Support Our Site
Get Better Gear!
- Theodolite App for iOS is Breathtaking from Hunter Research and Technology, US$3.99 (Pro and HD versions)
- Akron’s TAB802 Table Mount For iPad Is Sturdy from Akron, US$99.95
- Dinosaurs Roar to Life on the iPad with Stephen Fry from M58959 Studios, US$14.95
- Poldera’s iKeep Holds Your iPhone Close from Poldera LLC, US$19.99
- Mediadevil’s Easyscreen Screen iPad Protector Is Unusual from Mediadevil, £16.97 (US$22.09)
Premier Sponsors
Top 5 Free Apps
iTunes New Music Releases
Top 5 Paid Apps
Discover New Music
- Clap Your Hands Say Yeah
When I first got hooked to Clap Your Hands Say Yeah, the only place I could get their debut album, Clap Your Hands Say Yeah, was through the band's Web site. I listened to the two tracks a
Buffy the Vampire Slayer - Once More, with Feeling
- Various Artists
Most musical episodes of TV shows frankly stink. They are usually little more than ill-conceived vehicles intended to let the stars show off what musical talent they have. Once More, With Feeling,
- Brother Love
- Killer grooves, catchy riffs, edgy vocals with oh-so-just-right layered harmonies, and a drive that will move even YOU out of your chair, Brother Love's initial release is what rock and roll should be
- Beck
Beck is the modern master of the groove, and Guero is merely the latest example of this. From the opening power chords of "E-Pro," to the Pac-Man cuteness of "Girl," to the dirge-like lullab
An Evening with George Shearing & Mel Torm�
- Mel Torm� & George Shearing
- Of the three men who taught me how to sing, the last was Mel Torme. Apparently, Mel Torme is a joke to anyone more than a decade older than me, a living parody of a Vegas crooner. But I stumbled on th
Reader Specials
Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!
News
Security Researcher Slams Apple on Security, Offers Blueprint for OS X Exploits
Thursday, August 2nd, 2007 at 4:00 PM - by Bryan Chaffin
Dr. Charles Miller criticized Apple’s approach to security with Mac OS X, and by extension the iPhone’s OS X at the Black Hat Briefings conference, saying the company has been negligent in some areas, and has bad practices, to boot. To illustrate this, Dr. Miller said that Apple has a bad habit of including out of date Open Source code in OS X, which makes finding and developing exploits easy, according to a CRN report.
Dr. Miller, a fan of Mac OS X who likes Macs and "loves" his iPhone, garnered headlines in July when he announced that he could gain control of and access to an iPhone through a WiFi network, or by getting an iPhone owner to visit a maliciously crafted Web page through Safari. Dr. Miller and his team at Independent Security Evaluators withheld details of the exploit until Apple released a patch for it, but he warned that additional exploits from the same Safari problems are going to be found, and that it will be the bad guys -- people intending to use the exploits, and not report them to Apple -- who will do so.
The problem, according to Dr. Miller, is Apple’s habit of including outdated versions of Open Source software in Mac OS X and OS X, versions with known vulnerabilities. Accordingly, he said, it was easy to find ways to exploit the operating systems.
"Here’s my formula for finding a zero-day [vulnerability] on a Mac; here’s what you do," Dr. Miller said in his presentation. "First, find an open source package that they use that’s out of date -- there’s plenty of those. Read through the changelog for the current version of that software, find a usable bug that’s been fixed in the newer versions. And you’re done. You don’t have to worry about static analysis or fuzzing or any of that stuff."
For instance, Dr. Millers said that the Samba exploit his team found through its own fuzzing techniques had been found and patched within the last year, but that the version of Samba being used in Mac OS X and OS X hadn’t been patched since February of 2005.
For this reason, the researcher said that Apple was actually behind Microsoft when it comes to security. On the other hand, CRN quoted security researcher Dino Dai Zovi, who said that Apple has both strengths and weaknesses in the security realm. He pointed out that Apple has a track record of getting security issues patched very quickly, something he said Microsoft has a track record of doing rather slowly.
Be that as it may, Dr. Miller said that iPhone’s high visibility is going to bring heightened attention to the platform from the bad guys, effectively putting to a test the notion that Mac OS X’s superior security reputation is more an issue of security-through-obscurity, rather than security through superior design. Dr. Miller is of the opinion that the former is the case, and that Apple needs to improve its security practices.
Recent Headlines
- Chinese Authorities Seize Apple iPads in Trademark Dispute
- AT&T Begins Process Toward Offering Shared Data
- OnLive Desktop: Windows & Office on Your iPad
- Battle Pocket Bulge With The Hint for iPhone
- Theodolite App for iOS is Breathtaking
- Forum Poll: Are You Planning on Buying a New iPad?
- Apple Highlights Siri in Two New iPhone 4S Ads
Post Your Comments