Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Re:Not a problem on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    Good on ya.

    Hope it won't take Apple as long to get a clue about this as it's taken Microsoft to NOT get a clue about it.

  2. Re:This is not new. on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    I don't want to minimise the difference between Mac OS X and Windows here.

    Apple's taking baby steps down the path to the Dark Side. Microsoft's got the whole "cackling as they fry trusted servants with lightning from their dramatically raised fingertips" shtick down pat.

    But Apple *is* taking those steps. Damn it.

  3. Not necessary, not sufficient, not possible. on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    Not possible, because "requiring the password" is not just an application decision, it's due to a requirement in the OS that you take on admin rights before you perform an operation. If you have to be an admin before you can set the setuid bit you'll force people to have admin rights to do things as simple as run compilers.

    Not sufficient because you don't need the execute bit to load and run code in the general case, all the execute bit does is let one system call (exec()) know how to run applications. It's not needed for scripts, plugins, dynamic libraries, patches, haxies, and so on.

    Not necessary because just removing the option to automatically open safe files (not you or I turning it off, but Apple removing it) would eliminate most of the potential exploits, and creating a "sandbox applications only" subset of LaunchServices would eliminate most of the rest. Your only exposure would be pure social-engineering attacks, and outright bugs (buffer overflows and stack smashing attacks, for example) that can be fixed without further changes in the API or UI.

  4. Re:Cat got my tongue on Hilary Rosen Gripes About iPod, iTMS · · Score: 1

    "burning songs to a CD first, then putting the songs onto my iPod will result in slight quality loss most people can't perceive."

    I can name that tune in 3 words! "Mix, Burn, Rip"

  5. Re:Damn Microsoft on Hilary Rosen Gripes About iPod, iTMS · · Score: 2, Interesting

    Are we now advocating that all content must be available for all platforms?

    About ten or twenty years ago it was looking like we were headed that way. Common formats, common APIs for convertors (EVERY modern OS can run almost all straight UNIX command line tools, without more than a thin wrapper to change the names of the calls... that was sure as hell not true 20 years ago), the whole world was on track to tear down every last barrier between communication, at least for computers. And then it ground to a screeching halt, all in the name of "intellectual property". Proprietary undocumented file formats, digital rights management, even laws against reverse engineering. And it's nuts. It can't possibly work. It's science fiction.

    Back about 10 years ago I had a real long talk with a fella who was real hot for DRM, so he could publish his e-books without worrying about people ripping them off. I didn't see the point, I figured the only way you could get a DRM mechanism that would keep people from copying his eBooks was to have the whole bookreader sealed in epoxy, with some kind of mechanism to tell when there was a scanner pointed at it so it could keep people from reading the pixels and reconstructing the book that way.

    Now, things like the Baen Free Library were way in the future, so I didn't have the argument that DRM-free content actually improved sales, but I really couldn't imagine a tough enough DRM to keep the book from being stripped and passed around... so it at the very least wouldn't hurt them. The people who wanted a "free" copy could get one anyway.

    And that's more or less what's been happening.

    So DRM doesn't work. But in the meantime, well, we'll just have to put up with barriers put up by the music industry, the computer industry, and well-intentioned but poorly-advised lawmakers. If some of these folks don't like the barriers others are putting up, there's a REAL easy solution that would let 'em tear them ALL down...

  6. Re:Clarification please on Hilary Rosen Gripes About iPod, iTMS · · Score: 2, Insightful

    Why not? Woudn't it be of benefit to consumers?

    Maybe a little, in the short term. The loss of competition over the longer term after Apple gets squeezed out of the online music business by Microsoft's bankroll, so we end up with Tweedlereal and Tweedlenapster pretending to compete, is probably not a good thing.

  7. Re:Like everyone else in the tech industry, on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    OS X prolly has just as many exploits and whatnot as Windows.

    There's whole classes of exploits in Windows for which OS X doesn't even provide a mechanism by which they can be emulated. There's no ActiveX, no Insecurity Zones, it ships with all network services OFF by default when you can't even turn them all off in Windows without putting up a firewall, the list goes on and on... and that's why this hole is even an issue, it's the closest OS X has ever come to implementing the biggest design flaw that Windows suffers from. It's a poor weak cousin, to be sure, but it's he biggest step along that path that Apple has taken yet.

  8. Why Windows is like it is... on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    The reason Windows is so full of malware is because everyone uses it.

    Wrong.

    The reason Windows is full of malware is because back in the '90s Microsoft came up with this clever scheme to create a loophole in their agreement with the Justice Department about bundling applications with Windows, by merging Internet Explorer with Windows Explorer so you could have fancy HTML-enhanced windows and control panel applets, and so you could use Internet Explorer as a "universal API" and create web pages that automatically installed local native code components that let you do all kinds of nifty things.

    Then they found out that people could use this to create web pages that did bad things. And email that looked to the HTML control like it was a local file (because the HTML control didn't know it was just a temp file) so the HTML control gave it local rights. And Microsoft proceeded to spend the next seven or so years trying to pin down the border between "safe places" that could do exciting things and "dangerous places" that couldn't. They called the "safe places" the local security zone, and they called the "dangerous places" the internet security zone. But then they had to create exceptions, and exceptions to those exceptions, and as time went on the whole structure became more and more complex.

    Eventually, it got so complex that it was easier to write a stand-alone application and have people download it than to explain to people how to set their ActiveX security settings so they can actually use your nifty ActiveX add-ons. And, of course, they never HAVE been able to pin that border down, because they're trying to make it do so many things...

    THAT is why Windows is a swamp. It's not like there was a sudden thousand-fold increase in the number of Windows users in just ONE year in the late '90s, but sometime around 1997 worms and viruses exploded on the scene. And they were all NEW KINDS of exploits, things that had been unthinkable a few years before. There had even been a joke going around about a virus that was launched JUST BY READING YOUR MAIL. It was hilarious, because we all KNEW nobody would EVER write a mail program that had that kind of capability. I mean, really, you'd be nuts to even think about putting things like a general purpose scripting language into a mail reader in a way the email could even potentially get at it.

    Before then, pretty much all you needed to do to stay virus free was avoid opening attachments and downloading programs. Oh, sure, occasionally there were things like buffer overflows discovered... but they were relatively rare and they were easy to fix.

    Afterwards, all bets were off.

    I mean, I watched this happen, and I said "this is going to be a disaster", and they kept on doing it. I DID manage to ban Outlook and IE and other programs that used the HTML control at our office, though. So I know what things were like through about 2003 if you didn't use these programs... and it was amazing. Every few months the whole company went through a spasm of virus alerts, except for our little corner where... nothing happened. Because we weren't using the bits of Windows that makes Windows the huge malware target that it is. Without the HTML control, Windows is actually pretty nice.

    But don't expect Microsoft to pull it out.

    Just hope Apple steps back from the edge before it's too late.

  9. MOD PARENT UP on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    Apple has been taking tentative steps along the dark path to the place Microsoft lives since the very first release of Safari. They haven't yet reached the point where it becomes impossible to back out without breaking existing software, but it's just a matter of time.

    So, no, this guy isn't a troll, he's just a bit more frustrated than the rest of us.

  10. "If you're a real geek"? on Hilary Rosen Gripes About iPod, iTMS · · Score: 1

    Insert CDRW into burner, then "Mix, Burn, Rip". That takes a real geek, it's real rocket science.

    Yeh, you lose a little bit of quality. But if you cared about the quality you'd be buying uncompressed CDs and ripping them instead of buying online.

  11. Re:Not a problem on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    Not to mention that in Safari on Tiger, it fricken' prompts you whenever you download anything that may contain a program, i.e. a zip file.

    That's another problem with Safari, and if it can't be turned off in Tiger I'm glad I have Firefox as an alternative. The only result of hitting people over and over again with warnings that are usually false alarms is to inure them to the warnings, so when it's not a false alarm people ignore it. This isn't rocket science, either, the principle has been known for millennia.

  12. Re:Where EXACTLY is the autoinstaller? on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    You don't have any clue that 'installing a Dashboard' widget is nothing more than moving the file into the user's widget directory where it just sits there and does not execute

    Yes, I know that. I'm not sure what your point is, though. I don't see what difference that makes... let's defuse the whole "We're talking about Apple" field and talk about Microsoft. Let's say there was some kind of installer on Windows that was absolutely secure and all it did was to move an executable to "Program Files" and put a link to it in your "Start Menu".

    Didn't execute any code. Well, not right away. The user has to select that entry in the Start menu, but remember... there's not normally any danger to running programs from the Start menu, they're already installed. Running a program in what is presented as an "internal" space is not something people worry about. It doesn't raise any red flags.

    This is nothing like "downloading executables to the desktop". It is not (as I noted in another message) anywhere near as dangerous as things like ActiveX, but it is a security problem.

  13. This is not new. on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    This is not new, I've watched Apple make a whole series of design decisions that have the potential of putting OS X' security at stake, right from the first version of Safari when it was a beta on Jaguar. Most of these problems are still there, because most of them haven't yet been turned into exploits, or because by themselves they don't lead to an exploit, or because Apple has found a way to stop some particular exploit without fixing the underlying problem.

    None of them are anywhere near as bad or as deepely embedded as the ones Microsoft has burned into the core of Windows' user interface, but they do show a singular lack of healthy paranoia on Apple's part.

    Some hilights: Using Finder for FTP URLs, using LaunchServices for handling URIs, making "open safe downloads" the default, adding warning dialogs to LaunchServices instead of giving apps handling untrusted content their own stripped down database containing only sandboxing applications, internet enabled disk images, adding a warning dialog to the installer instead of treating the installer as an "unsafe" application, ... and on and on ...

  14. AUGH. bad dog! on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    I wrote ...and making it think that it's downloaded a script from Apple's site...

    Obviously I meant Mozilla's site.

    Where the hell is my proofreader? I even previewed that, and I missed it. BAD HUMAN. NO BISCUIT.

  15. Re:Here's my plan -- I'll do what Apple hasn't don on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    Doesn't Firefox do something sort of like this for extensions?

    Yes, and it's already been used to develop an exploit based on faking Firefox out and making it think that it's downloaded a script from Apple's site.

    The RIGHT fix is for the browser to NEVER do anything with any material it sees except (1) handle it completely in its own sandbox, (2) download it to a file and let the user explicitly decide what to do with it on their schedule, or (3) hand it off to an application or plugin that was registered with it (the browser or a registry intended specifically for untrusted content like "Library/Internet Plug-Ins", NOT LaunchServices) as being intended for use with untrusted objects.

    That's it. There is no fourth option.

  16. WARNING THE USER IS NOT ENOUGH on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    For the past ten years Microsoft has been trying to keep users from running exploits by warning users when they're doing something that in some circumstances might be an exploit, by having a last-minute dialog that pops up. This has not prevented the spread of viruses and malware, all it's done is teach people to "OK" dialogs. I spent years doing support for Windows users and I can't tell you how many times I got called in after someone's done this.

    These kinds of warning dialogs, like the ones they introduced last June to "fix" the LaunchServices hole, DO NOT WORK. They are the computer equivalent of prescribing unnecessary antibiotics. Even if these dialogs could be depended on actually showing up (which they can't), they don't work.

    Any browser, or any other application that is used to view untrusted documents, MUST be a completely sandboxed environment. It NUST NOT have any mechanism to automatically pass control on to any environment that is not equally sandboxed, whether it pops up a dialog or not.

    In particular, at the very least, a browser MUST NOT do any of the following things:

    1. Enable a local access mechanism based only on the location of an object (this is where the Firefox XPI hole comes in, as well as (of course) the whole sorry history of 'cross zone' exploits in IE).

    2. Automatically run any desktop applications on downloading a file (this is where "open safe files" fails).

    3. Automatically install a plugin (ActiveX, XPI, possibly this Widget exploit... I'm not sure where the actual install is being handled).

    4. Use the same list of "helper applications" as the desktop environment (this is where the "help:" hole or the Windows CHM hole came from).

    There's lots more, but these are a few of the ones that have recently been exploited. The basic principle is that unless the user explicitly asks you to (and that means more than just clicking OK on a routine dialog box), you MUST NOT pass control to an application that you do not know, for certain, is designed to handle unsafe content.

    So, the better solution, is only pass control to things that are intended to handle unsafe objects. That's a much shorter list:

    1. Plugins that at some point in time were explicitly installed by the user.

    2. Components included with the browser.

    3. Helper applications that were explicitly registered for use with untrusted objects. That means "registered with the browser", not "registered with the desktop".

    I can't think of anything else. Any other tools, the user should download and manually install themselves. Now that's not certain, I've had a few users download and then explicitly run malware, but it happens an order of magnitude less often and I've yet to have a user do it twice.

  17. Where EXACTLY is the autoinstaller? on Malicious Web Pages Can Install Dashboard Widgets · · Score: 1

    Safari isn't explicitly running an installer, it's "opening a safe file after downloading", because it thinks "ZIP" is a safe file. Now, I don't think of "ZIP" as safe, and I don't think browsers should be opening "safe" files anyway because that turns any security hole in the general purpose application involved into a security hole in Safari, but let's set that aside for a moment because there's another question in my mind here...

    In Panther and earlier, "ZIP" files are opened by Stuffit Expander. Stuffit Expander has its own problems, like it automatically mounts disk images by default (another thing to turn off while you're turning things off) but I don't think it automatically runs "safe" programs. Not only that, but it predates widgets so wouldn't be expected to automatically install a widget when it saw one.

    But in Tiger they don't include Stuffit or Aladding Expander, so presumably they have a different program for handling "ZIP" files. And THAT program would be the one that's automatically running the installer.

    Someone with Tiger... what's that program? Because if that program's automatically running installers it's apparently less secure than the old Expander... and that's ANOTHER security problem to wach for.

  18. Re:Guru Meditation on Longhorn: Fewer BSODs, More RSODs · · Score: 1

    It didn't red screen on a guru, I think it meant ROM checksum failed.

    Did you know that you can't actually fit four elephants in a VW beetle?

  19. Guru Meditation on Longhorn: Fewer BSODs, More RSODs · · Score: 3, Interesting

    Red screen reminds me of the infamous Amiga "Guru Meditation" error. I always said the Amiga was ahead of its time.

  20. Re:Linux and MacOS vulnerable, too on New Mozilla Firefox 1.0.3 Exploit · · Score: 1

    The code uses built-in Mozilla JavaScript extensions to create a local file in a very straightforward way.

    These extensions shouldn't be available to remote sites, whether they're whitelisted or not.

    It then calls "nsILocalFile::launch()" (which does exactly what you think it does) to launch it.

    This shouldn't be available to remote sites, whether they're whitelisted or not.

    If these functions can only be executed by code that's already been installed, then it opens up no more exposure than any other plugin mechanism. There's two separate failures in the design that had to happen to make this a problems.

    First, rather than have the installation done by a request from outside the web page, the installation was done because the web page was whitelisted.

    Second, instead of asking the user before granting extra rights for the whitelisted site, they granted extra rights first.

    Both of these flaws can be fixed and the user-experience will not change in the slightest. The best possible way to do this is to not even have the hooks that enable the extension mechanism in the object tree and symbol table unless they're explicitly added for files that are already installed. That way there's no reason to worry about favicons or other holes... the security mechnaism will "fail closed".

    Whether they will fix them or not, I won't try and guess, but they do have that option.

  21. Re:Thanks for the answer! on New Mozilla Firefox 1.0.3 Exploit · · Score: 1

    has a more restricted idea of what whitelisted sites can do

    Hopefully, once they fix this problem. The difference is that they don't have any big technical or social issues that would keep them from doing a proper fix.

    Now I'm not going to bet one way or the other whether they'll do it or not, I've been surprised too many times... but they have the potential.

  22. Re:Great on Microsoft to Attack RIM with Magneto · · Score: 1

    every major phone manufacturer has an extensive lineup of budget phones with black&white or greyscale screens and almost no extra (useless) features

    Have you tried to find one lately? For your carrier in your area? If you have, then you're probably outside the market Microsoft's primarily targeting, because as far as I know only Amerika has such a messed up telecom industry.

  23. Re:So, what exactly is the downside? on Does launchd Beat cron? · · Score: 1

    And the definition of "acting ethically" is certainly not exactly the same as the definition of "acting within the constraints of patent law as it pertains to software".

    That's good, because I would never dream of suggesting that those are the same thing. In fact I'm not sure it is possible to act ethically as a holder of a software patent, except by making the same choice Dennis Ritchie did.

    APSLv2's exist to limit individual freedoms of use for... what purpose again?

    I certainly can't speak for Apple, although the fact that they wrote the clause so it only applies when they use it defensively is a good sign. Speaking for myself... if all it does is reduce the value of software patents then I'm satisfied.

  24. Re:Is this a design issue that will breed more bug on New Mozilla Firefox 1.0.3 Exploit · · Score: 1

    In a nutshell, Firefox has the idea that some sites are privileged (namely the sites on the whitelist for installing software), it lets privileged sites have a dangerous degree of control over the user's computer, and it has at least one way for unprivileged sites to execute code in the context of a privileged site.

    I hadn't been concerned about this whitelist, because I thought all it allowed you to do was to proceed to the next dialog where you allow an install to take place... and at that point the xpi itself can be loaded and installed. But looking at this exploit it looks like the whitelist is actually at a lower level, and there are other operations that are enabled by the whitelist.

    That's a big problem because it's not designed to 'fail closed', which every security mechanism should. Fortunately, if I'm reading the code correctly, the Mozilla people should be able to fix it permanantly by deferring the granting of additional rights until after the user has approved the install.

    What are the important differences between this and Microsoft Internet Explorer?

    There's a bunch of technical differences, but the big one is social.

    Because of the particular way that Microsoft Internet Explorer is implemented, they can't back out of the underlying problem without making significant changes to the API of the MS HTML control, which would require modifying every program that used the HTML control and also required ActiveX and Active Scripting. And, perhaps more important in a way, without backing down on the whole issue of desktop/internet integration that they fought the Justice Department to a standstill over.

    Firefox doesn't have that problem. It looks like they can defer granting rights based on the whitelist until after the user has positively approved the install, then the situation gets back to the old question of users getting used to security dialogs. This one at least would never be a case of the computer "crying wolf".

  25. Re:Finally... on Simple, Bare-Bones Motherboards? · · Score: 1

    Actually, that would be more obsessing about the dice. And I assure you that we obsess about dice.

    And miniatures. I miss the old super-clean Ral Partha figures from the early '80s. They were the best, and then then something happened and they started coming out with stuff that was almost a parody of amateur modelmaking. No detail to the armor, limbs that looked like they'd been carved by a butterknife. Ghastly.