Slashdot Mirror

← Back to Stories (view on slashdot.org)

PC Mag - Mac OS X Insecure

Posted by CmdrTaco on from the no-big-surprise-here dept.

Suki writes "In this recent story a PC Mag writer concludes that "Panther and Jaguar were not better at outrunning vulnerabilities than Windows" and as my personal fav. ends by asking "How cocky are you feeling now, Mac elite? Hmm. Suddenly it's gotten pretty quiet around here." The article discusses many previous Windows security holes against a recent Mac OS X security flaw."

4 of 991 comments (clear)

  1. Re:Same DHCP "Flaw" by jimbo3123 · · Score: 5, Informative

    The earlier slashdot story is here: http://apple.slashdot.org/article.pl?sid=03/11/28/ 2226226&mode=thread&tid=126&tid=172&tid=179&tid=18 5&tid=190

    Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network."

    --
    There should be a moderation category "Dumbest Comment EVER"
  2. it's quiet because you're such a pussy.... by otis+wildflower · · Score: 5, Informative

    ... that you don't put your email in your attribution or anywhere in the article.. Luckily, thanks to Google, your bio reveals your email to be:

    Lance_Ulanoff@ziffdavis.com

    Share and enjoy!

  3. Re:The author is an idiot by psychogentoo · · Score: 5, Informative
    In regards to the Directory Access / malicious DHCP vulnerability, the "use DHCP-supplied LDAP server" option is turned on by default. For this vulnerability to be exploited, either you're using an "untrusted" network or your network got hacked!

    If you don't use a DHCP / LDAP server then its recommended that you turn it off.

    This is from the apple site:
    You don't use a directory service

    1. Click the Finder icon in the Dock.
    2. From the Go menu, choose Applications.
    3. Find the Utilities folder and double-click to open it.
    4. Open the Directory Access utility.
    5. Click the lock button, type your password, and click OK
    6. to authenticate.
    7. Select the LDAP service and click Configure.
    8. Deselect the "Use DCHP-supplied LDAP Server" option. See Figure 1.
    9. Click OK. Your computer is no longer susceptible to this exploit.
  4. iTunes by Mr+Pippin · · Score: 5, Informative
    To quote part of the article:

    Meanwhile, we can already see what happens when Apple has a broadly popular product that cuts across platforms. The Apple iPod is the number one MP3 player, and now that its companion computer utility, iTunes, is available for both the Mac and the PC, it has become a hack target. In fact, Jon Lech Johansen, the same Norwegian who cracked the DVD security code, recently circumvented the iTunes music protection scheme.

    An event like that occurring makes sense to me, since iTunes' popularity makes it a target worth hacking -- and whatever mystical Mac mojo there may be, it didn't go far in protecting a popular Apple product.

    Steve Jobs stated when the iTunes music store was announced that the DRM would be hacked. The point was to provide a DRM solution that was not restrictive to honest users. That was delivered.