OS X vulnerable.

[VIAN]

Link

 

[drag]

Pretty crappy article. Doesn't offer any insights or any real information at all. It doesn't tell you why or how OS X is vunerable or anything. Whoop-te-doo

Tell me something I don't already know. All peices of software are vunerable one way or another. I've assisted in admin'ing Mac OS boxes and they do have security updates time to time just like any other OS.

Worthless trash.

I suppose the next article the guy rights about is how Canadians complain that it gets too cold in the winter and he would like to inform them that it sometimes gets cold in Arazona, New Mexico and Texas, too. So now Canadians have no right to complain about how cold it gets.

Then I suppose he talks to a weather expert that paints a scary picture about how a guy in Texas during the winter can go out naked and drunk at winter time and spray himself down with ice water until he dies from exposure!!

Now that's cold!

So how does that sound you Canadians? Huh? Pretty quiet now about the cold thing, now!

(hint: Canadian winters = Windows security issues vs. Mexican Winters = Mac OS X security issues in terms of scale of issues)

 

[n0cmonkey]

If this is about the dhcp or whatever related vulnerabilities, he's making a mountain out of a mole hill. Complete trash. I'll go plug a Windows XP desktop into the internet before applying patches, a firewall, or a virus scanner now. It must be safe since it isn't Mac OS X. Then I'll go whine about elitist asses whose opinions don't mean a damn to me. Or just maybe, I'll sit at my iBook, confident in my abilities as an admin.

 

[VIAN]

I had to.

He makes a very good point and I agree with him.

 

[n0cmonkey]

Originally posted by: VIAN
I had to.

He makes a very good point and I agree with him.

What point? That PC users can finally point their fingers at Mac users and say "WELCOME! We've been waiting for you for 8 years!"? Or just the usual religiously anti-Mac slant these types of nonsense articles usually have (and this one was one of the worst I have read!).

 

[n0cmonkey]

Ignore this. It's just an "I'm about to go to bed" rant.

Macs Are Not Invulnerable
Windows Isn?t the Only System With Serious Flaws

Commentary
By Lance Ulanoff
PC Magazine

Dec. 11? I know this is wrong, but in one respect I was happy to learn earlier this month about the discovery of a significant security hole in the Jaguar and Panther versions (10.2 and 10.3, respectively) of the Apple operating system (OS).

I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.

I haven't heard that since OS 9 was alive.

I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a fraction of the world uses Macs. What's the point of attacking a niche market? No one will notice!"

But the mindlessly superior retort is always the same, "No, it's because the Apple OS does not have the same holes as Windows. OS X is just a better operating system."

Given this recent development, my question is, "Will you be stuffing that superior attitude in your crow or eating it separately, sir?"

A Major Mac Breach

This is a significant hole. The original report, found on Carrel.org, puts a frightening spin on the problem:

"A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious machine on a network for user, group, and volume mounting settings."

So an attacker who can gain access to your network ? over a wired connection or wirelessly ? can trick an affected system into trusting a rogue machine, and when the compromised machine reboots, take it over and even attack other systems on the network.

HELLO! If someone is on your network, you have bigger problems than this. That one new G5 you just ordered probably isn't the only thing on the network you have to worry about.

The truth is that the Mac OS is just as vulnerable as Microsoft Windows.

eh? One minor vulnerability leads to this conclusion?

Overall, maybe OS X is better than Windows, but that's not the point. Panther, for example, is a great OS, but it's also complex, and complexity leaves room for gaps ? some small, some not.

From Mac Fan(atic) to Windows User

Way to be journalisticly unbiased.

OS X 10.x may not be as widely used as Windows (let's face it, it isn't) but some of its devotees seem far more fanatical than Windows users. Those who toil in Windows ? me, for instance ? care about their OS to a certain degree, but hardly feel the need to jump to its defense or come up with ridiculous conspiracy theories to explain why, say, Bob bombed or Windows Me stank.

I guess this guy doesn't get out of Starbucks much. There are plenty of Windows zealots out there. They aren't hard to spot.

So I am by no means a Windows apologist or Microsoft partisan. I began my computing career as a Mac patriot, in fact. I used a Mac SE/30 with PageMaker version 1.2 and laughed at the lowly IBM PS/2, which could just hobble along on the subpar Windows 3.0 and had virtually no font support. I trained people on Macs, converted entire print production systems over to the Mac and PageMaker, and salivated over every software upgrade and hardware enhancement.

But even back then, I had this gnawing suspicion that 18-month software development cycles could somehow hurt the platform. Before the tide really turned, however, I switched to PCs. I had joined PC Magazine, and the editorial staff used them.

My introduction to the PC came at precisely the same time as Microsoft launched Windows 3.1. I was no longer focusing on the Mac, and Microsoft had finally released a viable GUI. It didn't beat the then-current Mac OS (System 7), but it was a start, and of course, people began buying millions of PCs with Windows 3.1 preloaded.

The rest is history.

The Target Everyone Loves to Hit

When Microsoft released Windows 95 three years and some months later, for the first time there was a degree of parity between the graphical interfaces. I found things to grumble about, but they were minor.

Microsoft's less-than-stellar OS security took a while to become apparent. In fact, the problem wasn't epidemic until a few years after the Internet took off. Windows' market domination makes it a target for the virus authoring community.

Windows 95 came out at about the same time security was being looked at as a big deal. Microsoft ignored that fact.

The OS also bears the burden of user wrath because those who depend on Windows so often feel let down. But nothing drives me crazier than Mac true believers shaking their heads and grinning at me every time another Windows virus hits.

I guess he doesn't know why *WE* do that. BECAUSE YOU SENT THE VIRUS TO ME 10,000 TIMES MORON!

This past summer was particularly difficult. As Blaster and SoBig wreaked havoc across the Internet and with millions of Windows PCs, Mac users would tell me with mock sympathy, "This wouldn't happen if we all ran Macs".

SoBig, Blaster, and all of the others from the summer (and hell, we can go back farther with Code Red, Code Red 2, and other various worms of the past) affected more than just Windows. And of course, it was because of IDIOT users. But since Mac users are obviously idiots, they wouldn't know that.

We don't, of course, and again, that's the point.

If the Tables Were Turned

The discovery of this OS X security hole will be like a tree falling in a particularly remote forest. So few people actually use Macs (notwithstanding, of course, what you see in the alternate universe of movies, where everyone appears to use them), that I think it's unlikely this problem will have any long-term effect. Hackers are unlikely to exploit this hole the way they have Windows failings.

They won't attack this hole often, because it doesn't appear to be the easiest hole to exploit. The easiest hole is the one in the head of each and every computer user. Even drag, but I think his hole is smaller than most.

If the Macintosh OS ever became dominant, the tables would turn, and there would be just as many reports of viruses, security holes, and attacks on it as we currently have with Windows. As one Macophile I spoke with noted, no one has even bothered to exploit this security flaw. I doubt anyone will.

Replace Windows with Linux, and he might be right.

Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.

Oh yes, a half assed music protection scheme. whoopidy doo. Show me one that works.

An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking ? and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.

When there is an exploit or even THREAT from this, let me know. I'll sh1t a brick.

Who's Crowing Now?

Ultimately, those on the Mac fringe have to face facts: Panther and Jaguar were not better at outrunning vulnerabilities than Windows.

I expect other gaps will emerge, and while the Mac OS may still draw far fewer attacks, this discovery might suck a little wind (or is it Windows?) out of Mac radicals' sails. They can scarcely claim this was a minor hole. OS root access is serious stuff.

How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here.

Root access is definitely a big problem. But, if looked at logically, there are mitigating circumstances here. You have to be on that user's network being the big one. It's almost as poopoo as a local root hole, in my opinion.

 

[Sunner]

SoBig, Blaster, and all of the others from the summer (and hell, we can go back farther with Code Red, Code Red 2, and other various worms of the past) affected more than just Windows. And of course, it was because of IDIOT users. But since Mac users are obviously idiots, they wouldn't know that.

That's actually fairly interesting, now that I think about it.

Windows zealots love to go on about Mac's being for computer illiterate people, yet every time a new worm strikes and takes about a gazillion of innocent sites with it, it's blamed on "ignorant users".
I guess Windows is actually the platform of choice for all those computer illiterate people.'

His point is valid though, but of course, it's nothing new, as soon as someone has any kind of access to a computer, it's potentially vulnerable, since when is that news?

 

[chsh1ca]

Originally posted by: drag
I suppose the next article the guy rights about is how Canadians complain that it gets too cold in the winter and he would like to inform them that it sometimes gets cold in Arazona, New Mexico and Texas, too. So now Canadians have no right to complain about how cold it gets.

LOL

Then I suppose he talks to a weather expert that paints a scary picture about how a guy in Texas during the winter can go out naked and drunk at winter time and spray himself down with ice water until he dies from exposure!!

OH MY GOD! They've learned of our secret! It's called the Polar Bear Club, it's a regular annual thing, usually around New Years' Day. And we don't die from exposure, so maybe we're just more durable.

So how does that sound you Canadians? Huh? Pretty quiet now about the cold thing, now!

Throw in some chicks in skimpy bikinis and I'm there!

 

[chsh1ca]

Originally posted by: n0cmonkey
When there is an exploit or even THREAT from this, let me know. I'll sh1t a brick.

That's precisely the point, there isn't one yet (as far as I could find) and there likely won't be. Macs are mostly unimportant. OSX doesn't have much market share as a webserver (<2% for all "Other" webservers combined), and certainly you are 85% more likely to find a Windows box in a home with a computer, so what exactly is the point? This isn't a secret to anyone, I don't know why you are acting all hurt/surprised because some windows junkie thinks it's ironic that the people who were arrogant based on the "fact" that they were invulnerable because they were using a Mac are using a vulnerable OS. So he wants to poke fun at them, big deal. Grow some thicker skin. Apple has done the security realm a great service though, they have proven that security through obscurity works very well.

Root access is definitely a big problem. But, if looked at logically, there are mitigating circumstances here. You have to be on that user's network being the big one. It's almost as poopoo as a local root hole, in my opinion.

Remotely exploitable, in any fashion, is never good, even if you have to be connected to the LAN. Combine that with the growing use of wireless networks at home, and your mitigating circumstance isn't so mitigating. IMO, this is no big deal, if only because it is very very unlikely to be exploited with any regularity, except maybe by someone attempting to break into a network they know is all OSX.

 

[n0cmonkey]

Originally posted by: chsh1ca

Originally posted by: n0cmonkey
When there is an exploit or even THREAT from this, let me know. I'll sh1t a brick.

That's precisely the point, there isn't one yet (as far as I could find) and there likely won't be. Macs are mostly unimportant. OSX doesn't have much market share as a webserver (<2% for all "Other" webservers combined), and certainly you are 85% more likely to find a Windows box in a home with a computer, so what exactly is the point?

We could say almost the same things about FreeBSD, NetBSD, or OpenBSD. But there are exploits released for those OSes.

This isn't a secret to anyone, I don't know why you are acting all hurt/surprised because some windows junkie thinks it's ironic that the people who were arrogant based on the "fact" that they were invulnerable because they were using a Mac are using a vulnerable OS. So he wants to poke fun at them, big deal. Grow some thicker skin.

I felt like ranting a bit. Maybe I can get a job at PC Mag and get paid to whine a bit too

Apple has done the security realm a great service though, they have proven that security through obscurity works very well.

Obscurity? Darwin is open source. This vulnerability was found and fixed. It doesn't sound like they were relying on obscurity to me.

Root access is definitely a big problem. But, if looked at logically, there are mitigating circumstances here. You have to be on that user's network being the big one. It's almost as poopoo as a local root hole, in my opinion.

Remotely exploitable, in any fashion, is never good, even if you have to be connected to the LAN. Combine that with the growing use of wireless networks at home, and your mitigating circumstance isn't so mitigating. IMO, this is no big deal, if only because it is very very unlikely to be exploited with any regularity, except maybe by someone attempting to break into a network they know is all OSX.

Obviously any security problem is never good. Hell, most problems are never good. But this is not a hole in OpenSSH, Apache, or sendmail.