Apple redefines 'Epic FAIL'

Posted By: Ray7 | Jun 21st, 2008 @ 3:04 AM
page 1 of 2
Comments: 27 | Views: 1825
#Jun 21st, 2008 @ 3:04 AM
Ray7
Ray7
Hasn't been a good week for Apple on the security front.  While the Safari team has taken a break from spreading that cross platform exploit love in order to release a few vulnerability patches, the community is facing up to life outside the OS niche with reports of two Mac trojans out in the wild.
Of  course, you'd have to be a pillock to hand over your root password just because some poker game  asks you for it, and the Mac community is correct in pointing this out. I just don't remember them saying the same thing when Windows XP was facing similar attacks.

Intego (again?) have highlighted a couple of relatively minor flaws that affect Tiger and Leopard, both of which pale into insignificance when compared to this hooter demonstrated by RixStep et al.

Ouch! .... :-?

Now since this a new exploit that Apple engineers have introduced (it doesn't work on 10.4), I find myself asking yet again, have things slid since Tevanian left?

I don't see the situation improving until next year. when Apple completes a  massive clean up (some claim that it is actually a rewrite) of the OSX codebase. With a tidy baseline, perhaps less of the amateurish exploits will slip through.



#Jun 21st, 2008 @ 4:05 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda
Ah well,... the windows crowd always said that Apple wasnt more secure. It was just a less popular platform for hackers. Now that their install base is going up, it is becomming more and more lucrative to find exploits for Apple computers.

It's only a matter of time before more exploits come out,.
#Jun 21st, 2008 @ 5:34 AM
stevo_
stevo_
Human after all

One thing I don't understand about that flaw is.. how can an application just decide if it needs to authenticate or not?

I mean, in windows- the kernel makes the decision if the app can do something, not the app itself?

#Jun 21st, 2008 @ 6:18 AM
brich
brich
Yep, Apple has some work to do on the security front, and my Intego VirusBarrier signatures just updated to cover that 'trojan' in the wild crappola. However, 2 Trojans in the wild hardly align with whatever the number is on another platform we all know and love...right?

I'm sure we'll continue to see more vulnerabilities for OSX users to be aware of....still waiting to see actual exploits that cream enough Mac users to create a cottage industry of shops that specialize in nuking and repaving Macs (like the geek squads and their ilk for PCs).
#Jun 21st, 2008 @ 8:21 AM
GoddersUK
GoddersUK
I CAN has cheezburger and you CAN'T has stop me!
did I understand that rixstep one?

You can sudo without user consent?
#Jun 21st, 2008 @ 8:22 AM
brich
brich
It's that little enterprise that has taken too much of my discretionary income Smiley
#Jun 21st, 2008 @ 9:37 AM
littleguru
littleguru
<3 Seattle
It's always the same... don't think that software is more secure just because it doesn't have less flaws. It's much more stuff that comes into the game on why hackers decide to take a look at a certain app and try to exploid it. One of them is fame and where the most of it can gained; and that makes obiously the most important and well known thing the target #1.
#Jun 21st, 2008 @ 9:45 AM
Sven Groot
Sven Groot
My name has 9 letters. Coincidence? I think not...
Sure looks like it. Ouch!
#Jun 21st, 2008 @ 10:46 AM
wisemx
wisemx
Live it
Personally I find this rather funny.

Why?

Years ago Microsoft VS. Apple was not about security.

Back in the late 80's and early 90's I used to hold 3D animation contests.
About that time that stinking Video Toaster came out and, well, things changed. Smiley

I've remained faithful to Microsoft but I admit Apple changed the depth of the way we use graphics now.
#Jun 21st, 2008 @ 12:01 PM
brich
brich
Looks like Apple do not want Trojans in the restrooms....
#Jun 21st, 2008 @ 4:00 PM
Ray7
Ray7

The trojans aren't a problem (certainly not now the platform has them it appears); Apple's jaw-dropping bugs are becoming a real concern to me though.

I thought the network copy bug was bad, but this really is a cause for concern. Could be a case of too much focus on selling the iPhone is causing the rest of the product mix to suffer.

Always love it when folk point the finger at Windows to divert attention away from problems with OSX though. As a Mac user myself I find it counterproductive as it gives Apple an easy ride; this leads to exactly the sort of foul ups we're seeing with this Remote Desktop bug.

I especially love the part where Apple tells users that its nothing to be concerned about ...

I'm a user. I'm concerned.
#Jun 21st, 2008 @ 4:19 PM
brich
brich
I'm concerned as well. 60% of my work day is spent living in XP, and I've experienced over the years what can happen on that platform...especially pre-sp2. That said, Trojans usually rely on social engineering stupidity, and it is easier to run as a Standard User in Leopard. But Apple needs to focus on this stuff to avoid the damage that Micosoft has had to deal with since the late '90s.
#Jun 21st, 2008 @ 11:48 PM
Ray7
Ray7

Well actually it is just as easy to run as a standard user on Vista (though I have come across a number of apps that still insist on access to the whole machine - invariably, they don't run very well anyway so I just dump them.)

No, my concern is not the trojans; it is the overall quality of Leopard. Just take a look in the Apple forums (you have to be quick though; Apple has a policy of deleting messages that paint there tech in a less than favourable light); Leopard is the worst release to date and people are still having problems with 10.5.3 - which is why I haven't upgraded.

With rising marketshare comes great responsibility; I don't think Apple is taking its responsibility to its customers seriously enough.

We'll see what happens next year after the great reset.

Oh, and that's another thing.

Microsoft resets OS development and releases an OS that on the face of it, doesn't add much value over the previous one. They are slaughtered in the press.

When Apple resets OS development and releases an OS that on the face of it, doesn't add much value over the previous,  I have a feeling that the press reaction will be somewhat different.

#Jun 22nd, 2008 @ 4:52 AM
brich
brich
I've been running Leopard since 10.5.0, and there have been some flaws for sure. Only speaking from my own experience (and I'm running 10.5.3 on a 12" PowerBook G4 1.5 and a modded-up Quicksilver tower), Leopard is pretty stable for me...The .3 release was huge, and went part of the way to fixing a variety of flaws; but I agree that in certain respects, Leopard feels more beta-like than 10.4.11 did.

I wonder if Vista would run as well on a PC as relatively underpowered as my PB (which runs Leopard very well).

I'm not running Vista on my office PC because we have encountered too many incompatibilities with test-bed systems there (although certain of our IT staff really like Vista).
#Jun 22nd, 2008 @ 11:35 PM
brian.shapiro
brian.shapiro
things go on as always

brich's dog: better than jamie's dog?
#Jun 23rd, 2008 @ 1:01 AM
Ray7
Ray7
Ah! Linking goof-up!

Rixstep has correctly pointed out that I have actually pointed to the same flaw twice.

Sorry folks!

But why  assume that when Windows users point out the flaws, they are jumping for joy? What he fails to realise that an increasing number of Windows users are also Apple Mac users. Again, this is the same argument I see all the time when Apple fouls up; quickly divert attention away from the problem and point at Microsoft. Well, I don't want to look away; I want the problems fixed.

But are innocent bystanders supposed to start jumping for joy?

Ah well,... [sic] the windows [sic] crowd always said that Apple wasnt [sic] more secure. It was just a less popular platform for hackers. Now that their install base is going up, it is becomming [sic] more and more lucrative to find exploits for Apple computers.

That matter of time: how many hundreds of thousands of active thriving viruses are out there for Windows? Are there any for any Unix system? Any whatsoever?

An odd comparision really, and I'm not really sure how it proves his point. To begin with, Unix hasn't really taken off as a desktop operating system, so there is little point in writing lucrative money-sucking trojans for an operating system that doesn't have a large desktop presence. Is there any real point in presenting a Unix administrator with a poker game that asks for his root login details? I don't think he would fall for it to be honest. I'm not even sure that the vast majority of Unix systems are used for web browsing ....

Poster Ray7 does ask a valid question.

I find myself asking yet again: have things slid since Tevanian left?

And that's a good question. Especially as so many things have 'slid' in Tiger and now even more in Leopard. Apple have, as all know, diverted attention from their computer OS to concentrate more fully on their iPhone OS.

Actually, what's needed here is a good answer. Hopefully, that'll be Snow Leopard.


The astonishingly clueless Windows losers really think all computer systems behave this way - wobbly, crash prone, lacklustre - and wide open to the most puerile of script kiddie attacks. Clue: they aren't. None of them are. Only Windows is.


Talk about defensive ....




#Jun 23rd, 2008 @ 1:16 AM
Ray7
Ray7
I've been running Leopard since 10.5.0, and there have been some flaws for sure. Only speaking from my own experience (and I'm running 10.5.3 on a 12" PowerBook G4 1.5 and a modded-up Quicksilver tower), Leopard is pretty stable for me...The .3 release was huge, and went part of the way to fixing a variety of flaws; but I agree that in certain respects, Leopard feels more beta-like than 10.4.11 did.

Well, I guess I could have been spoiled. Up until this point I think Apple has had its game in order. OSX has been on an even evolutionary development that has (after a few point releases) delivered stable benefits for years. Then all of sudden, we start getting really amateurish mistakes. Am I expecting too much from them?

I wonder if Vista would run as well on a PC as relatively underpowered as my PB (which runs Leopard very well).

What has that got to do with the price of bottled air?

[fx:massages bridge of nose between thumb and index finger]

Will folk PLEASE stop pointing at Microsoft as if it's some kind of defence? If you don't see Vista as a good example of OS engineering, then what is the point of using it as a comparison?

I'm not running Vista on my office PC because we have encountered too many incompatibilities with test-bed systems there

Well, I will just say that I hear that.

(although certain of our IT staff really like Vista).

I have mixed feelings at the moment ....


#Jun 23rd, 2008 @ 1:23 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda

The point that I make is that when an OS becomes more popular it becomes more lucrative to hack. I am not saying anything about wich platform is more secure.

Actually, they both share the common flaw;

The user

#Jun 23rd, 2008 @ 1:43 AM
Ray7
Ray7
Yes, I quoted that badly. I actually agree with you.

As platforms become more lucrative they do become targets. But the other factor is that Unix-based systems have not penetrated the home market to the same level that Windows has, so his argument pretty much fails on that count.

And yes, the user is the usually where the problem lies. But that does not mean that vendors shouldn't be doing all they can to protect the users from themselves.


#Jun 23rd, 2008 @ 1:55 AM
Maddus Mattus
Maddus Mattus
Do, or do not. There is no try. - Yoda

Unix has penetrated the server market pretty good. But those machines, like the windows servers, are managed by professional people, who actually know what they are doing. All analogies we make are flawed, because we dont know all the facts. Sure there have been some studies, but they all make assumptions. Let's just hang back and see how this plays out.

page 1 of 2
Comments: 27 | Views: 1825
Microsoft Communities