Results 1 to 7 of 7

Thread: Attention mac OS tiger users!!

  1. #1

    Exclamation Attention mac OS tiger users!!

    just spotted a pc of news on the security compromise of the new mac OS tiger. its a good read even if u r running older OS.

    http://www.macworld.com/news/2005/05...oard/index.php

  2. #2

  3. #3

    Default

    whats a FUD? sorry, i need to catch up on this kind of jargon.

  4. #4
    Moderator ortega's Avatar
    Join Date
    Nov 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    23,686
    Blog Entries
    7

    Default

    I get my news from

    www.macintouch.com

  5. #5

    Default

    Quote Originally Posted by nightpiper
    whats a FUD? sorry, i need to catch up on this kind of jargon.
    Fear Uncertainty Doubt.

    A technique often used by a certain large software company to 'scare' people away from Open Source and various free sofwares.

    This Apple security issue is understandable. It's a re-run of the latest Mozilla XPI issue and the entire the entire class of IE/Windows Active X issues.

    If you are going to allow a web browser to download code from the net, you are in trouble. The bad guys are continuely going to try and breach the 'trust' model you wrap around this 'feature'.

    Apple at least doesn't run Safari in the kernel contex like MS does with IE. I haven't looked at the dashboard app in detail yet. I hope Apple haven't been as stupid as to give the dashboard app implied admin rights...


    Interestingly most of the past Apple security patches have been in OSS parts of OSX (although there have been patches for the proprietory components as well). The security fixes for the OSS components have been mostly for POTENTIAL security issues found by code inspection. Very few make it to a real exploit. As apposed to another popular OS's security patches which are generally in response to an exploit getting out into the 'wild'.

  6. #6

    Default

    i guess the more services you have listening on your machine, you will always be prone to more attacks. With Mac, we arent too afraid of kernel level attacks as we do not run as root most of the time, but believe me, an attack on the middleware or services could proof as troublesome. Patching and updates is still a must. Not so much of FUD....

  7. #7

    Default

    Quote Originally Posted by matthew
    Fear Uncertainty Doubt.

    A technique often used by a certain large software company to 'scare' people away from Open Source and various free sofwares.

    This Apple security issue is understandable. It's a re-run of the latest Mozilla XPI issue and the entire the entire class of IE/Windows Active X issues.

    If you are going to allow a web browser to download code from the net, you are in trouble. The bad guys are continuely going to try and breach the 'trust' model you wrap around this 'feature'.

    Apple at least doesn't run Safari in the kernel contex like MS does with IE. I haven't looked at the dashboard app in detail yet. I hope Apple haven't been as stupid as to give the dashboard app implied admin rights...


    Interestingly most of the past Apple security patches have been in OSS parts of OSX (although there have been patches for the proprietory components as well). The security fixes for the OSS components have been mostly for POTENTIAL security issues found by code inspection. Very few make it to a real exploit. As apposed to another popular OS's security patches which are generally in response to an exploit getting out into the 'wild'.


    thx for clearing the FUD. also thx u for the more detail info. i dun know much about the macs & their kernel. greatly appreciated.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •