Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snow Leopard Missed a Security Opportunity

Posted by kdawson on from the where-did-you-put-it-what-you-know-where-do-you-think-oh dept.

CWmike writes "Apple missed a golden opportunity to lock down Snow Leopard when it again failed to implement fully a security technology that Microsoft perfected nearly three years ago in Windows Vista, noted Mac researcher Charlie Miller said today. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus makes it harder for them to craft reliable exploits. 'Apple didn't change anything,' said Miller, of Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive 'Pwn2own' hacker contests. 'It's the exact same ASLR as in Leopard, which means it's not very good.'"

7 of 304 comments (clear)

  1. Re:It doesnt matter... by Chrisq · · Score: 0, Troll

    Yes, apple fanboys have to worry more about a different sort of virus.

  2. Re:Can't wait by Anonymous Coward · · Score: 0, Troll

    Actually since a few years the M$-fanboys are a majority at this place. But keep on ranting, if it makes you feel superior.

  3. Re:It doesnt matter... by Ontheotherhand · · Score: 0, Troll

    afaik, smug bastard, rich bastard and of course, more money than sense bastard are not caused by micro-organisms. er, i suppose i should balance that by mentioning that i know people who use macs who are really nice people and they get great work done. none of them post on slashdot, tho.

  4. Re:Let's not let facts get in our way by MisterSquid · · Score: 1, Troll

    Yes, let's not let facts get in the way of observing that, theoretically, PCs are more secure. Macs are only empirically more secure. Stupid Mac users.

    --
    blog
  5. Re:Let's not let facts get in our way by gbrandt · · Score: 0, Troll

    Calling Mac users stupid is not 'informative', the parent must be modded down.

  6. Re:It doesnt matter... by Anonymous Coward · · Score: 0, Troll

    > there is no mono-culture who is interested in making the overall product

    Apple fanboy...

    If there's a kernel bug or security hole, Linus will certainly fix it within hours. Likewise, for libraries using the linux operating system.

    > people don't update their Linux boxes as quickly as Macs or Windows too

    Of course not. Server uptimes > 1 year are quite common.

    > I have seen Linux Hacked more often then Mac because of that fact

    You are talking rubbish!

  7. Re:This article sucks by nine-times · · Score: 0, Troll

    Does DEP do anything other than make me disable it when it has a false positive on some application that I want to run? I think that the only time I've heard of it was when Windows wouldn't install some driver (and yes, I confirmed that it was a real driver from a valid source) and the website said, "If you have this problem, disable DEP."