Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4


BDFL - Memuneh
61205 posts

Uber Geek
+1 received by user: 11982

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 64610 22-Mar-2007 08:07
Send private message

CrispinMullins:
freitasm: Being vulnerable or not is not related to the impact of being vulnerable.


Of course it is. When was the last time you went to the doctor to immunize yourself against a disease that doesn't exist? I'm sure we'd love to be 100% protected against everything all the time, but because that is entirely impractical, we need to realign our goals.


Economical impacts. You said "economics" so I am referring to economical impacts, as in the scale of the impact. Not the inevitability of the impact.






128 posts

Master Geek


  Reply # 64613 22-Mar-2007 08:18

OK, so you're not talking about the impact of being vulnerable, you're talking about the impact of the "attack" if it were to happen. That could be pretty big, sure. If it happens.

I mentioned the word economics to illustrate the reduced likelihood of an attack, and I think the illustration still stands.



BDFL - Memuneh
61205 posts

Uber Geek
+1 received by user: 11982

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 64618 22-Mar-2007 08:39
Send private message

CrispinMullins: I mentioned the word economics to illustrate the reduced likelihood of an attack, and I think the illustration still stands.


And that's my point: the sofware is vulnerable, as agreed before because of a series of inherent reasons. But the likelyhood of an attack is less not because of the software being safer, but because the economical impact is smaller. Simple as that.







Juha
1318 posts

Uber Geek
+1 received by user: 5

Trusted
Subscriber

  Reply # 64619 22-Mar-2007 08:40
Send private message

Apple won't make the vulnerability headlines until it reaches a market share well beyond the present three to four per cent. The simple truth is that crackers get a better return on their un-targetted attacks by going for the operating system used by the vast majority... Windows in its different versions.




128 posts

Master Geek


  Reply # 64622 22-Mar-2007 08:49

freitasm: But the likelyhood of an attack is less not because of the software being safer, but because the economical impact is smaller. Simple as that.


Yes, but the lower the likelihood of an attack, the safer the software is!

Juha
1318 posts

Uber Geek
+1 received by user: 5

Trusted
Subscriber

  Reply # 64625 22-Mar-2007 08:51
Send private message

CrispinMullins: Yes, but the lower the likelihood of an attack, the safer the software is!


No, that's not logical. The lower the likelihood of an attack, the safer the environment is - but that's not true for today's Internet, as you well know.




128 posts

Master Geek


  Reply # 64626 22-Mar-2007 08:56

juha: No, that's not logical. The lower the likelihood of an attack, the safer the environment is - but that's not true for today's Internet, as you well know.


Häh? Do we have differing definitions of "safe", or what am I missing?

Juha
1318 posts

Uber Geek
+1 received by user: 5

Trusted
Subscriber

  Reply # 64628 22-Mar-2007 09:03
Send private message

Yes, very different. Insecure software doesn't magically become safe just because the current likelihood of attack is lower. If that was the case, you should be running ReactOS or MINIX or whatever.

You also need to bear in mind that much of OS X comes from a large, Open Source non-Apple code base that is currently being targetted by crackers.




128 posts

Master Geek


  Reply # 64632 22-Mar-2007 09:45

juha: Yes, very different. Insecure software doesn't magically become safe just because the current likelihood of attack is lower. If that was the case, you should be running ReactOS or MINIX or whatever.


Security by obscurity (which is essentially what we're talking about) is but one piece of the puzzle, and nobody should rely on it. But it has its merits. As long as Apple (and others) keep their end of the bargain, continuing to patch vulnerabilities, then I consider myself to have the best of both worlds.

I think the spontaneous analogy to human health is a good one, and that we should be talking about security in terms of risk rather than in absolutes (a la Schneier's "security is a trade-off" mantra). Do we as human beings consider ourselves "safe", given the constant threat from viruses and continuously evolving bacteria?

Hmm. I could work on this and make millions!



Juha
1318 posts

Uber Geek
+1 received by user: 5

Trusted
Subscriber

  Reply # 64634 22-Mar-2007 10:10
Send private message

CrispinMullins: Hmm. I could work on this and make millions!


Possibly, but I for one wouldn't hire you as a security consultant. Smile




643 posts

Ultimate Geek


  Reply # 64659 22-Mar-2007 11:46

the Airport firmware bug is more than well known but only to Apple enterprise admins because it only affects multiple-basestation networks - and then only affects certain configurations (bridge mode and single SSID roaming). But, the fix should be released soon I hope. I've had to revert to firmware version 5.5.1 to avoid this issue and 5.5.1 is vulnerable to archaic ICMP fragmentation attacks.

oh, and I don't think security through obscurity has any merit. Apple should not rely on their lack of market share for security! But saying there are no viruses on Macs is a total lie. I regularly clean Microsoft Word macro viruses off Macs because the email server bounces their messages. lol.




Sniffing the glue holding the Internet together



BDFL - Memuneh
61205 posts

Uber Geek
+1 received by user: 11982

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 68033 21-Apr-2007 19:07
Send private message

Apple released patches for twenty five vulnerabilities... And Mac OS X is hacked through a Safari vulnerability only hours after a contest was launched looking for someone able to do it.

[Moderator edit (bradstewart): All Your Vuknerabilities Are Belong To Me]




278 posts

Ultimate Geek
+1 received by user: 7

Trusted

  Reply # 68035 21-Apr-2007 19:53
Send private message

Be interesting to see more details of the Safari hack...

Of course it didn't happen "only hours after a contest was launched looking for someone able to do it."
It happened after "organizers relaxed the rules" because nobody was able to do it.







BDFL - Memuneh
61205 posts

Uber Geek
+1 received by user: 11982

Administrator
Trusted
Geekzone
Lifetime subscriber

Reply # 68036 21-Apr-2007 19:55
Send private message

Relaxed rules or not it was done. Strict rules for an artificial condition doesn't mean real life is always restricted, right?






278 posts

Ultimate Geek
+1 received by user: 7

Trusted

Reply # 68037 21-Apr-2007 20:07
Send private message

Hard to comment, no details of exploit have been released!





1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.