MacDailyNews Take: Ooh, big blow. Give us a call when cascading self-replicating viruses cost hundreds of billions of dollars in lost productivity, data, and time, m’kay?
Full article, which also includes the painfully obvious fact that “simply listing the total number of potential vulnerabilities isn’t the best way to gauge the relative security or insecurity of a computer, because some vulnerabilities may be more prevalent than others. So Secunia is not saying that Apple products are less secure than other products” here.
Who cares about the Charlie Miller hacks? He can only make it happen by:
1) Setting up the site in advance (which does mirror how real threats work)
2) Needs LOCAL access to the Mac that then has to access his trap (something the cyber-criminals cannot yet do, and if they could, the first step would be irrelevant).
Ted clearly doesn’t understand safety vs. security. Neighborhood analogies for you, Ted..
Windows and North Philly are the same. People out to kill you you, rob you, get anything they can. YET, YOU claim it’s a far more secure environment due to the multiple deadbolts on the door, bars on the windows, kevlar-plated pajamas you wear, and the gun under your pillow.
Mac and Doylestown are the same. The ENVIRONMENT is far safer. For one, if a problem does arise (Mac Trojan), community watch is in full effect and won’t stand for it — they’ll alert everyone to the problem. Yet, FUDsters like you will claim that Doylestown is far less secure because people tend to leave their doors unlocked all day, even when they are at work (some truth to that).
So, from a “security” point of view, North Philly is more secure. More locks. More bars. More protective armor. A nice gun to shoot at the bad guys… and yet, the less secure place (Doylestown) is FAR safer.
Stop with your BS. Mac wins hands down in true safety.
So many companies with so many interests are getting reamed by Apple. They are desperate to slow the juggernaut, by perception if nothing else.
@Ted
Look at any OSX Server security log. The numbers of failed username/password attempts at SSH access and other Unix probes are the same as those one sees on any server. Trace the IP addresses and one finds that the “Russian/Ukraine/China/Asia hacking world” appears to be on the job “24/7” with OSX, too.
@Ted, you sound like one of those communism defenders who claim, “It just hasn’t been done right, yet.”
Sorry, Ted. Your chicken little act is barely covering the fact that you are nothing more than a troll. I’ll tell you what. The moment I have any genuine security concerns that require more than the safeguards I currently have in place, I’ll let you know. Until then, thanks for playing!
please boycott that author and do not give him any more publicity – simply obnoxious
Ted Ted Ted Ted!!!
grand long post!! This post really makes sense and is very very good. Though I didn’t get time to understand the whole post, I think I’ll find out part by part. It is a really good alternative for persons, who does not have a writing ability, instead of simply ussing buy research paper.
@ botoncandy
I think Ted used the word “assassin” where he was thinking “asinine”
@ G4Dualie
Thanks for “getting” me about FUD. I picked up the use of “disinformation” from an earlier MDN post and liked the logic
All 15 bugs affect both the Mac and Windows versions of Safari.
“Nearly every bug aside from [Grossman’s] is basically a drive-by,” said Andrew Storms, director of security operations at nCircle Security, in an instant message. “Essentially, it’s what we fear in browser bugs. It’s the kind of attack where the ordinary user clicks on something and boom, it’s game over for you.”
Thirteen of the 15 vulnerabilities fixed today could, in fact, be exploited by classic drive-by attacks, the kind that execute when a person simply surfs to a malicious site or an already-hacked legitimate domain. The 13 drive-by bugs were all found in WebKit, the open-source browser engine that both Apple and Chrome use as the bedrock of their browsers.
8-3-10 iOS4
“Not only does this elevate to the root, giving you complete control of the iPhone, but it breaks out of the sandbox,” said Miller in an interview Monday, referring to the isolation technology designed to block rogue code from escaping the mobile Safari browser.
“There’s no shell on the iPhone, so [comex] had to do all that himself to get control,” Miller continued. “He elevated to root, turned off all code signing, broke out of the sandbox…all in the payload of the exploit.
“And it works every time. Not just a few times out of a hundred. But every time.”
http://www.computerworld.com/s/article/9180099/iPhone_jailbreak_exploit_sweet_and_scary_says_researcher
.
Here you go all you assholes who gave me shit when I said OSX is vulnerable. Two to three days later and here is exactly what I was talking about. You Apple fan boys are clueless about security. Smart by a 1/2. Especially you Derek. You put OS X up on a pedestal and a couple days later there is a perfect example of what I was talking about, happened. Just be glad it was a whitehat.
Pwned iPhone and iPad with ease!!!!!! Just visiting a site.
“Not only does this elevate to the root, giving you complete control of the iPhone, but it breaks out of the sandbox,” said Miller in an interview Monday, referring to the isolation technology designed to block rogue code from escaping the mobile Safari browser.
“There’s no shell on the iPhone, so [comex] had to do all that himself to get control,” Miller continued. “He elevated to root, turned off all code signing, broke out of the sandbox…all in the payload of the exploit.
“And it works every time. Not just a few times out of a hundred. But every time.”
http://www.computerworld.com/s/article/9180099/iPhone_jailbreak_exploit_sweet_and_scary_says_researcher
Kicking anonymous coward ‘ted’ in the ass is so much fun.
Let us review the state of affairs:
1) The Secunia Report, which is the actual subject of this thread, says NOTHING about Mac OS X. There is nothing to say. It remains the single most secure GUI operating system available. Only the CLI operating systems OpenBSD and FreeBSD are more secure. And good golly, Mac OS X contains elements of both these OSes.
So ‘ted’? Darn, you’re wrong again. Keep trying! I’ll still be here to trample your troll turds.
2) The Secunia Report speaks ONLY about Windows. The core of the security problems with Apple apps for Windows is ‘JavaScript’, or more accurately ECMAScript, built into QuickTime. ECMAScript is not an Apple technology. This means both iTunes for Windows and Safari for Windows are affected. The main problem with ECMAScript is the JScript crap from Microsoft that they created for Internet Explorer. The original JavaScript, aka ‘LiveScript’, was created by Netscape to be a safe scripting language. Microsoft’s JScript and Adobe’s ActiveScript ruined all that. Blame them.
http://www.ecmascript.org/
3) The second most critical Apple security problem on Windows apps is WebKit. WebKit is not Apple technology. It is an Open Source project. It was originally known as Konqueror. Apple help fund the project. It is the second most used Internet rendering engine on the net, after the catastrophically insecure rendering engine in Internet Explorer. It is used in Safari, OmniWeb and Google Chrome.
http://webkit.org/
4) Because both ECMAScript and WebKit are cross platform technologies, they affect Apple apps on both Windows and Mac OS X.
But again ‘ted’, neither of these technologies are Apple’s. So stick that up your favorite human orifice.
5) This past week the very FIRST exploited security hole in iOS was announced. The hole is specific to code in both the Safari browser for the iPhone and the PDF rendering engine for the iPhone. It allows an Internet drive-by take over of versions of the iPhone, iPod Touch and iPad running iOS 4. The current exploit is used exclusively at one website to jailbreak these devices. So far there is no malevolent exploit in-the-wild. Apple have acknowledged the security hole and created a patch that will be in the next revision of iOS 4.
‘Ted’: You need an enema, you decrepit little troll.
” width=”19″ height=”19″ alt=”tongue wink” style=”border:0;” />