Leopard hacked beyond recognition and not even out yet!

anandk · Aug 15, 2007

"Mac OS X Leopard Is a Joke Compared to Windows Vista - Leopard hacked beyond recognition and not even out yet!"

*news.softpedia.com/news/Mac-OS-X-Leopard-Is-a-Joke-Compared-to-Windows-Vista-62746.shtml

mediator · Aug 15, 2007

Woah, there goes anotha debate!

gxsaurav · Aug 15, 2007

Lolz...why m I not surprised by the fake bubble bursting

.

Sir, this is a lie....posted by Windows Fanboys, leopard might be a joke but there are no exploits out there to scare anyone, so it is not affecting any one & is a completely bad UI based article

koolbluez · Aug 15, 2007

Waitin for youknowwho to show his presence here

a_k_s_h_a_y · Aug 15, 2007

koolbluez said:
Waitin for youknowwho to show his presence here

lolz

anyway mac guys/gals who love it coz its cool to have one wont care for it !

a dell xps for me
a mac book pro for my gf !!

iMav · Aug 16, 2007

the mac salesman: its still not out its a beta so dont blame it besides jobs hasnt confessed it can be hacked so it cant be hacked :lol:

summit.nayak · Aug 16, 2007

Is this one also going to be like the mac vs windows thread in the Fight Club forum?

blueshift · Aug 16, 2007

Apple's browser, and by the way version 3 is going by default into Leopard, launches the following programs on execution: "Address Book, Finder, iChat, Script Editor, iTunes, Dictionary, Help Viewer, iCal, Keynote, Mail, iPhoto, QuickTime Player, Sherlock, Terminal, BOMArchiveHelper, Preview and DiskImageMounter." Any security vulnerability residing in any of these applications can be exploited via Safari.

;-(

phaltugiri

infra_red_dude · Aug 16, 2007

1) According to Miller Macs are just as easy to hack as they are to use. "To help users, there are lots of 50+ suid root programs" revealed the security researcher. Suid Root is designed to help with the silent elevation of privileges in Unix and Unix based operating system such as the Mac OS X.....Suid Root is a design flaw, because allowing for silent and automatic elevation of privileges means inviting kernel level exploits.

2) Moreover, Apple does not "bother users with burdensome updates." All the open source solutions included in Mac OS X are not kept up to date including OpenSSH, OpenSSL, Apache, Samba, Cups. "The Samba on Mac OS X had an exploitable remote root vulnerability in it...it hadn’t been updated since February 2005"

3) But of course there's always the "safe from day one" Safari. Apple's browser, and by the way version 3 is going by default into Leopard, launches the following programs on execution: "Address Book, Finder, iChat, Script Editor, iTunes, Dictionary, Help Viewer, iCal, Keynote, Mail, iPhoto, QuickTime Player, Sherlock, Terminal, BOMArchiveHelper, Preview and DiskImageMounter." Any security vulnerability residing in any of these applications can be exploited via Safari.

4) "Apple doesn't randomize anything: the location of the stack, the location of the heap, the location of the binary image, the location of dynamic libraries and (to top it all off) heap is executable."

the reasons for exploits. i'm not surprised! the easier you make an OS the more vulnerable it is to exploit! i guess its time for open group to bring out unix 07 certification wid stronger emphasis on security before anything gets to use that certification.

rocket357 · Aug 16, 2007

Apple doesn't randomize anything: the location of the stack, the location of the heap, the location of the binary image, the location of dynamic libraries and (to top it all off) heap is executable.

Yeeouch...in today's day and age (when Microsoft has implemented ASLR, Linux/Unix has PaX, etc...) that's just asking to become the next "easy target".

Though honestly no amount of acronyms will help if the user compiles/installs vulnerable software on their system...not even OpenBSD will remain secure if versions of Samba are installed that contain remote root vulnerabilities. That's just how it goes...

But the OS vendor's code that comes preinstalled is on par with this:

18 security vulnerabilities for Safari 3 in the browser's first day

That...ehh, that's bad...doubt I'll be trusting any software from them anytime soon!

I'd have a Mac myself, but I can't bring myself to pay for an OS that I'd just install Linux over...

BBThumbHealer · Aug 17, 2007

..So Apple won't have much to cheer abt security this time !

iMav · Aug 17, 2007

and the salesman wont reply here :lol:

vish786 · Aug 17, 2007

iMav said:
and the salesman wont reply here

deliberate act 2 bring someone into debate.... not suppose to do it.

iMav · Aug 17, 2007

u thought i was refering arya .... i wasnt ... so it is u who is trying to make arya feel that im refering to him thereby making him post here .... not supposed to do that

vish786 · Aug 17, 2007

no double games with me sir... not suppose to do that.

Zeeshan Quireshi · Aug 18, 2007

iMav said:
u thought i was refering arya .... i wasnt ... so it is u who is trying to make arya feel that im refering to him thereby making him post here .... not supposed to do that

Leopard hacked beyond recognition and not even out yet!

anandk

Distinguished Member

mediator

Technomancer

gxsaurav

You gave been GXified

koolbluez

Šupər♂ - 超人

a_k_s_h_a_y

Dreaming

iMav

The Devil's Advocate

summit.nayak

NOT a Fresh Stock

blueshift

Wise Old Crow

infra_red_dude

Wire muncher!

rocket357

Security freak

BBThumbHealer

BlackBerry Guru ! :)

iMav

The Devil's Advocate

vish786

"The Gentleman"

iMav

The Devil's Advocate

vish786

"The Gentleman"

Zeeshan Quireshi

C# Be Sharp !