MacDailyNews - Where Mac news comes first

Sounds heavy doc....

Aug 08, 08 - 10:42 am Comment from: Andy

Well, given the difference in OS architectures, say, between Windows and OS X, I highly doubt something that brings down Vista will have the same effect on a Mac.

At best, exploits on the Mac are very localized (affecting only Safari/QuickTime etc), since accessing the root is essentially not an option, and the fact that registry modifications need user input beforehand.

The Mac can only be fubared by the user themselves, at the end of the day.

I was concerned about the statement at the end of the article...

"These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks. Expect to be hearing more about this in the near future and possibly being faced with the prospect of your "secure" server being stripped completely naked of all its protection."

Are we sure we are immune from this?

Thanks Andy, It's like you read my post before I posted it!

pc people call us fanboys.

just watch as they circle the wagons and say this is no big deal.

if any one lives is a reality distortion field, its pc defenders.

Oh, but I did hear that Mojave fixes this vulnerability!

Aug 08, 08 - 10:55 am Comment from: CYxodus

LOL. I just sent this article to MDN a few minutes ago.

What's troubling is that it can bypass DEP, which any Intel-based system uses, therefore any platform could potentially be at risk.

Then again, there's not much detail on what was required to make the exploit happen.

Aug 08, 08 - 10:56 am Comment from: HolyMackerel

If they knew in the early 1990s what we know now about what Windows has become, would business still have chosen Windows?

Some companies don't allow iPods, memory sticks, floppy drives; they lock the airwaves with encrypted wireless, restrict access through VPN, change passwords monthly, run 5 apps for virus, firewall, spam filtering, anti-phishing, etc yet still allow Windows. I just don't get it…

Aug 08, 08 - 10:58 am Comment from: Andy

@Wings2sky

I'm sure Apple are more than aware of any threats as you mention. However, the most important word in the article piece you highlighted is 'possibly'.

Fear is a very powerful tool.

And remember, UNIX has a much better security advantage over Windows ever will.

Aug 08, 08 - 10:59 am Comment from: ElderNorm

I think the key phrase is that Microsoft trusts the download cause it is from .net.
"'If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks."

Another rush effort by Microsoft that always assumes that Microsoft will never error so they can trust themselves.

Just a thought.

en

Aug 08, 08 - 11:01 am Comment from: HMCIV

This will be a non issue. Hackers, Virus writers and Botnet attackers aren't looking for a total end-around to exploit. Oh sure that might have been fine in the 90s but this era is different.

These days malware writers are looking for more subtle and refined exploits. They want something that offers a delicate balance of subtlety and intrigue. So while this exploit could "theoretically" earn hackers millions of dollars in credit card numbers, email spam lists, and identity theft I am confident they will ignore this for a more cerebral exploit that is worth their while.

Aug 08, 08 - 11:02 am Comment from: G4Dualie

Disruption of services will definitely impact even the most casual of observers but imagine for a minute if the corporate world had embraced Vista with the same zealousness with which Ballmer has been extolling its virtues and we have a melt down of the economy by several orders of magnitude.

Felonious Bill made a quick and timely exit.

"therefore any platform could potentially be at risk"

In other news, anyone can say anything without proof, examples or any detail whatsoever to sound important.

Aug 08, 08 - 11:06 am Comment from: Andy

@HMCIV

I figure that bringing an entire system down would make a hacker's life much more difficult, since it's a surefire way to piss people off (and get the gov after you, if you attack federal servers).

As you say, it's more likely hackers will be more subtle (and much more malicious) by extracting info from a comp piecemeal, being hidden in network traffic and all that.

And thankfully, Apple have already thought of that.

Aug 08, 08 - 11:06 am Comment from: THE.MAC.GOD

Oh SNAP.

Eh, I hate to break this to everyone, UNIX is the most open faced OS ever, its also been around for ever, so its both a blessing and a curse.

Everybody knows the vulnerabilities, and possible fixes, everybody.

Super-scary article completely devoid of hard facts and evidence. Nothing to see here at least until the sky starts falling.

Aug 08, 08 - 11:11 am Comment from: HMCIV

Oh and Kudos to the French Reporters who thought it would be a good idea to hack the Network at the Black Hat Awards.

<a href="http://ap.google.com/article/ALeqM5i_kwz9PQAu5EHgJfbaCx-a5i6jmgD92E4IMGA">

I'll do a Google search for your names and passport numbers in a couple days to see how many hits we get.

Aug 08, 08 - 11:13 am Comment from: Predrag

"If they knew in the early 1990s what we know now about what Windows has become, would business still have chosen Windows?"

This is a phrase similar to what we hear these days about WMD in Iraq (If they new they were lied to, would they have voted for the war?). And the answer is probably just as clear and unambiguous...

Aug 08, 08 - 11:14 am Comment from: shen

be interesting to see how this shakes out.....

i won't be shocked if it turns out vista in beyond repair, but i won't be shocked to find out this is just grand standing by the researchers either.

"may you live in interesting times."

Aug 08, 08 - 11:15 am Comment from: Andy

@Joe

And that's why Apple took the bsd linux derivative Darwin. Apple applied its own stamp to this form of UNIX and made it as secure and rock solid as they could.

OS X isn't exactly open-source, and hasn't been for a while now.

"If they new they were lied to, would they have voted for the war?"

A retarded, coke head good ol' boy with the lowest approval rating in U.S. history who gets his instructions from God would never lie.

"I'm honored to shake the hand of a brave Iraqi citizen who had his hand cut off by Saddam Hussein."
- Dumbya

Aug 08, 08 - 11:26 am Comment from: Hm...

Well, now. IBM Internet Security Systems and VMware found this little problem in Vista -- that's right, the OS where MS chose to annoy users with security dialogs because it was the users' behaviour that needed changing. Uh huh. Those darn users just need to stay out of the internet's tubes...

Hasta la vista, Vista!

A retarded, coke head good ol' boy with the lowest approval rating in U.S. history who gets his instructions from God would never lie.

lowest approval ratings? You mean congress? They are in single digits.

Aug 08, 08 - 11:37 am Comment from: phantasmosxmagnum

Time to stop the presses and time wasted on the M$ FUD campaign that Vista is awesome and ignore OS X, ramp up Windows 7! Oh wait W7 is based on Vista! WFT?!

Aug 08, 08 - 11:55 am Comment from: nekogami13

@Andy: Registry modifications need user input?
Since when did OS X get a registry?
Hard to modify something when it does not exist.

M$ is doomed... it REALLy is! Common, Balmer: stop everything and give back the monney to the shareholders! And don'0t go believing that this sentence will bring you any good luck... it won't! This is not a question of luck: Apple has never sold bul..t. This makes all the difference!

"... According to Dino Dai Zovi, a popular security researcher, 'the genius of this is that it's completely reusable. ..."

Good thing Dino is popular, otherwise he probably never would have been quoted, except by other members of the chess club.

Aug 08, 08 - 12:17 pm Comment from: Cubert

@ HMCIV,
Was laughing my @$$ off at your first post above!

Thanks for the Friday humor.

Aug 08, 08 - 12:18 pm Comment from: KingMel

Despite the fact that this *alleged* threat is currently only directly associated with Vista, no one should take any satisfaction in Microsoft's situation. From a purely selfish standpoint, consider the potential disruption to your life if this threat materializes and is exploited. It won't matter that you might use a Mac at home and at work. Your personal and financial life is distributed across Windows-based computers all over the place. This is not a good thing, even if it boosts Apple and hurts M$.

The gift, i.e. turd that just keeps on giving!

Aug 08, 08 - 12:20 pm Comment from: Anonymous©

Release Mojave now! That will fix the problem!

Aug 08, 08 - 12:20 pm Comment from: Olmecmystic

Apple already has their iPhone production ramped up to capacity at 800,000 units a week. I think they need to ramp up Mac production, too. There's a surge a'comin'!

Peace.
Olmecmystic

Aug 08, 08 - 12:22 pm Comment from: Cubert

Now we just need major news outlets to get ahold of this story.

Aug 08, 08 - 12:25 pm Comment from: dogfriend

This problem is easily fixable. The solution is to keep all computers running Windows off the internet. Problem solved.

Aug 08, 08 - 12:28 pm Comment from: qka

Dino Dai Zovi, a popular security researcher

Does he have trading cards out?

"lowest approval ratings? You mean congress? They are in single digits."

Good point. It's comforting to know they are on vacation and W. is at the Olympics. It's not like the U.S. needs leadership. Maybe W. can throw up on them like his dad did to the Japanese Prime Minister.

Aug 08, 08 - 12:33 pm Comment from: amyhre

Ah yes, a Congress with Nancy Pelosi who apparently is so intent on saving the world that even if gas reached $10 a gallon, they would not lift the oil drilling moratorium, because what's the point of being at the top of the food chain if we're going to actually use our position at the time to help ourselves a bit. Nope, all animals and plants and their needs are ipso facto more important than ours. Look, I don't mind recycling and green energy if possible, but until that stuff appears, we have to use what we've got developed and at the moment that happens to be internal combustion engines. Do I wish that oil companies hadn't squashed attempts to make cars more efficient? Definitely. Do I enjoy the fact that they're making record profits while ordinary Americans are bent over their cars and wallet-raped with a fuel nozzle every time they fill up? Certainly not. I don't believe in change for change's sake, nor do I believe in obstructing change because one has the power to do so. I say this both for politics and because Microsoft has also done so in both the past and the present.

Am an independent with Republican leanings but did not vote for Bush in 2004 (was the first year I was eligible to vote).

On topic, it will be interesting to see how this vulnerability plays out. But I reckon those who swear by Microsoft and its products, as compared to those of us who swear at them, probably have their heads so far up Ballmer's ass that they can examine the contents of his stomach will have their opinions left unaffected by this new mess.

All I can say is.... HOLY SHIT! If this truly is as unfixable as they say, then Microsoft needs to recall that OS and issue a refund to each and every customer who bought it. Of course, they won't. I see a class action lawsuit brewing BIG TIME!

To the best of my knowledge, OS X 10.5 does not implement DEC or ASLR.

This should not be an issue for Mac users except via having their information compromised by Windows-based systems.

Aug 08, 08 - 12:43 pm Comment from: shen

"A retarded, coke head good ol' boy with the lowest approval rating in U.S. history who gets his instructions from God would never lie. "

that is an incredible post.

in one line you insulted retards, coke heads, good ol' boys, every president to have an approval rating, and god.

please don't compare bush to people that are above him. not ever again.

"Do I enjoy the fact that they're making record profits while ordinary Americans are bent over their cars and wallet-raped with a fuel nozzle every time they fill up?"

Be careful what you wish for:

Throughout the oil and natural gas industries only about 1.5% of the stock is owned by company executives.

The data show that ownership of industry shares is broadly middle class, with the majority of industry shares held by institutional investors, often on behalf of millions of Americans through mutual funds, pension funds and individual retirement accounts.

Almost 43 percent of oil and natural gas company shares are owned by mutual funds and asset management companies that have mutual funds. Mutual funds manage accounts for 55 million U.S. households with a median income of $68,700.

Twenty seven percent of shares are owned by other institutional investors like pension funds. In 2004, more than 2,600 pension funds run by federal, state and local governments held almost $64 billion in shares of U.S. oil and natural gas companies. These funds represent the major retirement security for the nation’s current and retired soldiers, teachers, and police and fire personnel at every level of government.

Fourteen percent of shares are held in IRA and other personal retirement accounts. Forty five million U.S. households have IRA and other personal retirement accounts, with an average account value of just over $22,000.

Aug 08, 08 - 12:51 pm Comment from: shen

"Ah yes, a Congress with Nancy Pelosi who apparently is so intent on saving the world that even if gas reached $10 a gallon, they would not lift the oil drilling moratorium....."


blah blah blah snipped.

7 different bills were submitted to congress which all would have made more difference to the gas price, and all in less than a year rather than 20 years like drilling.

including:

tapping the reserves, rules against price gouging, cracking down on speculators (most economists see them as the primary cause of current prices) stopping tax breaks for oil companies (cause yes, the repubs give tax breaks to companies that have record profits) and a tax break for people paid for by the oil companies tax break being removed.

all of them were blocked by republicans.

all of them. republicans.

so how does the republican BS stack up to reality?

so '04 was your first chance to vote? do us all a favor and better educate yourself before this vote, huh? kthxbai!

"please don't compare bush to people that are above him. not ever again."





"The economy is growing, productivity is high, trade is up, people are working. It's not as good as we'd like, but -- and to the extent that we find weakness, we'll move." --George W. Bush, Washington, D.C., July 15, 2008

Aug 08, 08 - 01:24 pm Comment from: Sir Gill Bates

shen,

"in one line you insulted retards, coke heads, good ol' boys, every president to have an approval rating, and god."

Good one.

Oh, and I get a kick out of the Republicans staging that little protest over Pelosi's move. Even if this off shore drilling is approved, it will be years before any effects are realized, if at all. But I'm sure McCain enjoyed it.

I must admit though, I think Nancy Pelosi is one of the most incompetent dimwits in Congress. That fool wouldn't know reality if it bit her in the ass. She gives liberals a bad name.

Aug 08, 08 - 02:04 pm Comment from: sparkplug

Hey, not to worry. Windows 7, Midori, and Monkey Boy doing a fast Tap Dance is coming soon and will take care of everything.

In the meantime, let's just hold off on any purchases of VISTA (as if, that was on your To Do List).

It's comforting to know they are on vacation and W. is at the Olympics. It's not like the U.S. needs leadership.

Don't worry, Cheney's in charge now....!

Is that you writing all the diatribes, Big Al? I mighta figured you'd be lurking in the Apple blog sites...

Aug 08, 08 - 02:09 pm Comment from: shen

"I must admit though, I think Nancy Pelosi is one of the most incompetent dimwits in Congress. That fool wouldn't know reality if it bit her in the ass. She gives liberals a bad name."

and yet, she is better than 90% of the repubs you can name. sad, isn't it?

Its not hard to control a computer that runs vista.
Have you ever put a dvd with a broken toc into a vista machine and try to open it. The entire system becomes unresponsive (even the power button) the cpu goes to a 100% usage, (depending on the motherboard the fans might not speed up causing alot of issues). Then if you unplug the computer and replug it in it will not boot and in effect you either get a b0ot error or the black screen of death. The system only comes back alive when the cd is removed manually (You take the faceplate off the optical drive and with a paperclip you trigor the emergency open).

"tapping the reserves, rules against price gouging, cracking down on speculators (most economists see them as the primary cause of current prices) stopping tax breaks for oil companies (cause yes, the repubs give tax breaks to companies that have record profits) and a tax break for people paid for by the oil companies tax break being removed."

None of these bills would have lowered gas prices.

Tapping the reserves would probably be a good option, but it would not have a significant impact on gas prices since it's not a long term solution.

There are already laws against price gouging. To convict for price gouging you have to *prove* collusion to artificially keep prices high. Don't think that will happen because there isn't any evidence of this happening.

"Cracking down" on speculators (whatever that means) would be extremely detrimental since speculators are an integral part of the commodities market. The speculation of high prices right now comes from the inevitable war with Iran. Go research the commodities market and the importance of speculators and get back to me.

Lastly, if you think making oil companies pay more taxes will solve the problem, you're again very wrong. The tax increases *will* trickle down to the consumer and in the end it will have no effect. These companies have armies of accountants that can make the numbers work any way they want to. Good luck with this one.

I'm not a republican or a NeoCon, but these ideas are not going to work, and they just make the problem worse. Drilling will not solve it either as we won't see the new oil in the market place for years. The only thing we can do right now is conserve. Use less gas. That's it. The newer technologies will take time to come to market, but this is a rough ride we are going to have to endure for quite a while. There are no quick fixes and to think so is foolish.