Announcement

Collapse
No announcement yet.

Security vs Mac: Round TWO!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security vs Mac: Round TWO!

    In the voice of street fighter 2

    FIGHT!!!

    Month of Apple bugs planned for January... Anyone think this will last as long as Cesar Cerrudo's previous month of oracle bugs for Dec.?

    You know what I think is funny.... Anytime an OS X problem comes up it becomes almost like a "My OS is better than yours" agrument. You hear "these claims are false, mac users are secure, you other guys are the problem, we dont get virii", blah blah blah. What great word of mouth advertising to see all the pitch fork raising at the mere mention there is a flaw followed by months of even higher than usual praising. Not bad mouthing at all, just pointing out its happened before, example recently being: Thus

    and the AFTERMATH:
    "Haters, gonna hate"

  • #2
    Re: Security vs Mac: Round TWO!

    I like this one instead of that dumb wireless driver one since they'll be releasing source, forcing Apple to fix their bugs quickly, instead of just braying around saying that it's true and expecting people to trust them. Even if it means that I have to be careful with my iBook, it's better to get the bugs fixed sooner rather than later.

    Comment


    • #3
      Re: Security vs Mac: Round TWO!

      I hate these commercials.
      "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

      Comment


      • #4
        Re: Security vs Mac: Round TWO!

        Sometimes the most evangelical* OS bigots are not bothered by trivial and inconvenient obstacles called, "facts." They also tend to yell louder with more passion when they begin to worry they may lose their faith in their OS of choice.

        * overzealous, belief-based pontification intended to indoctrinate others to also believe.

        Comment


        • #5
          Re: Security vs Mac: Round TWO!

          Originally posted by BonzoESC View Post
          I like this one instead of that dumb wireless driver one since they'll be releasing source, forcing Apple to fix their bugs quickly, instead of just braying around saying that it's true and expecting people to trust them.
          We have silent disclosure (submit a bug report and don't tell people they might be at risk), closed disclosure (submit a bug report and tell people they might be at risk), and open disclosure (submit to the world and let everyone be at risk).

          It would seem the best way of reporting bugs is closed disclosure with a warning that the problem will be made public after a reasonable period of time ... which is what they did with the WiFi driver exploit.

          As for the "Month of Apple Bugs", I just hope that Apple has had a reasonable chance to address the issues before being released into the wild.

          Originally posted by TheCotMan View Post
          Sometimes the most evangelical* OS bigots are not bothered by trivial and inconvenient obstacles called, "facts." They also tend to yell louder with more passion when they begin to worry they may lose their faith in their OS of choice.
          Stage 1: But if you don't like my choice of Brand X, how am I supposed to feel about myself?

          Stage 2: I only accept the best. I use Brand X. Therefore Brand X must be the best! It makes sense to me, and I'll beat that sense into you if I have to!

          Stage 3: Brand X sucks! I've always been a big Brand Y fan.

          Comment


          • #6
            Re: Security vs Mac: Round TWO!

            Originally posted by Voltage Spike View Post
            We have silent disclosure (submit a bug report and don't tell people they might be at risk), closed disclosure (submit a bug report and tell people they might be at risk), and open disclosure (submit to the world and let everyone be at risk).

            It would seem the best way of reporting bugs is closed disclosure with a warning that the problem will be made public after a reasonable period of time ... which is what they did with the WiFi driver exploit.
            The Wifi driver exploit was bungled in such a way that nobody really knows what happened. We have no idea if Apple was notified or not (see http://www.macworld.com/news/2006/09...ndex.php?pf=1), and even though the bug's been possibly/supposedly fixed for three months now (the CVE numbers Apple's documentation reference they created, not SecurityFocus or Maynor/Ellch), no code was ever released. The way I see it, without code eventually being released, there's no way of knowing if the flaw existed or got fixed, and there's no way for the security community to learn from it other than as an example of how to not disclose flaws.

            It would all be easier if wireless drivers were completely open-source (and not simply the wrappers around a big closed-source binary), but in the absence of that, up-front and honest security advisories are way more helpful than showmanship and grandstanding.

            Comment


            • #7
              Re: Security vs Mac: Round TWO!

              Originally posted by Voltage Spike View Post
              Stage 3: Brand X sucks! I've always been a big Brand Y fan.
              Preach on brother. Fuck a bunch of Apple.
              perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

              Comment


              • #8
                Re: Security vs Mac: Round TWO!

                Originally posted by BonzoESC View Post
                The Wifi driver exploit was bungled in such a way that nobody really knows what happened. We have no idea if Apple was notified or not (see http://www.macworld.com/news/2006/09...ndex.php?pf=1), and even though the bug's been possibly/supposedly fixed for three months now (the CVE numbers Apple's documentation reference they created, not SecurityFocus or Maynor/Ellch), no code was ever released.
                Okay, in that sense you are correct. I thought the complaint was that they didn't start by releasing the exploit. It's always possible that they didn't create an exploit but rather demonstrated that the drivers failed in a way that probably allowed for an exploit (in which case, they should release their test code).

                Comment


                • #9
                  Re: Security vs Mac: Round TWO!

                  Originally posted by Chris View Post
                  Preach on brother. Fuck a bunch of Apple.
                  If that's what trips your trigger fell free, just as long as it ain't one of mine you try that with!
                  DaKahuna
                  ___________________
                  Will Hack for Bandwidth

                  Comment

                  Working...
                  X