Support Our Site
Get Better Gear!
- Notability For iPad: Much More Than A Note Taking App from Ginger Labs, Inc, US$0.99
- Scosche’s RH656m Headphones With Microphone Are Wonderful from Scosche, US$129.99
- IPEVO’s Typi Folio Case & Keyboard for iPad is First-rate from IPEVO, US$79.99
- Scosche’s boomSTREAM BT Speaker: Features & Compromises from Scosche, US$99.95
- FX Photo Studio HD: iPad Painting of Effects Made Easy from MacPhun LLC, US1.99
Top 5 Free Apps
iTunes New Music Releases
Top 5 Paid Apps
Discover New Music
- Miles Davis
- The jazz album to end all jazz albums. Miles Davis and John Coltrane and Cannonball Adderly and the list goes on. The who's who of who's who in jazz have assembled for this monumental record. Get this
- The Redwalls
- Wow! Perhaps my 5-star rating is simply because the Redwalls are not only new and fresh (none of them older than 22!), or perhaps its because -- despite their ages -- they are able to totally capture
- David Bowie
- It must be a lonely place to be considered David Bowie's worst album by just about everyone, including the artist himself. As the last album before Bowie "rebooted" and formed the band Tin Machine, "N
- Alanis Morissette
- Ten years after the original release, comes the traditional celebratory acoustic re-recording. The album has held up remarkably well. While it is not as meaningful to me as it was when I was sixteen,
- Aretha Franklin
While she didn't always have the best taste in song selection, Aretha Franklin is a must-study for anyone with interest in the human voice. She has the kind of powerful, recklessly passionate deliv
Reader Specials
Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!
News
Security Researcher Slams Apple on Security, Offers Blueprint for OS X Exploits
Thursday, August 2nd, 2007 at 4:00 PM - by Bryan Chaffin
Dr. Charles Miller criticized Apples approach to security with Mac OS X, and by extension the iPhones OS X at the Black Hat Briefings conference, saying the company has been negligent in some areas, and has bad practices, to boot. To illustrate this, Dr. Miller said that Apple has a bad habit of including out of date Open Source code in OS X, which makes finding and developing exploits easy, according to a CRN report.
Dr. Miller, a fan of Mac OS X who likes Macs and "loves" his iPhone, garnered headlines in July when he announced that he could gain control of and access to an iPhone through a WiFi network, or by getting an iPhone owner to visit a maliciously crafted Web page through Safari. Dr. Miller and his team at Independent Security Evaluators withheld details of the exploit until Apple released a patch for it, but he warned that additional exploits from the same Safari problems are going to be found, and that it will be the bad guys -- people intending to use the exploits, and not report them to Apple -- who will do so.
The problem, according to Dr. Miller, is Apples habit of including outdated versions of Open Source software in Mac OS X and OS X, versions with known vulnerabilities. Accordingly, he said, it was easy to find ways to exploit the operating systems.
"Heres my formula for finding a zero-day [vulnerability] on a Mac; heres what you do," Dr. Miller said in his presentation. "First, find an open source package that they use thats out of date -- theres plenty of those. Read through the changelog for the current version of that software, find a usable bug thats been fixed in the newer versions. And youre done. You dont have to worry about static analysis or fuzzing or any of that stuff."
For instance, Dr. Millers said that the Samba exploit his team found through its own fuzzing techniques had been found and patched within the last year, but that the version of Samba being used in Mac OS X and OS X hadnt been patched since February of 2005.
For this reason, the researcher said that Apple was actually behind Microsoft when it comes to security. On the other hand, CRN quoted security researcher Dino Dai Zovi, who said that Apple has both strengths and weaknesses in the security realm. He pointed out that Apple has a track record of getting security issues patched very quickly, something he said Microsoft has a track record of doing rather slowly.
Be that as it may, Dr. Miller said that iPhones high visibility is going to bring heightened attention to the platform from the bad guys, effectively putting to a test the notion that Mac OS Xs superior security reputation is more an issue of security-through-obscurity, rather than security through superior design. Dr. Miller is of the opinion that the former is the case, and that Apple needs to improve its security practices.
Recent Headlines
- Reading, Writing, & Saving the World
- Free Retro Gaming for iOS - Activision’s Kaboom!
- Apple Adds Chomp Bits to iOS 6 App Store Discovery
- Notability For iPad: Much More Than A Note Taking App
- Scosche’s RH656m Headphones With Microphone Are Wonderful
- Tim Cook & Larry Page Reportedly Discuss Patents
- Analysis: Amazon Kindle Fire Sold Out, Kindle Fire 2 Pic Leaked
Post Your Comments