In the case of the Java vulnerability, the wheel was indeed squeaky, but Apple didn't purchase the grease for several months.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Set to Announce 20 Zero-Day Holes in Mac OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
In the case of the Java vulnerability, the wheel was indeed squeaky, but Apple didn't purchase the grease for several months.
http://www.overclockersclub.com/news/25012/
It took over 6 months for Apple to do anything about that Java issue.
People who think that Macs aren't getting exploited in the wild
are kidding themselves. Here's a video from 3 years ago:
http://www.youtube.com/watch?v=L74o9RQbkUA
I'm a professional software developer and it's obvious that
Apple is lazy on the security front. Tiger had executable stack
and heap. Leopard had executable heap and the library
randomization was a joke.
Snow Leopard is better than Leopard. At least Apple got
around to enabling DEP. I have no illusions about Mac OS X.
It's a nice O/S, but it's definitely not a secure O/S, and is not
as secure as Windows Vista or Windows 7.
It's a safer O/S however.
are kidding themselves. Here's a video from 3 years ago:
http://www.youtube.com/watch?v=L74o9RQbkUA
I'm a professional software developer and it's obvious that
Apple is lazy on the security front. Tiger had executable stack
and heap. Leopard had executable heap and the library
randomization was a joke.
Snow Leopard is better than Leopard. At least Apple got
around to enabling DEP. I have no illusions about Mac OS X.
It's a nice O/S, but it's definitely not a secure O/S, and is not
as secure as Windows Vista or Windows 7.
It's a safer O/S however.
Its hard for non technical people to understand that. Most of the hobbyists here who get answers from google or mac blogs won't be able to understand it.
I don't suspect you're a paid MS employee, I suspect you're a disgruntled former Apple employee with an axe to grind. How else to explain such a gem from a brand-new-to-MacRumors flame-baiting diatribe:
(And doesn't "Apple Infrastructure Engineer" in your sig incorrectly imply that you are actually an Apple employee?)
AidenShaw on the other hand, now that guy is a professional.
"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
This is such a stupid idea, it's complete nonsense. But just suppose, for one moment, that it's a completely valid analogy...
In which environment would you rather live??
So basically, the argument is nonsense on so many levels. BUT, even if true, what the hell is your point?
Either way, I'll stick with the Mac, thanks.
This is such a stupid idea, it's complete nonsense. But just suppose, for one moment, that it's a completely valid analogy...
In which environment would you rather live??
So basically, the argument is nonsense on so many levels. BUT, even if true, what the hell is your point?
Either way, I'll stick with the Mac, thanks.
No it doesn't. It implies that I am an Apple Infrastructure Engineer. Not an Infrastructure Engineer at Apple. Definitely not disgruntled. I loved my time at Apple. Adored it. Was one of the best jobs I have ever had. I moved on to bigger things though.
I googled it, and unless I googled the wrong thing I don't see how the crossover cable had a material effect on the exploit. It was simply the method used to attach to the web server hosting the necessary exploit code. There is nothing inherently different in how incoming packets are handled from a crossover cable or a standard Ethernet cable.
lol i'm done with you clowns. Beat your chest and tell me the apocalypse is near and us naive OS X users are going to get their comeuppance. It'd happen sooner, if ONLY that darn market share was 1-2% higher. THEN we'll get ours! Yup! Black hats across the globe will say "Oh my god, what is this operating system that, before, we simply had no time for! It's incredibly unsecure; lets rip it to shreds!"
I'll be sitting here with my perrier, waiting for judgement to rain down.
I'll be sitting here with my perrier, waiting for judgement to rain down.
Edit: I decided to delete my huge tirade of misinformation due to the fact that others showed most of its content to be off base. Miller's exploits require a local area network and an artificial (as in unlikely in the wild) situation and was unrelated to what I stated earlier in this thread.
Second Edit: I was double wrong, exploitation using these methods are not uncommon in the wild. But, it is rare in the wild in OS X because the impact of such exploitation in Mac OS X is limited by the low incidence rate of privilege escalation exploits and user space security mitigations that prevent keyloggers and other malware from logging security sensitive passwords, such as from authentication prompts or website logins, without privilege escalation. BTW, user interaction is required to hack a Mac via a crossover cable as the user has to allow "Internet Sharing" in System Preferences. Man-in-the-middle attacks facilitate these methods on wireless networks. Navigating to a malicious website facilitates these methods across the web.
Second Edit: I was double wrong, exploitation using these methods are not uncommon in the wild. But, it is rare in the wild in OS X because the impact of such exploitation in Mac OS X is limited by the low incidence rate of privilege escalation exploits and user space security mitigations that prevent keyloggers and other malware from logging security sensitive passwords, such as from authentication prompts or website logins, without privilege escalation. BTW, user interaction is required to hack a Mac via a crossover cable as the user has to allow "Internet Sharing" in System Preferences. Man-in-the-middle attacks facilitate these methods on wireless networks. Navigating to a malicious website facilitates these methods across the web.
Last edited:
Um.... what's so hard to understand? He is implying that OS X is safe because there aren't enough people targeting, and that Windows is constantly being targeted and thus it has many inconveniences, but it is at the end, safe as well.
The idea of security through obscurity is not 100% true, nor 100% wrong either.
It's nice to have an official member of Microsoft's Ministry of Information on our forum, even if only for comedic value.
And nothing says "funny" better than IE and Comic Sans!
(But taking up more than twice the vertical space on my screen than you deserve (that's scrolling, man!) is getting annoying.)
Didn't the user intervene to say "[OK]"?
Is there any real difference between "Enter your password and click OK" and "Click OK"?
I didn't think so....
Fail.
i believe that pigs will fly in late May
ohhh there is a lot.
Drugs, war, religion, guns and people.
"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
I love the farmhouse analogy explaining why Mac OS gets fewer viruses and malware. I'm so sick and tired of hearing the tattooed, face pierced, cool aid drinking kids who work at Apple stores drone about how Max OS is so superior and Windows is total garbage because it's full of viruses and malware.
I love the farmhouse analogy explaining why Mac OS gets fewer viruses and malware. I'm so sick and tired of hearing the tattooed, face pierced, cool aid drinking kids who work at Apple stores drone about how Max OS is so superior and Windows is total garbage because it's full of viruses and malware.
It's nice to have an official member of Microsoft's Ministry of Information on our forum, even if only for comedic value.
And nothing says "funny" better than IE and Comic Sans!
Another content-free post from Apple's Ministry of Silly Walks. ( http://www.youtube.com/watch?v=wippooDL6WE )
Well then I guess that makes me an Apple Quality Control Specialist, a MINI Test Driver, a Comcast Broadband Network Monitor...
Dang, time to update my sig.
This is awesome. A bunch of people come together to beat the **** out of OS X's security and really put it to the test. The result? A bunch of security holes shown to Apple (and Apple only) that will all get patched. There is nothing bad about this (except that the holes exist in the first place, but they'll be patched soon anyway).
This is the most truth you'll find in this thread.
This is the most truth you'll find in this thread.
Sweet! Whatcha running? Our company still runs OpenVMS. We recently just retired our last VAX. I don't use the systems much myself. OpenVMS was quite a revolutionary system in its day. Still works great today.
The pic is from the Digital timeline page at Microsoft. It is actually a pretty interesting site if you are into Digital computers and their history.
http://research.microsoft.com/en-us/um/people/gbell/digital/timeline/dechistory.htm
I was referring to this article/event http://www.defcon.org/html/links/dc_press/archives/9/vmsone_writeup.htm
:tinfoilhat:
Um....I don't know, what is hard to understand? I'm asking, would you rather live in a highly secured house surrounded by thieves openly and visibly rattling at the bars and probing for ways in, or would you rather live in a pleasing environment, no locks, no bars, but not a thief in sight because they have no interest in you? Even if the resulting safety is the same, the latter is surely more comfortable then the former.
And yes, the obscurity idea is so very full of holes it's as near to 100% wrong as makes no odds.
Difference is my business cards say my title and I get paid to do it. Kind of like our Microsoft Sharepoint Administrators say the same.
I'm so sick and tired of hearing the tattooed, face pierced, cool aid drinking kids who work at Apple stores drone about how Max OS is so superior and Windows is total garbage because it's full of viruses and malware.
You should hear how the tattooed, face pierced, cool aid drinking kids who work at the Microsoft Store drone about how Windows is so superior and Macs are total garbage because they're so...uh...hmm...er...expensive.
To be completely honest, any OS can be hacked. All major OS's have security patches. I think Apple is a little bit more susceptible due to its rise in popularity and also its use of x86 hardware. The good news is that OSX does have a Unix core under the covers and as long as Apple hasn't made it less secure themselves its probably not too bad. Still better than Windows at the end of the day.