Re: Security: Apple's solutions

From: dcohenspam@xxxxxxxxxxxx (Daniel Cohen)
Date: Thu, 23 Apr 2009 12:25:39 +0100

Tim McNamara <timmcn@xxxxxxxxxxxxx> wrote:

Whereas Linux was widely publicized today to have a serious security
risk:

http://www.networkworld.com/community/node/41180

http://invisiblethingslab.com/itl/Resources.html

Actually not. The first reference says

"I should note that this particular exploit requires that the attacker
already have admin or root privileges on the box. So this is not an
attack that would be used to gain root access but rather a new way to
hide your rootkit, key logger, or whatever code from detection on boxes
you already "own"."

And also only on certain motherboards.

So it's a security risk, but currently not all that serious a one.

--
<http://www.decohen.com>
Send e-mail to the Reply-To address.
Mail to the From address is never read.
.

Follow-Ups:
- Re: Security: Apple's solutions
  - From: Marcel Pagnol

References:
- Security: Apple's solutions
  - From: Marcel Pagnol
- Re: Security: Apple's solutions
  - From: Barry Margolin
- Re: Security: Apple's solutions
  - From: Tim McNamara

Prev by Date: Re: Finder keeps quitting and restarting
Next by Date: Re: Will my superdrive play all regions of DVD?
Previous by thread: Re: Security: Apple's solutions
Next by thread: Re: Security: Apple's solutions
Index(es):
- Date
- Thread

Relevant Pages

Re: Security: Apples solutions
... "I should note that this particular exploit requires that the attacker ... already have admin or root privileges on the box. ... attack that would be used to gain root access but rather a new way to ... So it's a security risk, but currently not all that serious a one. ...
(comp.sys.mac.system)
Re: Preview pane - dangerous?!
... I take into the consideration if the risk outweighs the ... an attacker would have to host a Web site ... opens HTML e-mail messages in the Restricted sites zone if the Outlook ...
(microsoft.public.outlook.general)
Re: [x86.git#mm] stack protector fixes, vmsplice exploit
... i think per syscall canaries are really expensive. ... accept the risk of panic'ing the box should the opportunity arise. ... changing the canary is to create a guaranteed minimum risk for an attacker ... not saying that one would use such a bug for canary leaking when it can ...
(Linux-Kernel)
Re: Newbie ipchains help
... >>even if I only enable the port for a single IP address? ... >I think it's not a big risk but a middle risk. ... >Attacker sniff your SMB traffics at somewhere your using route. ... >And I'm not sure that contents of SMB traffics encrypted or not. ...
(comp.os.linux.security)
Re: Newbie ipchains help
... I think it's not a big risk but a middle risk. ... Attacker sniff your SMB traffics at somewhere your using route. ... IP, destination IP, source port and destination port. ... And I'm not sure that contents of SMB traffics encrypted or not. ...
(comp.os.linux.security)