I'm really enjoying being attacked by multiple people for pointing out that the security researchers and Apple don't get along - and that Apple's users are part of the reason. You're really going out of your way to prove me right, aren't you? The insinuation that I think this somehow makes OS X less secure is pure gravy.
And, no, you're wrong - Apple's market share has a direct affect on the security of the OS, because it reduces the likelihood they will be targeted; which is why I gave Macs to my kids, wife and mom.
childishness to the whole MOAB thing. But not just on LHM's side (note - I'm not accusing you of this).
I'm a semi-active follower of security websites and podcasts, and it's pretty evident: somebody does the "Month of Browser Bugs" and everyone claps, they do the "Month of Kernel Bugs" and everyone claps - except Apple users. When MOKB published Apple problems, the backlash was nasty, with lots of the old "you're destroying my security by telling people about these security holes" nonsense. That nasty reaction is exactly what led to the current Month of Apple Bugs.
And, like it or not, Apple has to deal with the PR problems created by random bloggers spewing garbage - whether they are fanboys or hackers.
The *demo* crashes by simply trying to jump to the address "0xbabeface". The point is that if they wanted to, they could have used a more dangerous payload, like a virus.
Heh. If they had released a demo that actually did something nasty, now *that* would have been irresponsible.
Although I've never seen any hard numbers on how much pre-binding improves things; as a developer it has given my serious problems because it complicates how shared libraries are built.
You were responding in a thread discussing the relative security of Windows and OS X
Ummm... No. I started this thread by describing Apple's relationship with security researchers as troubled. Any attempt to drag Windows into it was done by you.
You know, it says something about your own biases that I can say "Linux and OS X" and you read "Windows".
Then I argued that, "Apple does respond to security concerns on their platform, while MS has little motivation to do so" to which you responded with, "MS releases security patches and updates even more frequently than Apple." If you weren't addressing my point, what were you trying to say?
I, in fact, exactly responded to your point - you made a ridiculous claim, that MS does not respond to security issues. First, this has nothing to do with whether or not Windows is more secure than OS X. Second, your statement is quite obviously false, because MS has spend a vast amount of energy trying to fix the security issues in their operating system.
So, seeing how you can't correctly parse other people's statements, and you apparently don't even understand the illogic of your own statements, I can't see the point in continuing this discussion.
The problem is from what happened last year during the "month of kernel bugs" - that website was dedicated to exposing problems in all popular operating systems - which was all well and good and interesting and useful - but when they published Apple bugs they apparently collected a lot of hate from Apple users.
Apparently they collected enough hate from various Apple blogs and users that it motivated them to create this second site.
This isn't a pissing contest; pointing to the insecurity of Windows doesn't make OS X secure - the point is that Apple can and should do more to secure OS X.
This is actually an opportunity for Apple to win some hearts and minds - both from the security community and from users at large. If they go after these holes and patch them aggressively then their reputation can only be improved. If, instead, this month simply becomes "the month of fanboys attacking security researchers" you can expect Apple to lose some of its polish.
Yes, you can assume that when a given application loads into memory the various components will end up in the same addresses every time.
Think about it - in a virtual memory system, memory addresses are rewritten so that the application thinks it has all of memory to itself, even though it doesn't. So, even if the physical location the application gets loaded to is probably different every time, the virtual addresses are almost always going to be the same.
So, how do you defend against this? Apparently, newer operating systems, including Vista and XP (I think?) have a randomizing function that changes the virtual addresses around so that they are different every time the program is loaded. This helps make this kind of exploit harder - although I suspect there are still ways to do it.
I found your original post to be ambiguous and I agree with jpellino that you seem to be blaming Apple users for Apple's security problems.
Right. Again, what did I say that blames Apple?
Stating that a problem exists is not the same thing as placing blame. If I was interested in placing blame, I'd point out a certain 3rd party blogger who created enough rage among security researchers that they named a wireless exploit after him. I think it's fair to say that he's one of the reasons the Month of Apple Bugs even exists.
Apple does respond to security concerns on their platform, while MS has little motivation to do so.
I'm afraid you're showing some ignorance - MS releases security patches and updates even more frequently than Apple. On the other hand, neither patches holes as aggressively as most Linux distributions or even the programmers of the open source CMS system I use.
Perhaps you could try reading my post again, look at your own reply and consider how Apple fanboys have a reputation for pissing off people who have to work with Apple.
For the win: Please point out where I said it was Apple's fault they had a poor relationship with security researchers.
Sonny, I write device drivers for a living, on Linux and on Mac. I assure you, the Mac isn't more secure.
You might want to do a little research into epidemiology and on the economics of hacking in the 21st century if you want to understand why no one has targeted Macs.
I said that the incident contributed to bad feelings between Apple and security researchers. You contrived that to mean that I blame Apple for the problem.
I'm beginning to understand why so many researchers find Apple users annoying.
The wireless exploit you cite, for example, turned out to be hype about a problem that affected no mac in its default state...
The wireless exploit did apply to Airport cards; but you are correct that researchers mishandled the disclosure - which, as I said, resulted in a lot of hard feelings on both sides.
Apple has had poor relations with security researchers for years. Partly it's because of the smug attitude of many Apple users - who assume that because they don't get attacked their OS is more secure; but part is also the researchers themselves.
The flame wars over the airport card exploits is a good example - first, the researchers used a 3rd party card which meant it had little to do with OS X problems, which created a number of he-said-she-said arguments. As I understand it, the airport exploit was (is still?) real, but the arguments created a lot of ill-will on both sides.
How are parents who weren't educated supposed to create such a culture?
The same way mine did - by caring, and by trying.
How hard is it to read baby books to your baby, or even just repeat the fairy tales you learned when *you* were a child?
How hard is it to interact with them when they are toddlers, teaching them their colors, their numbers, their ABCs?
How hard is it to take an interest in your elementary child's education? To make sure they are doing their homework, even if you don't understand it yourself?
Heh. I was reading comp.sys.amiga.* on company time back in '88. Within weeks of Mosaic coming out, everyone in the office was trying it. My first exposure to online gaming was Doom over the company LAN - and the 4 of us in the company group ate so much of our internal bandwidth playing Doom that IT thought the routers were failing (the very first release of Doom was a real network hog). Then there was Pointcast. etcetera and so on...
Slashdot Mirror
I'm really enjoying being attacked by multiple people for pointing out that the security researchers and Apple don't get along - and that Apple's users are part of the reason. You're really going out of your way to prove me right, aren't you? The insinuation that I think this somehow makes OS X less secure is pure gravy.
And, no, you're wrong - Apple's market share has a direct affect on the security of the OS, because it reduces the likelihood they will be targeted; which is why I gave Macs to my kids, wife and mom.
childishness to the whole MOAB thing. But not just on LHM's side (note - I'm not accusing you of this).
I'm a semi-active follower of security websites and podcasts, and it's pretty evident: somebody does the "Month of Browser Bugs" and everyone claps, they do the "Month of Kernel Bugs" and everyone claps - except Apple users. When MOKB published Apple problems, the backlash was nasty, with lots of the old "you're destroying my security by telling people about these security holes" nonsense. That nasty reaction is exactly what led to the current Month of Apple Bugs.
And, like it or not, Apple has to deal with the PR problems created by random bloggers spewing garbage - whether they are fanboys or hackers.
The *demo* crashes by simply trying to jump to the address "0xbabeface". The point is that if they wanted to, they could have used a more dangerous payload, like a virus.
Heh. If they had released a demo that actually did something nasty, now *that* would have been irresponsible.
Although I've never seen any hard numbers on how much pre-binding improves things; as a developer it has given my serious problems because it complicates how shared libraries are built.
You were responding in a thread discussing the relative security of Windows and OS X
Ummm... No. I started this thread by describing Apple's relationship with security researchers as troubled. Any attempt to drag Windows into it was done by you.
You know, it says something about your own biases that I can say "Linux and OS X" and you read "Windows".
Then I argued that, "Apple does respond to security concerns on their platform, while MS has little motivation to do so" to which you responded with, "MS releases security patches and updates even more frequently than Apple." If you weren't addressing my point, what were you trying to say?
I, in fact, exactly responded to your point - you made a ridiculous claim, that MS does not respond to security issues. First, this has nothing to do with whether or not Windows is more secure than OS X. Second, your statement is quite obviously false, because MS has spend a vast amount of energy trying to fix the security issues in their operating system.
So, seeing how you can't correctly parse other people's statements, and you apparently don't even understand the illogic of your own statements, I can't see the point in continuing this discussion.
The problem is from what happened last year during the "month of kernel bugs" - that website was dedicated to exposing problems in all popular operating systems - which was all well and good and interesting and useful - but when they published Apple bugs they apparently collected a lot of hate from Apple users.
Apparently they collected enough hate from various Apple blogs and users that it motivated them to create this second site.
This isn't a pissing contest; pointing to the insecurity of Windows doesn't make OS X secure - the point is that Apple can and should do more to secure OS X.
This is actually an opportunity for Apple to win some hearts and minds - both from the security community and from users at large. If they go after these holes and patch them aggressively then their reputation can only be improved. If, instead, this month simply becomes "the month of fanboys attacking security researchers" you can expect Apple to lose some of its polish.
How does this indicate that Windows is "more secure" despite the fact that it is compromised so often by comparison?
Where the hell did I say Windows is more secure than OS X? When did I say that frequent updates are a measure of security?
Work on that reading comprehension, would you?
I just recently learned more about this;
Yes, you can assume that when a given application loads into memory the various components will end up in the same addresses every time.
Think about it - in a virtual memory system, memory addresses are rewritten so that the application thinks it has all of memory to itself, even though it doesn't. So, even if the physical location the application gets loaded to is probably different every time, the virtual addresses are almost always going to be the same.
So, how do you defend against this? Apparently, newer operating systems, including Vista and XP (I think?) have a randomizing function that changes the virtual addresses around so that they are different every time the program is loaded. This helps make this kind of exploit harder - although I suspect there are still ways to do it.
11 months out of the year are the "Month of Windows Bugs" but your dad thinks OS X is less secure because of this?
I found your original post to be ambiguous and I agree with jpellino that you seem to be blaming Apple users for Apple's security problems.
Right. Again, what did I say that blames Apple?
Stating that a problem exists is not the same thing as placing blame. If I was interested in placing blame, I'd point out a certain 3rd party blogger who created enough rage among security researchers that they named a wireless exploit after him. I think it's fair to say that he's one of the reasons the Month of Apple Bugs even exists.
Apple does respond to security concerns on their platform, while MS has little motivation to do so.
I'm afraid you're showing some ignorance - MS releases security patches and updates even more frequently than Apple. On the other hand, neither patches holes as aggressively as most Linux distributions or even the programmers of the open source CMS system I use.
Since the first 3 films were set in the late 1930s, a 20 year gap would put the fourth one in the 1950s.
All three of the earlier movies were shot in the 80s.
Oh, man. I read this and thought "that can't be right!" - then I looked it up and now I just feel old.
Perhaps you could try reading my post again, look at your own reply and consider how Apple fanboys have a reputation for pissing off people who have to work with Apple.
For the win: Please point out where I said it was Apple's fault they had a poor relationship with security researchers.
Snort.
Sonny, I write device drivers for a living, on Linux and on Mac. I assure you, the Mac isn't more secure.
You might want to do a little research into epidemiology and on the economics of hacking in the 21st century if you want to understand why no one has targeted Macs.
I said that the incident contributed to bad feelings between Apple and security researchers. You contrived that to mean that I blame Apple for the problem.
I'm beginning to understand why so many researchers find Apple users annoying.
The wireless exploit you cite, for example, turned out to be hype about a problem that affected no mac in its default state...
The wireless exploit did apply to Airport cards; but you are correct that researchers mishandled the disclosure - which, as I said, resulted in a lot of hard feelings on both sides.
Apple has had poor relations with security researchers for years. Partly it's because of the smug attitude of many Apple users - who assume that because they don't get attacked their OS is more secure; but part is also the researchers themselves.
The flame wars over the airport card exploits is a good example - first, the researchers used a 3rd party card which meant it had little to do with OS X problems, which created a number of he-said-she-said arguments. As I understand it, the airport exploit was (is still?) real, but the arguments created a lot of ill-will on both sides.
Do you really think "all over the world" people know what CSU means?
If you google for "CSU" the first hit is Colorado State.
How are parents who weren't educated supposed to create such a culture?
The same way mine did - by caring, and by trying.
How hard is it to read baby books to your baby, or even just repeat the fairy tales you learned when *you* were a child?
How hard is it to interact with them when they are toddlers, teaching them their colors, their numbers, their ABCs?
How hard is it to take an interest in your elementary child's education? To make sure they are doing their homework, even if you don't understand it yourself?
Again, where are underprivileged kids going to get access to materials and mentorship?
Wow. you're really struggling with the whole parenthood concept, aren't you?
I was reading before kindergarten; my dad drove a truck and my mother was a waitress. But they still made time to focus on helping me learn.
Oh, and they have these wacky inventions in most cities? They're called libraries they let you read books for free.
I lived in ours.
Arcnet rocked. Twice as fast as silly ol' 1-mbps ethernet.
Heh. I was reading comp.sys.amiga.* on company time back in '88. Within weeks of Mosaic coming out, everyone in the office was trying it. My first exposure to online gaming was Doom over the company LAN - and the 4 of us in the company group ate so much of our internal bandwidth playing Doom that IT thought the routers were failing (the very first release of Doom was a real network hog). Then there was Pointcast. etcetera and so on...
It's an interesting idea, I honestly don't know.