Site Maintenance this evening The site will be offline for hosting changes. Time TBC

+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47
Mac Thread, So much for Macs being secure in Technical; Originally Posted by CyberNerd I guess Zdnet don't carry so many OSX security stories I wouldn't see why ZDNet wouldn't ...
  1. #16

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Quote Originally Posted by CyberNerd View Post
    I guess Zdnet don't carry so many OSX security stories


    I wouldn't see why ZDNet wouldn't carry more OS X articles...

  2. #17

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Vista hacked was on Day 3, but through Adobe Flash

    Clearly Apple were the losers here, with Microsoft second and Linux the winner. I don't have much sympathy for Apple really, as Safari is appalling, but as for Microsoft I do have a degree of sympathy. Although security of the OS has been beefed up, it's weakened by an application that probably 90% of all users have installed as it's widely used across the web.

    Would of been interesting if they put Windows XP SP2 or indeed SP3 to see how (in practice) this competes with Vista in the real world security wise

  3. #18


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Michael View Post
    Although security of the OS has been beefed up, it's weakened by an application that probably 90% of all users have installed as it's widely used across the web
    lol, @ the MS shill response.

  4. #19

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    lol, @ the MS shill response.
    Oh well, back to the drawing board. Tomorrow's another day etc etc...

  5. #20

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19
    Quote Originally Posted by CyberNerd View Post
    lol, @ the MS shill response.
    That's a bit harsh. It has been a matter of debate the extent to which the OS developer can be held responsible for the quality of OEM bundled software.

    In this case it is half and half between Adobe and Microsoft. Although it was Adobe 's software that contained the exploited vulnerability, it was Microsoft's Active X technology framework that makes it possible for the cracker to own the own the box.

  6. #21


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Michael View Post
    Oh well, back to the drawing board. Tomorrow's another day etc etc...
    Really. Linux was tested against the same criteria.

    In this case it is half and half between Adobe and Microsoft. Although it was Adobe 's software that contained the exploited vulnerability, it was Microsoft's Active X technology framework that makes it possible for the cracker to own the own the box.
    That's not really half and half if linux isn't vulnerable !
    Last edited by CyberNerd; 30th March 2008 at 08:06 PM.

  7. #22

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    No operating system is devoid of exploitative code- not even Linux with all it's great stability and power (hence so many patches). But patching- and plugging security holes- is a Good Thing (TM). What this event showed is that Apple and Microsoft have a long way to go before they can hold up a crown- and it shows only that *on this occasion* Linux stayed safe.

    I *like* that OS X was "hacked" in this way. Safari isn't as bad as MS supporters believe, and yet still has a long way to go before it can be considered as seasoned and safe as it should be. With exploits like this being revealed Apple will have to react before it becomes common knowledge; likewise Microsoft have every right to now send a few fiery darts Adobe's direction for releasing hole-ridden code (if it is indeed "hole ridden" and not just in need of a patch).

    When all is said and done we should all be aware of the need for security- no matter the OS.

    What this competition does *not* prove- and you would have to be silly to think it does- is that any one OS came out the secure "victor". On the day Linux stood against the hacks attempted against the system. On another day this may not be the case.

    Paul

  8. #23

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    What this competition does *not* prove- and you would have to be silly to think it does- is that any one OS came out the secure "victor". On the day Linux stood against the hacks attempted against the system. On another day this may not be the case.
    Absolutely I agree! Any OS is breakable, just some easier than others I think the Adobe flaw was a combination of Flash and Windows itself (as mentioned by ITWombat), but nevertheless, it goes to show MS needs to work closer with developers so they harden their software too.

  9. #24

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Really. Linux was tested against the same criteria.
    I don't disagree with you here, Linux was glorious on the day. I meant MS need to go back to the drawing board and work closer with developers (as I mentioned above)

  10. #25

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,932
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    It is one thing for out of the box sessions like this, but it is more fun to watch the competitions against hardened machines.

    InfoSec used to do a session each year of it, but I didn't see it at all last year. I won't be attending this year, but it is always a good session to look for.

  11. #26

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Quote Originally Posted by GrumbleDook View Post
    It is one thing for out of the box sessions like this, but it is more fun to watch the competitions against hardened machines.

    InfoSec used to do a session each year of it, but I didn't see it at all last year. I won't be attending this year, but it is always a good session to look for.
    That would be cool to watch!

    I haven't been to Infosec so haven't seen the past sessions that have showed this. Are they available online or is there any information on them anywhere (just rushing off to Google anyway).

    Paul

  12. #27


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I meant MS need to go back to the drawing board
    yeah, they keep going 'back to the drawing board', in fact each release is 'written from the ground up' or 'from scratch' so the marketing machine tells us.

    The reason linux is more secure is because it is open source. Anybody can read and improve the code. Unlike windows or OSX, linux doesn't require a plethora of extra utilities to provide functionality like opening pdf's, xls etc. In this case its the closed apps (Safari, ActiveX) that are the security vulnerability.

  13. #28

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Quote Originally Posted by CyberNerd View Post
    yeah, they keep going 'back to the drawing board', in fact each release is 'written from the ground up' or 'from scratch' so the marketing machine tells us.

    The reason linux is more secure is because it is open source. Anybody can read and improve the code. Unlike windows or OSX, linux doesn't require a plethora of extra utilities to provide functionality like opening pdf's, xls etc. In this case its the closed apps (Safari, ActiveX) that are the security vulnerability.
    No problem with what you have said there for the most part, except I think it is now coming out that it was in fact part of the Java WebKit in Safari that was used to allow the vulnerability to take hold. If that is the case, then this is in fact an Open Source effort. In any case that doesn't mean anything (true or not). Apple ship Safari with OS X and it is Apple's Safari *shipped with OS X* that has the issue. It needs to be patched (might be in 10.5.3 from what we are hearing from other rumours).

    I am sure Microsoft will *help* Adobe work on the other exploit revealed during the competition

    Paul

  14. #29

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    yeah, they keep going 'back to the drawing board', in fact each release is 'written from the ground up' or 'from scratch' so the marketing machine tells us.
    What you're saying is very true and it is a lot of what we hear from Microsoft's marketing team.

    The reason linux is more secure is because it is open source.
    I agree and disagree, simply because MS are in a unique position. They have something like 90 - 95% of the world market, so their code is tried and tested a lot more than any other code on the planet. Thinking about it from a mathematical point of view, there's inevitably going to be a much higher probability that an exploit will be found in Windows or one of its components.

    I'm not a virus writer/hacker (and I do not condone it); however if I was, I would put all my effort into attacking Windows. There's a larger user base and because lots of its components are enabled by default, it means the attack surface is greater. MS have done a good job with Windows Server 2003/2008, starting with minimal functionality and it does appear Windows 7 could go down this route too. It's nothing new, but I do think this will be part of Microsoft's going back to the drawing board plan.

  15. #30


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Michael View Post
    I agree and disagree, .......
    I can't argue with that

    Quote Originally Posted by Michael View Post
    They have something like 90 - 95% of the world market, so their code is tried and tested a lot more than any other code on the planet.
    MS still have a 90-95% lead on desktop systems, but that doesn't translate to all the code on the planet!


    Quote Originally Posted by Michael View Post
    I'm not a virus writer/hacker (and I do not condone it); however if I was, I would put all my effort into attacking Windows.
    So do the script kiddies do it because it's an easy target, it's more profitable or just because they are pis*ed off at MS ?

    Quote Originally Posted by Michael View Post
    There's a larger user base and because lots of its components are enabled by default, it means the attack surface is greater. MS have done a good job with Windows Server 2003/2008,
    I don't have experience of 2008 server, but 2003 certainly doesn't come with services off by default !

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Sibelius & F-secure
    By pallen in forum General Chat
    Replies: 3
    Last Post: 31st January 2008, 08:04 PM
  2. Secure Printing
    By FreeWill in forum Wireless Networks
    Replies: 2
    Last Post: 9th October 2007, 11:45 AM
  3. How secure is a VLAN?
    By Ben_Stanton in forum Wireless Networks
    Replies: 5
    Last Post: 26th July 2007, 09:15 AM
  4. Making RDP more secure
    By mattx in forum Windows
    Replies: 2
    Last Post: 7th February 2007, 01:52 PM
  5. Secure Folder
    By SimpleSi in forum Windows
    Replies: 17
    Last Post: 5th October 2006, 12:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •