News Items that Interested me this Week

Ghillie Suits » News Items that Interested me this Week

Ghillie Suits » News Items that Interested me this Week — Fri, 19 Oct 2007 22:34:48 GMT

PingBack from http://ghillie-suits.info/?p=8054

re: News Items that Interested me this Week

MikeA — Sat, 20 Oct 2007 00:06:33 GMT

RE: What if We Had Vuln-Free Software?

-- Didnt you say this ages ago...

http://channel9.msdn.com/ShowPost.aspx?PostID=1405

Whilst I agree 100%, I have the feeling that flaws in the software will still be targeted even if we could aproach no vulnerabilities -- which I doubt because programmers are human, make mistakes, and we've got no closer to "bug free" (as in traditional QA bugs) software in decades of work. (config errors are in a different "bag" I feel - you can't blame the software, but on the other hand it really shouldn't be able to (easily at least) be configured in an insecure way)

The reason (to me anyway) is that targeting of vulns in the software is much less "risky" for the attacker as it's easier for them to keep their anonymity, and the attacks scale a lot easier.

My $0.02 anyway. Thanks for this post though Mike - it's easy to miss news/articles that are interesting.

re: News Items that Interested me this Week

paperino — Sat, 20 Oct 2007 00:20:34 GMT

[quote]

hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista - asking for user consent? :)

[/quote]

In reality Apple has developed a very sofisticated algorithm that:

1. checks what the software might do; if it fails

2. reads the user mind to understand if he knows about it; if it fails

3. will make a secret phone call to Steve Jobs and ask him and only if it fails

4. will ask for user's consent

so 4. will be very unlikely to happen. While performing point 1. will also check and determine if the software will end at a point in the future or not and thus proving that undecidability of software termination is completely bogus. And this for just 129.99$

[quote]

Really? I doubt it.

[/quote]

In reality I guess the fault here is in the guy that is trying to explain what a sandbox is. The funny thing is that the most dangerous application bundled in the OS (Safari) is not sandboxed. Apple really cares about security!!!

re: News Items that Interested me this Week

S.Vidyaraman — Mon, 03 Dec 2007 05:06:09 GMT

Tagging Downloaded Applications

Protect yourself from potential threats....applicable, what URL it came from.

[MH] hhmm, does this mean Apple are doing the very thing they ridiculed about Windows Vista - asking for user consent? :)

Yes and no .... yes in the concept of asking for user consent, no in the context of details ..... UAC, if I understand correctly, causes a intergrity level leap (from the default medium to high). From what the "Tagging Downloaded Applications" says, it sounds more like what XP does, which is mark applications as 'blocked' when downloaded .. only, XP asks you everytime you try to execute the app, unless you specifically go to the properties and say unblock. Of course, all this assuming the user can make the correct decision.

re: News Items that Interested me this Week

Yaniv — Mon, 10 Dec 2007 09:26:54 GMT

*shrug* Security consultant for 10 years, Windows Administrator for 15, UNIX / Linux hacker for 8.

I hardly ever read neither Apple's nor Microsoft completely-fictional-marketing-propaganda, so I don't know about the claims you're talking about in Leopard. I do read technical documents and source code. I don't deem security to be the most important thing in a desktop system, but I do value my privacy a lot.

Oh, I'm running OSX, by the way.