Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snow Leopard Missed a Security Opportunity

Posted by kdawson on from the where-did-you-put-it-what-you-know-where-do-you-think-oh dept.

CWmike writes "Apple missed a golden opportunity to lock down Snow Leopard when it again failed to implement fully a security technology that Microsoft perfected nearly three years ago in Windows Vista, noted Mac researcher Charlie Miller said today. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus makes it harder for them to craft reliable exploits. 'Apple didn't change anything,' said Miller, of Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive 'Pwn2own' hacker contests. 'It's the exact same ASLR as in Leopard, which means it's not very good.'"

13 of 304 comments (clear)

  1. Let's not let facts get in our way by Anonymous Coward · · Score: -1, Troll

    All fellow mac users, let's not let facts get in our way. Just like the ads of our truly beloved company over how superior our products are to Microsoft, let's keep on bragging the superiority of macs - even in terms of security. Mac are the best. Windows sucks. Repeat it till you die.

    1. Re:Let's not let facts get in our way by MisterSquid · · Score: 1, Troll

      Yes, let's not let facts get in the way of observing that, theoretically, PCs are more secure. Macs are only empirically more secure. Stupid Mac users.

      --
      blog
    2. Re:Let's not let facts get in our way by gbrandt · · Score: 0, Troll

      Calling Mac users stupid is not 'informative', the parent must be modded down.

  2. Can't wait by socrplayr813 · · Score: -1, Troll

    Aaannnd discussion devolves in UAC rants and Microsoft bashing in 3.. 2.. 1...

    Oh wait... it's Slashdot. No devolution is required or possible.

    --
    The confidence of ignorance will always overcome the indecision of knowledge.
    1. Re:Can't wait by Anonymous Coward · · Score: 0, Troll

      Actually since a few years the M$-fanboys are a majority at this place. But keep on ranting, if it makes you feel superior.

  3. Re:It doesnt matter... by Chrisq · · Score: 0, Troll

    Yes, apple fanboys have to worry more about a different sort of virus.

  4. Intellectual Property by Ollabelle · · Score: -1, Troll

    And the author thinks that Apple is going to license anything from Microsoft?

    --
    Ibid.
  5. Here they come... by Anonymous Coward · · Score: -1, Troll

    Yes. Just like all other apple zealots and fanbois, you missed a big gaping hole in the security.

    But don't let facts get in your way. Cults have always succeeded.

  6. Re:It doesnt matter... by Anonymous Coward · · Score: -1, Troll

    Likewise, Obama missed an opportunity to make good on his campaign rhetoric and unite this country. Turns out he's weaker than Jimmy Carter. I'll bet Carter is really looking forward to getting rid of the title of "Most Ineffective President Ever."

  7. Re:It doesnt matter... by Ontheotherhand · · Score: 0, Troll

    afaik, smug bastard, rich bastard and of course, more money than sense bastard are not caused by micro-organisms. er, i suppose i should balance that by mentioning that i know people who use macs who are really nice people and they get great work done. none of them post on slashdot, tho.

  8. Re:Microsoft technology? Really? by drinkypoo · · Score: -1, Troll

    Please read and understand my comment, per my sig. We covered this here already, and I am not going to go back and find a citation for you. If you were not amazingly lazy you would have found a citation in less time than it takes to ask for one.

    Do not expect me to do your homework for you. I am not here to train you. I am not here to teach you. If you would like one of those things, pay me.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. Re:It doesnt matter... by Anonymous Coward · · Score: 0, Troll

    > there is no mono-culture who is interested in making the overall product

    Apple fanboy...

    If there's a kernel bug or security hole, Linus will certainly fix it within hours. Likewise, for libraries using the linux operating system.

    > people don't update their Linux boxes as quickly as Macs or Windows too

    Of course not. Server uptimes > 1 year are quite common.

    > I have seen Linux Hacked more often then Mac because of that fact

    You are talking rubbish!

  10. Re:This article sucks by nine-times · · Score: 0, Troll

    Does DEP do anything other than make me disable it when it has a false positive on some application that I want to run? I think that the only time I've heard of it was when Windows wouldn't install some driver (and yes, I confirmed that it was a real driver from a valid source) and the website said, "If you have this problem, disable DEP."