Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMac OSThe Month of Apple Bugs: lots
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#64610 22-Mar-2007 08:07
Send private message

CrispinMullins:
freitasm: Being vulnerable or not is not related to the impact of being vulnerable.


Of course it is. When was the last time you went to the doctor to immunize yourself against a disease that doesn't exist? I'm sure we'd love to be 100% protected against everything all the time, but because that is entirely impractical, we need to realign our goals.


Economical impacts. You said "economics" so I am referring to economical impacts, as in the scale of the impact. Not the inevitability of the impact.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



CrispinMullins
128 posts

Master Geek


  #64613 22-Mar-2007 08:18

OK, so you're not talking about the impact of being vulnerable, you're talking about the impact of the "attack" if it were to happen. That could be pretty big, sure. If it happens.

I mentioned the word economics to illustrate the reduced likelihood of an attack, and I think the illustration still stands.




Crispin Mullins
Auckland, New Zealand

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#64618 22-Mar-2007 08:39
Send private message

CrispinMullins: I mentioned the word economics to illustrate the reduced likelihood of an attack, and I think the illustration still stands.


And that's my point: the sofware is vulnerable, as agreed before because of a series of inherent reasons. But the likelyhood of an attack is less not because of the software being safer, but because the economical impact is smaller. Simple as that.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



juha
1317 posts

Uber Geek
+1 received by user: 7

Trusted

  #64619 22-Mar-2007 08:40
Send private message

Apple won't make the vulnerability headlines until it reaches a market share well beyond the present three to four per cent. The simple truth is that crackers get a better return on their un-targetted attacks by going for the operating system used by the vast majority... Windows in its different versions.




Juha 

CrispinMullins
128 posts

Master Geek


  #64622 22-Mar-2007 08:49

freitasm: But the likelyhood of an attack is less not because of the software being safer, but because the economical impact is smaller. Simple as that.


Yes, but the lower the likelihood of an attack, the safer the software is!




Crispin Mullins
Auckland, New Zealand

juha
1317 posts

Uber Geek
+1 received by user: 7

Trusted

  #64625 22-Mar-2007 08:51
Send private message

CrispinMullins: Yes, but the lower the likelihood of an attack, the safer the software is!


No, that's not logical. The lower the likelihood of an attack, the safer the environment is - but that's not true for today's Internet, as you well know.




Juha 

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
CrispinMullins
128 posts

Master Geek


  #64626 22-Mar-2007 08:56

juha: No, that's not logical. The lower the likelihood of an attack, the safer the environment is - but that's not true for today's Internet, as you well know.


Häh? Do we have differing definitions of "safe", or what am I missing?




Crispin Mullins
Auckland, New Zealand

juha
1317 posts

Uber Geek
+1 received by user: 7

Trusted

  #64628 22-Mar-2007 09:03
Send private message

Yes, very different. Insecure software doesn't magically become safe just because the current likelihood of attack is lower. If that was the case, you should be running ReactOS or MINIX or whatever.

You also need to bear in mind that much of OS X comes from a large, Open Source non-Apple code base that is currently being targetted by crackers.




Juha 

CrispinMullins
128 posts

Master Geek


  #64632 22-Mar-2007 09:45

juha: Yes, very different. Insecure software doesn't magically become safe just because the current likelihood of attack is lower. If that was the case, you should be running ReactOS or MINIX or whatever.


Security by obscurity (which is essentially what we're talking about) is but one piece of the puzzle, and nobody should rely on it. But it has its merits. As long as Apple (and others) keep their end of the bargain, continuing to patch vulnerabilities, then I consider myself to have the best of both worlds.

I think the spontaneous analogy to human health is a good one, and that we should be talking about security in terms of risk rather than in absolutes (a la Schneier's "security is a trade-off" mantra). Do we as human beings consider ourselves "safe", given the constant threat from viruses and continuously evolving bacteria?

Hmm. I could work on this and make millions!




Crispin Mullins
Auckland, New Zealand

juha
1317 posts

Uber Geek
+1 received by user: 7

Trusted

  #64634 22-Mar-2007 10:10
Send private message

CrispinMullins: Hmm. I could work on this and make millions!


Possibly, but I for one wouldn't hire you as a security consultant. Smile




Juha 

barf
643 posts

Ultimate Geek


  #64659 22-Mar-2007 11:46

the Airport firmware bug is more than well known but only to Apple enterprise admins because it only affects multiple-basestation networks - and then only affects certain configurations (bridge mode and single SSID roaming). But, the fix should be released soon I hope. I've had to revert to firmware version 5.5.1 to avoid this issue and 5.5.1 is vulnerable to archaic ICMP fragmentation attacks.

oh, and I don't think security through obscurity has any merit. Apple should not rely on their lack of market share for security! But saying there are no viruses on Macs is a total lie. I regularly clean Microsoft Word macro viruses off Macs because the email server bounces their messages. lol.




Sniffing the glue holding the Internet together

 
 
 
 

Shop now for Dyson appliances (affiliate link).
freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#68033 21-Apr-2007 19:07
Send private message

Apple released patches for twenty five vulnerabilities... And Mac OS X is hacked through a Safari vulnerability only hours after a contest was launched looking for someone able to do it.

[Moderator edit (bradstewart): All Your Vuknerabilities Are Belong To Me]




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

mike
307 posts

Ultimate Geek
+1 received by user: 20

Trusted

  #68035 21-Apr-2007 19:53
Send private message

Be interesting to see more details of the Safari hack...

Of course it didn't happen "only hours after a contest was launched looking for someone able to do it."
It happened after "organizers relaxed the rules" because nobody was able to do it.





freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#68036 21-Apr-2007 19:55
Send private message

Relaxed rules or not it was done. Strict rules for an artificial condition doesn't mean real life is always restricted, right?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

mike
307 posts

Ultimate Geek
+1 received by user: 20

Trusted

#68037 21-Apr-2007 20:07
Send private message

Hard to comment, no details of exploit have been released!





1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright