It's not exactly censorship if it's an opt-in system. But as a site admin I'd approve of one more way to limit my liability in the terms of children accessing my content and providing an easy way for admins of networks where my content would be inappropriate (work, public terminals, etc.)
I wonder how much of their installed base Samba will lose overnight when 10.7 Lion ships. It was a great product in OS X, but I'm not going to keep the door from kicking you on your way out.
From my personal experience, items received from flextronics have usually been in worse condition then when they left. We used to have our laptop tech tear down each one received and fix all the unattached cables, stripped/missing screws, and improperly seated cards. Yes, it was that bad. Apples DOA rate is not anywhere near what you are suggesting. Sure, issues come up from time to time but that happens with any manufacturer. Batteries, capacitors, multiple kinds of defective gpus: these are things Apple didn't cause but affected their products, and they've replaced under warranty or REP. Apple has had plenty of self-caused issues too, but you're way you of the water here.
Are the rest of your friends still on typewriter: qwerty edition? I work for a small consulting company and all my friends bring their dead machines asking for free virus cleanings. I make them pay me in beer or real money these days because it takes so much time if I don't disregard their data. Unless your friends are all security savvy, or very low in numbers, chances are you're like me cleaning off their machines and begging them to keep up on their AV software.
They don't have to be "retarded" just computer-retarded, which many of my friends are and have no issue with admitting it. Unfortunately a lot of them now have macs and my beer supply is running low.
Snow Leopard was a more minor update than Lion is, as far as devs are concerned. I suspect it will be at least late summer till this is out. They've released a very early and buggy(from what I hear) DP build so devs will have plenty of time to get their apps ready for the more drastic changes. This should provide plenty of time for security researchers to battle-test it.
I don't know much about Apple's "security culture," but since you're asking what's missing from your list, the missing piece would be acting upon the information they receive and releasing security patches on a timely basis.
This is Apple's Achilles' heel, and what they're working to resolve. Look at the recent high profile security hires and it should be rather apparent they at least have a few dedicated people on it these days, when before they would just set a keyboard in a monkey's cage and wait him to pound in a fix.
Also, one competition, especially one with such prizes as the actual computer being targeted, is hardly a measure of overall security and system design.
This is just one competition where the key is to crack something quickly so you can have a prize. This is hardly the defining mark of a platform's security, only one minor measure. People act as though it's the end-all benchmark of security. It's not, and I don't believe that anyone involved in the competition would agree that it is.
I've had a Mac OS X Server machine open to the world for 2 years now, partially to just see what people would try to do. I watch the system very closely hoping I will see something happen so I can learn a little about it. Services running are SMB, AFP, Apache, Cal/CardDAV, Email for a few domains, MySQL, Software Update Server, AFP, VNC, and ARD. This server is setup as mostly default with only basic security precautions taken: Disabling clear text authentication mechanisms and using overly-strong passwords to rule out brute force attacks. The firewall has only recently been turned on, all ports open, to utilize the brute-force attempt throttling mechanism that requires it. This server hosts a few of my personal pet project domains, any information that would be considered valuable to intruders is actually kept in AES-encrypted sparse images. I'm overly paranoid about backups, so any vandalism-type attacks are quickly recovered from.
So far I've only seen a good share of brute force attacks from IPs in Poland and China agaist SSH, FTP, and VNC. There have also been a whole crapload of spam registrations to the hosted WordPress site, but that's not an OS X issue.
This is the reason most people jailbreak their phones to begin with. Apple would definitely make a lot of users happy if they allowed unofficial app repositories. People wouldn't be rooting their phones and compromising security, but I would get those apps I want and are not available.
I don't intend to sound ignorant, though I really am:
So, somebody wants to use my electricity, my CPU, and my network connection in exchange for "currency" that I can't use to pay for any of those things when the bill arrives or I need new hardware?! That sounds fishy even to me. Excuse me while I go check to see if that nice Nigerian prince ever deposited that money he promised me.
As one of the other posters pointed out, unless your electricity is free you're losing money the entire way. Unless by some miracle their currency can pay an electric bill. At full load, my mac pro consumes about $30/month.
1. the article clearly states that the phone is NOT jailbroken by the original owner. It is jailbroken by the attacker. So, FALSE.
2. You're right that they say it's part of the process, but the CONTEXT of your sentence ("Only" being the key term) because they explain clearly when jailbreaking is used: False
Re-read what you're quoting before calling him an a-hole for being correct. to paraphrase: the exploit can be accomplished using physical access, the device locked and not jailbroken. Make sure you're correct before throwing a tantrum.
I don't fully understand the exploit because I'm unfamiliar with the keychain on the iPhone but I am familiar with it on the Macintosh, but I'm assuming it uses a similar setup. On the mac, if your login password matches the keychain password, it automatically unlocks the keychain, otherwise it asks you for a keychain password. Since there is no login password on the iPhone short of the screen lock, how is it managing to lock down these to begin with. Also, is there something similar to putting a custom password in as your keychain password that we can do in the short term to bypass this issue?
Nobody says they're unhackable. I think youre thinking about the classic "macs are more secure" debate, which is much different. But nobody with an ounce of geek in them would stretch so far to say something is unhackable. Anything can be hacked when an appropriately skilled person is given enough patience, physical access, and the right tools.
Ballmer is the iceberg.
The company flopped years ago, but has been burning through everything they have trying to keep itself afloat.
Patch the hole, ditch Ballmer. Get a real leader. Profit (again).
It shouldn't be possible, but that doesn't mean that it truly isn't possible. I'd hate to be the poor guy that finds out that it is. As always, only the brave/foolish should be trying it and everyone else should wait. Being safe is underrated, but I've bricked plenty of devices to say "I'm going to have you do it first".
Slashdot Mirror
It's not exactly censorship if it's an opt-in system. But as a site admin I'd approve of one more way to limit my liability in the terms of children accessing my content and providing an easy way for admins of networks where my content would be inappropriate (work, public terminals, etc.)
I wonder how much of their installed base Samba will lose overnight when 10.7 Lion ships. It was a great product in OS X, but I'm not going to keep the door from kicking you on your way out.
From my personal experience, items received from flextronics have usually been in worse condition then when they left. We used to have our laptop tech tear down each one received and fix all the unattached cables, stripped/missing screws, and improperly seated cards. Yes, it was that bad. Apples DOA rate is not anywhere near what you are suggesting. Sure, issues come up from time to time but that happens with any manufacturer. Batteries, capacitors, multiple kinds of defective gpus: these are things Apple didn't cause but affected their products, and they've replaced under warranty or REP. Apple has had plenty of self-caused issues too, but you're way you of the water here.
Apple has FAILED on their attempts to make their own phones, and instead have focused on making an OS they give out for "free."
I'm assuming that's a typo and you meant Google.
They don't have to be "retarded" just computer-retarded, which many of my friends are and have no issue with admitting it. Unfortunately a lot of them now have macs and my beer supply is running low.
Snow Leopard was a more minor update than Lion is, as far as devs are concerned. I suspect it will be at least late summer till this is out. They've released a very early and buggy(from what I hear) DP build so devs will have plenty of time to get their apps ready for the more drastic changes. This should provide plenty of time for security researchers to battle-test it.
Well now that they don't have an enterprise-class server, and exciting the pro market, it's the perfect time to make their OS enterprise ready!
I don't know much about Apple's "security culture," but since you're asking what's missing from your list, the missing piece would be acting upon the information they receive and releasing security patches on a timely basis.
This is Apple's Achilles' heel, and what they're working to resolve. Look at the recent high profile security hires and it should be rather apparent they at least have a few dedicated people on it these days, when before they would just set a keyboard in a monkey's cage and wait him to pound in a fix.
Because one person's opinion = fact? That's not exactly how that whole fact thing works.
Also, one competition, especially one with such prizes as the actual computer being targeted, is hardly a measure of overall security and system design.
This is just one competition where the key is to crack something quickly so you can have a prize. This is hardly the defining mark of a platform's security, only one minor measure. People act as though it's the end-all benchmark of security. It's not, and I don't believe that anyone involved in the competition would agree that it is.
It's also a great machine to use for hacking. Any one of these guys worth their salt would surely know what's not secure and lock it down.
I've had a Mac OS X Server machine open to the world for 2 years now, partially to just see what people would try to do. I watch the system very closely hoping I will see something happen so I can learn a little about it. Services running are SMB, AFP, Apache, Cal/CardDAV, Email for a few domains, MySQL, Software Update Server, AFP, VNC, and ARD. This server is setup as mostly default with only basic security precautions taken: Disabling clear text authentication mechanisms and using overly-strong passwords to rule out brute force attacks. The firewall has only recently been turned on, all ports open, to utilize the brute-force attempt throttling mechanism that requires it. This server hosts a few of my personal pet project domains, any information that would be considered valuable to intruders is actually kept in AES-encrypted sparse images. I'm overly paranoid about backups, so any vandalism-type attacks are quickly recovered from. So far I've only seen a good share of brute force attacks from IPs in Poland and China agaist SSH, FTP, and VNC. There have also been a whole crapload of spam registrations to the hosted WordPress site, but that's not an OS X issue.
Every single year, OSX loses the Pwn2Own competition first.
Could just be that the hackers want the mac the most ;-)
Not to mention you get more press.
At very least you'd expect a large scale dry-run with simulated data that should bring these errors out before becoming live.
This is the reason most people jailbreak their phones to begin with. Apple would definitely make a lot of users happy if they allowed unofficial app repositories. People wouldn't be rooting their phones and compromising security, but I would get those apps I want and are not available.
I don't intend to sound ignorant, though I really am:
So, somebody wants to use my electricity, my CPU, and my network connection in exchange for "currency" that I can't use to pay for any of those things when the bill arrives or I need new hardware?! That sounds fishy even to me. Excuse me while I go check to see if that nice Nigerian prince ever deposited that money he promised me.
As one of the other posters pointed out, unless your electricity is free you're losing money the entire way. Unless by some miracle their currency can pay an electric bill. At full load, my mac pro consumes about $30/month.
#3. You were clearly stating something that was not true, possibly confusing people. Not really subjective.
1. the article clearly states that the phone is NOT jailbroken by the original owner. It is jailbroken by the attacker. So, FALSE.
2. You're right that they say it's part of the process, but the CONTEXT of your sentence ("Only" being the key term) because they explain clearly when jailbreaking is used: False
Please, RTFA
Re-read what you're quoting before calling him an a-hole for being correct.
to paraphrase: the exploit can be accomplished using physical access, the device locked and not jailbroken. Make sure you're correct before throwing a tantrum.
I don't fully understand the exploit because I'm unfamiliar with the keychain on the iPhone but I am familiar with it on the Macintosh, but I'm assuming it uses a similar setup. On the mac, if your login password matches the keychain password, it automatically unlocks the keychain, otherwise it asks you for a keychain password. Since there is no login password on the iPhone short of the screen lock, how is it managing to lock down these to begin with. Also, is there something similar to putting a custom password in as your keychain password that we can do in the short term to bypass this issue?
Nobody says they're unhackable. I think youre thinking about the classic "macs are more secure" debate, which is much different. But nobody with an ounce of geek in them would stretch so far to say something is unhackable. Anything can be hacked when an appropriately skilled person is given enough patience, physical access, and the right tools.
James Cameron sunk the Titanic.
Ballmer is the iceberg.
The company flopped years ago, but has been burning through everything they have trying to keep itself afloat.
Patch the hole, ditch Ballmer. Get a real leader. Profit (again).
It shouldn't be possible, but that doesn't mean that it truly isn't possible. I'd hate to be the poor guy that finds out that it is. As always, only the brave/foolish should be trying it and everyone else should wait. Being safe is underrated, but I've bricked plenty of devices to say "I'm going to have you do it first".