Re: OS X security holes so numerous Apple can't keep up...


"Alan Baker" <alangbaker@xxxxxxxxx> wrote in message
news:alangbaker-48B627.18334421042006@xxxxxxxxxxxxxxxxx
In article <4kb2g.50832$_S7.21639@xxxxxxxxxxxxxxxxxxxxxxxxxx>,
"John Slade" <hhitman86@xxxxxxxxxxx> wrote:

"Alan Baker" <alangbaker@xxxxxxxxx> wrote in message
news:alangbaker-E10895.23555020042006@xxxxxxxxxxxxxxxxx
In article <eJ_1g.50710$_S7.20264@xxxxxxxxxxxxxxxxxxxxxxxxxx>,
"John Slade" <hhitman86@xxxxxxxxxxx> wrote:

"Alan Baker" <alangbaker@xxxxxxxxx> wrote in message
news:alangbaker-335000.20015320042006@xxxxxxxxxxxxxxxxx
In article <xuX1g.29833$BL7.23262@xxxxxxxxxxxxxxxxxxxxxx>,
Stew <antwun@xxxxxxxxx> wrote:

http://www.security-protocols.com/modules.php?name=News&file=article&sid
=32
33

Scary! Did chimps code OS X?

Let's take them one by one:

"Apple OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow"

His own links says:

"Solution:
This issue was silently fixed by Apple in update 10.4.6.
http://docs.info.apple.com/article.html?artnum=303411";

<URL:http://www.security-protocols.com/sp-x24-advisory.php>

IOW, fixed; a non-issue.

Actually you are incorrect. It is an issue to those who don't
upgrade
to
get the fix. Why that happened to Windows 2000 users a while back.
However
the Mackooks didn't blame the people who didn't upgrade, they heaped
the
entire blame on Windows itself.

When the original article states:

'From what I have been told, they "will be fixed in the next security
release".'

...it kind of destroys the author's credibility to present something
that's already been fixed, don't you think?

No. I mean just look at the Windows situation. There was an exploit
or
virus in Windows 2000. Microsoft issued a patch that fixed the problem.
However many businesses didn't want to upgrade because it involved
reboting
for the fix to take effect. Sometimes the upgrade makes Windows
incompatible
with the current versions of the specialized software they run. So, when
the
exploit is taken advantage of of the virus is spread, their computers
fell.
This is not a platform specific issue. In Unix and Linux OSes, upgrades
are
not performed because a reboot is needed. The files that need to be
upgraded
are in memory and being used so the computer has to be rebooted.
Sometimes
the same kinds problems that effected Windows computers also effect Unix,
OS
X(Darwin Unix) and Linux.

It's pretty stupid to not report an exploit because a fix exists.

It's even stupider to report that there isn't a fix available yet...


...WHEN THERE IS A FIX!

What are you talking about, Apple had a fix and didn't want to make it
public. It's far more prudent to let eveyone know about the security hole
and how to fix it rather than don't tell anyone about it. If any company
does this, it's just plain bad business. Most of the time when I hear about
a hole in Windows, there is a fix on my computer for it. Sometimes there is
no fix, they tell people to watch out and that they're working on a fix.
It's stupid to keep it quiet even when there is no fix. They can tell the
user what percautions to take to mitigate the chances of their computer
being exploited.


That's just plain crazy. I'm curious as to why Apple didn't make the
exploit
more widely known and give instructions to users on how to protect
themselves. Apple would probably use the excuse that they didn't want to
tell the hackers about the exploit so they couldn't take advantage. That
would be pretty dumb for them to do. Apple probably kept it quiet because
now that Apple makes Intel based compuers, their main selling point is
becoming the malware issue. It wouldn't help to press that point and then
issue a statement saying there is a mile wide security hole in OS X. Wake
up.



When are you guys going to give up on this malware hype that really
doesn't do much to a system? I mean if we listened to the nuts in here
like
Jimmy Lee and Polaski, we would stupidly think that Windows XP is just
plain
unusable. That is very far from the case.

I'm not hyping anything. I'm debunking.

Debunking what? The exploit exists and posses a clear and present
danger
to Mac users who haven't upgraded.

I'm debunking the author's claims. He claims a bunch of stuff, I show
that he's getting at least some of it wrong. It suggests strongly that
he doesn't actually know what's going on.

It's clear what's going on. Apple didn't want to make it widely known
that there is a big security hole in their OS that supposed to be more
secure than the competition. That's what's going on. This reminds me of when
Apple didn't want people to go out and upgrade their Macs with faster
processors so they secretly put code in an upgrade that would disable any
computer with a third party upgrade. They claimed it was done for software
stability. Apple does dirt and it's a damned shame that people are to loyal
to realize that.


And you don't know that it presents any danger at all. He says it "may",
but then he also says it hasn't been fixed yet...

...WHEN IT HAS!

It does present a danger. I don't care what the OP got wrong. What I do
notice is that Apple tried to cover it up. You need to pull your head out of
Steve Job's ass. You would never see me defending Bill Gates for his shady
behavior.

John


.

Relevant Pages

  • Re: OS X security holes so numerous Apple cant keep up...
    ... This issue was silently fixed by Apple in update 10.4.6. ... Why that happened to Windows 2000 users a while back. ... the Mackooks didn't blame the people who didn't upgrade, ... for the fix to take effect. ...
    (comp.sys.mac.advocacy)
  • Re: OS X security holes so numerous Apple cant keep up...
    ... This issue was silently fixed by Apple in update 10.4.6. ... It is an issue to those who don't upgrade to ... Why that happened to Windows 2000 users a while back. ... System files on Solaris can be upgraded while the o/s is running, ...
    (comp.sys.mac.advocacy)
  • Re: RTHDCPL.EXE - Illegal System DLL Relocation
    ... I'm strongly believe that comes from Windows upgrade issue, ... It's ridiculous to have to fix a problem that was created by microsoft. ... a service called quickstart.exe brings up the Illegal System DLL ...
    (microsoft.public.windows.mediacenter)
  • Re: OS X security holes so numerous Apple cant keep up...
    ... This issue was silently fixed by Apple in update 10.4.6. ... It is an issue to those who don't upgrade ... Why that happened to Windows 2000 users a while back. ... the same kinds problems that effected Windows computers also effect Unix, ...
    (comp.sys.mac.advocacy)
  • Re: HP MCE Upgrade Issues..
    ... a quick fix would be to Reformat the ... HP m370n MCE 2005 upgrade, XP SP2 CD Work Around"- I was able to get around ... It uses Windows XP Media Center Edition, ... >> It should not be showing this. ...
    (microsoft.public.windows.mediacenter)