their OS constantly with updates
Click to expand...
And this is in contrary to?
luckydcxx said:
i can't recall a time they had to warn the public not to use an Apple product.
Click to expand...
2 months ago. No offence, but I don't think you really have a clue what you're talking about.
 
MisakixMikasa said:
Companies do lots of researches... Some researches aren't made into commercial products, but this does not mean research aren't useful. Sometimes these research will be part of product in the future. You will never know...
Click to expand...

That's fine. I just don't care to know about it until such time.
 
luckydcxx said:
exactly my point ... apple isn't developing this stuff (and if they are they aren't going to be releasing a video of some guy in an office using it). they fix their OS constantly with updates.
Click to expand...

You know they have people in...like...teams that do different things within the company, right? It's not like 100% of Apple is busy working on patching up any issues with OSX.

Plus, MS generally tends to release more patches more regularly, and fixes problems at a quicker clip than Apple does.

And finally, the IE issue is mostly due to a bug with Flash. And as you be well aware, security issues through 3rd party plugins are an issue that effect all OSes, not just Windows.
 
luckydcxx said:
what exploit was 2 months ago that DHS warned users about on iOS or OSX?
Click to expand...
Seriously? Have you been living under a rock in regards to the recent chain of SSL exploits?
luckydcxx said:
http://www.pcworld.com/article/21489...s-patched.html
Click to expand...
Yes, an article by someone that doesn't know what they're talking about thats based on the missinformation I mentioned in my earlier post; commenting on a call made by a bunch of people that is notorious for over-reacting, and quite frankly, barely knows what its doing half the time.
 
Last edited:
Exhale said:
The exploit reported Sunday was for Adobe Flash, not IE that some sources reported.
Click to expand...

wrong. here is what the US-CERT had to say followed by a microsoft security advisory about the problem.

http://www.us-cert.gov/ncas/current...t-Explorer-Use-After-Free-Vulnerability-Being

https://technet.microsoft.com/en-US/library/security/2963983


... "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."


this mentions nothing about Adobe Flash.
 
Exhale said:
Seriously? Have you been living under a rock in regards to the recent chain of SSL exploits?
Click to expand...

Are you talking about Heartbleed? this wasn't 2 months ago, it was about 3 weeks ago. It also has nothing to do with Apple's coding of their OS, you have no idea what you are talking about.
 
luckydcxx said:
Are you talking about Heartbleed?
Click to expand...
Heartbleed is one in a series of recent SSL exploits. GoToFail (SecureTransport, by Apple), a GnuTLS exploit shortly after that, and Heartbleed (OpenSSL) were the most high profile ones.

I take it you've not read the GoToFail error, which demonstrated:

Subpar and inconsistent formatting and indentation (Automatic indentation would've highlighted the issue)
Failure to use brackets (would've stopped the bug or highlighted it)
Failure to perform any testing (The program failed to perform basic functions)
Failure to investigate Dead Code compiler warnings (though IDEs would also point it out)

The danger here lies not so much with this specific bug, but in how, such a trivial bug took nearly 2 years to find and the fact that with such poor coding practices - you pretty much 'know' theres going to be something a bit more concealed and far nastier hidden in there. After all, it took 2 years just to find a compiler bug.
 
Last edited:
Renzatic said:
That's kinda boring, ain't it? I like looking at all this near future stuff.
Click to expand...

Now you'll probably go tell Samsung about the Microsoft motion sensing keyboard and they'll have one on the market by the 4th of July. :D:D:D


Disclaimer: This is intended to be a humorous post. Renzatic doesn't tell Samsung everything. Sometimes Google pays him more. :D:D

Disclaimer: The above disclaimer was intended to be a humorous disclaimer. I have no evidence that Renzatic is a double agent. At least none that I could post without blowing my cover too. :D:D

Disclaimer: Please disregard this post.
 
Renzatic said:
Microsoft won't mention Flash specifically, especially not on Technet, which is more cause oriented.

But Flash, and potentially other 3rd party plugins, is the way the vulnerability is exploited.
Click to expand...

http://www.kb.cert.org/vuls/id/222929

Note that this vulnerability is being exploited in the wild. Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.
 
luckydcxx said:
absolutely not.
Click to expand...

I disagree. I don't know Windows 8, I have no need for it for now, but Windows 7 actually has been doing a great job on my Gaming PC for the last few years - and I can be quite rough on it when it's about "exposing it to potential threats"...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back