Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Attack Code Out For Apple Flaw

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (01/01/06 through 01/22/2007) Donate to DU
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:06 AM
Original message
Attack Code Out For Apple Flaw
http://news.com.com/2100-1002_3-6089630.html?part=rss&t...

Apple is recommending that people install all updates when they're issued to keep their software fully up to date, a company representative said Thursday.

"This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update," the representative said, referring to the ability for the exploit code to run.

The exploit was created by Kevin Finisterre, a security researcher at Digital Munition. Earlier this year, Finisterre created the Inqtana worm, which targets Mac OS X and spreads using an 8-month-old vulnerability in Apple's Bluetooth software. His actions are in part to demonstrate that Apple software is not unbreakable, he has said.


Jay
Printer Friendly | Permalink |  | Top
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:08 AM
Response to Original message
1. Remember, NO platform is immune.
And while FreeBSD OS X is inherantly more secure than Windows, possibilities can still be found.

This doesn't mean everybody should keep using Windows; that platform is an open invitation for malware by comparison.
Printer Friendly | Permalink |  | Top
 
Lerkfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:20 AM
Response to Reply #1
4. Agreed.
Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:25 AM
Response to Reply #1
6. That's The Gist.
I just can't help but stir the World v. Windows pot every once in a while. :evilgrin:

Jay
Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:51 AM
Response to Reply #1
19. Vulnerability Summary For 2006
These numbers were compiled from Qualys, Inc. security vulnerability alerts 1/31/06 - 6/27/06

Vulnerabilities:

Windows 11
Linux 72
BSD 12
Unix 39
MacOS 13


NOTE: These numbers were taken over a 25-week period of which I am missing weeks 1-3 and 5-7
Printer Friendly | Permalink |  | Top
 
Paulie Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:23 AM
Response to Reply #19
28. Ah, statistics and lies
June 13, 2006 Qualys Vulnerability R&D Lab has released new vulnerability checks in QualysGuard to protect organizations against the 12 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details
Microsoft has released 12 security patches to fix 21 newly discovered flaws in Microsoft Windows, Microsoft Exchange, and Microsoft Office.

----

May 9, 2006 Qualys Vulnerability R&D Lab has released new vulnerability checks in QualysGuard to protect organizations against the 3 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details
Microsoft has released 3 security patches to fix 3 newly discovered flaws in Microsoft Windows, and Microsoft Exchange.

----

April 11, 2006 Qualys Vulnerability R&D Lab has released new vulnerability checks in QualysGuard to protect organizations against the 5 new vulnerabilities present in Microsoft Windows that were announced today. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Vulnerability Details
Microsoft has released 5 security patches to fix 5 newly discovered flaws in Microsoft Windows, and Microsoft Office.

----

There were 11 more from earlier in the year from the same source, but I think the point has been made. Windows/Office/Exchange is a more fair comparison with Mac, Unix, BSD, Linux, since the sum of issues causes the problems.

I have to fix infected Win machines at work all day long. Come home to my Mac, and none of the drama of the day follows me home.

Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:43 AM
Response to Reply #28
29. You Could Argue That it's A Fair Comparison,...
but I disagree. Office is a distinct application purchased separately from the OS and Exchange is a server application. Windows users can send mail from the Windows SMTP stack alone and you can use Wordpad for basic word processing. Also, computers you have to fix in an uncontrolled environment(work)are oranges to your home PCs apple.(pun intended) BTW, why are you fixing so may PC's at work?

Jay
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 12:20 PM
Response to Reply #29
32. Actually it is somewhat unfair to compare a Vanilla Windows installation..
Edited on Fri Jun-30-06 12:23 PM by Solon
With let's say Linux, the reason is because they AREN'T testing Linux alone, that's just a kernel, but also a shitload of third party apps like OpenOffice, e-mail programs like Evolution, and browsers like Firefox. Most of which are usually standard on installs of a distribution. Probably the fairest comparison is if they compared it to let's say DSL or Austrami, which are minimal distributions, and usually never need patching except to add new features. The Linux Kernel is the OS, the GNU software that is also distributed with the Kernel isn't controlled by Kernel.org, but by third parties.

ON EDIT: Another consideration is this, GNU software in general is patched much more often than propretary software, the reason is because any security or feature flaws are viewable by the users themselves, if they have the coding skills, and are usually patched in days, a week at most, to prevent the system from being vulnerable. This contrasts with Microsoft products, where it could be months between security patches, usually only AFTER the vulnerability is exposed by successful virus or hacking attacks.
Printer Friendly | Permalink |  | Top
 
Paulie Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 12:27 PM
Response to Reply #29
33. It is fair comparison
Most of us use more than the Kernel/core OS, wouldn't you agree? :)

The apps make the environment. Mac OS X has had patches for the underlying open source software, say OpenSSH, that directly affect ME as an enduser. Since it's part of my operating environment it's a concern, even though it's not my OS that has the hole. Same goes for connecting systems.

Windows is absolutely secure, if you never plug it into a network and don't let anyone near the hardware. This is why the whole environment is important to discuss. Just picking and choosing what constitutes a flaw distorts the picture. Flaws in Quicktime show in both Win/Mac, and should be counted on both sides.

Work environments are supposed to be controlled (sigh), though patching and active monitoring. The main issue is spyware and worms, coming in through other components (like MS Messenger) or un-patched developer systems that get on-net for any period of time (VMware/VirtualPC hurts more than helps...). Then there is lots of people with local admin privs because of work/application requirements. It's a challenge.... one of these days I'm sure we'll get to a CMM level 1, but it's lots of pain until then.

Except for the Mac users at work, they remain productive. LoL
Printer Friendly | Permalink |  | Top
 
meegbear Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:09 AM
Response to Original message
2. GET A PC!
:rofl:

I installed the patch eariler this week; have my system to check for updates daily.
Printer Friendly | Permalink |  | Top
 
Art_from_Ark Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:23 AM
Response to Reply #2
5. Yeah, get a PC!
Preferably a DELL!

Printer Friendly | Permalink |  | Top
 
MyNameGoesHere Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:25 AM
Response to Reply #5
7. I wonder
did the pc explode? Or was it the batteries which are manufactured by some of the same companies that provide mac laptop batteries?
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:47 AM
Response to Reply #7
9. All high capacity batteries can fail that way.
They now hold enough energy that they are effectively small bombs.

And even if well manufactured, can be damaged through rough use such that what you see here results.
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:43 AM
Response to Reply #9
15. True, though I wonder if this one used an Intel chip...
a manufacturing flaw could HEAT things up rather drastically, burned laps and all that, wonder what such overheating would do to the battery?
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 02:52 PM
Response to Reply #15
37. Well, as it is a Dell...
I think so. Dell does not use anything but Intel last I looked.
Printer Friendly | Permalink |  | Top
 
Swede Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:56 AM
Response to Reply #9
22. I had a tv remote control that got so hot it melted the battery cover.
The remote looked funny when I got home,warped on the sides. It also stained my coffee table.
Printer Friendly | Permalink |  | Top
 
meegbear Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:39 AM
Response to Reply #5
8. LOL!!
:thumbsup:
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 01:39 PM
Response to Reply #8
34. Burning DELLs are funny! nt
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:17 AM
Response to Original message
3. Funny...
...none of my macs have bluetooth.

And this worm cannot spread unless you have all the bluetooth security turned off, which you have to choose to do as it is not that way by default.
Printer Friendly | Permalink |  | Top
 
stepnw1f Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 09:54 AM
Response to Original message
10. Oh No.... a Flaw.... Here Come the Mac Bashers
Every chance they can get. Pretty pathetic actually. I never knew how vane some people could be until I started cruising the net and found so many folks stiring up shit about Apple products. It's hilarious but also a bit annoying. It's like having sales persons bug you while you are just walking down the street, or a fake christian knocking on your door.

Anyway... I am glad they dealt with this, as they always do.
Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:31 AM
Response to Reply #10
11. "Here Come The Mac Bashers"
That's hilarious. I don't think I've ever heard anyone bash MAC ever. Sure some people prefer other platforms, but Mac bashing? The only bashers I have ever seen are Microsoft bashers.

Jay
Printer Friendly | Permalink |  | Top
 
stepnw1f Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:35 AM
Response to Reply #11
12. You Are Not Being Honest At All
Wow... never huh?
Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:52 AM
Response to Reply #12
20. I Didn't Say It Doesn't Happen.
I've just never seen it.

Jay
Printer Friendly | Permalink |  | Top
 
stepnw1f Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:53 AM
Response to Reply #20
21. Now You Have
Edited on Fri Jun-30-06 10:54 AM by stepnw1f
http://www.computer-guru.com/macbash.html

Also... read post 16. Happens all the time around here.
Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:10 AM
Response to Reply #21
26. That's An Equal Opportunity Slam.
I wouldn't count that.

Jay
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 12:04 PM
Response to Reply #21
31. Hey, that's not fair...
I slam all those systems controlled by anal companies equally, Microsoft Windows is a buggy, insecure, soon to be DRMed piece of crap. Dell is easy, they make crap computers, and no I don't really care that they put Linux on their business servers by default, they still use crap hardware. Apple uses decent hardware, I love their OS design, but the damn thing isn't worth 1200 bucks, not even 500 bucks, make the OS independent of that dumbassed proprietary chip on Intel motherboards, or hell, just sell those Intel motherboards, and then I might change my opinion. Either way, I would be MORE than happy to buy MacOS X, till that happens, forget about it!
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:40 AM
Response to Reply #11
13. Hey I bash Microsoft all the time, and I don't use a Mac...
Get Linux!
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:42 AM
Response to Reply #13
14. .
:thumbsup:

There's a few of us around.
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:47 AM
Response to Reply #14
16. Windows is crap dammit! Dell sucks, and actually so does Apple...
All for many different reasons, Apple for being anal about hardware control, Dell for using crap parts in their PCs, and donating to Republicans, and Microsoft Windows for being crap. I'm always amused at Mac people for saying "Get a Mac!", yeah, right, can I get one with the perfomance of TOP line computers for 250-300 bucks(approx. price of Mobo/CPU upgrade)? I don't think so.
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:50 AM
Response to Reply #16
18. Linux much responsibility there is thinks I.
It can soar or it can flop (megaflop?) the final result is in one's own hands.

That is freedom!
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:58 AM
Response to Reply #18
23. True, though I will say it is much easier to run today...
than in the past. I've always been a DIY when it comes to computers, and I have installed various OSes on PCs, even a few Macs as well(MacOS 8.1 through emulation, curious :)), and let me just say, Linux today, the user friendly distros, like Ubuntu, are actually EASIER to install than Windows XP or any other previous version, in addition to that, I would say MacOS 8.1 was a little bit easier, in that their were less choices to pick from.
Printer Friendly | Permalink |  | Top
 
Hugin Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:01 AM
Response to Reply #23
24. No kidding it's easier than XP...
Installation is a breeze!
Printer Friendly | Permalink |  | Top
 
Touchdown Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 10:50 AM
Response to Original message
17. I always update my Mac.
I may hold off until I'm done with whatever I'm doing (usually color correcting/cropping a photo), cause it always requires a re-start, but it's too simple to do not not do it. :hi:
Printer Friendly | Permalink |  | Top
 
LifeDuringWartime Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:05 AM
Response to Original message
25. run software update!
the 10.4.7 update fixes it. i know it's in the quote above, but just reminding people. One of the things that I like about apple's software updating style, allows them to issue small fixes whenever necessary.
Printer Friendly | Permalink |  | Top
 
Poiuyt Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:11 AM
Response to Original message
27. This is only a problem on the newer Intel Macs that were updated a
certain way, according to macsonly.com. The easiest way to prevent problems is to use the Software Update feature in the OSX operating system.

(On a side note, I wonder if the Intel processors will eventually make Macs more vunerable to attacks)
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 11:57 AM
Response to Reply #27
30. Actually no it wouldn't...
Hardware architecture has little to do with the vulnerability of computers, rather its OS design and flaws that are MOST likely to create such problems. Now, CERTAIN hardware techniques, such as "Wake up on LAN" could make a computer vulnerable, but then again, this is only true if the OS is ALSO vulnerable on boot, for example a Password-less Windows Account login. To think of it another way, LAMP(Linux, Apache, MySQL, PHP/Perl/Python) configurations for web hosts is REALLY common on the Internet, and most run off of x86 achitectures because its the cheapest solution, yet we rarely hear about virus attacks and vulnerabilities on these web hosts. This isn't to say they are immune, but a Windows XP/IIS configuration, on default settings at least, IS more vulnerable on average.
Printer Friendly | Permalink |  | Top
 
Poiuyt Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 01:54 PM
Response to Reply #30
35. What about if you are using Windows on an Intel Mac?
You could pick up a virus or worm. Would that only affect the Windows portion of the computer, or could it screw the whole thing up?
Printer Friendly | Permalink |  | Top
 
Solon Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jun-30-06 02:02 PM
Response to Reply #35
36. Usually it would only affect the Windows Partition...
There are exceptions, for example, the Master Boot Record could be affected by a virus, this is the menu that comes up to choose OSes, also another problem would be if Windows XP has full Read/Write Access to the HFS+ partition where MacOSX resides. If I wrote a Windows virus to wipe ALL harddrives on your computer that Windows Recognizes and can write to, then the Mac part of the system can be wiped really easily IF Windows can write to it. Now, there are solutions to this problem, like only allowing the Read Only access to the HFS+ partition(s), and Limiting Windows XP from any type of access to the MBR, etc. These are software solutions for software vulnerabilities in Windows.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Nov 27th 2014, 12:41 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (01/01/06 through 01/22/2007) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC