lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BC276D1AAB62A84746B6F198@utd59514.utdallas.edu>
Date: Tue Feb 28 15:37:48 2006
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Question about Mac OS X 10.4 Security

--On Tuesday, February 28, 2006 00:15:10 -0800 Stephen Johnson 
<maillists@...lonecoder.com> wrote:

> Mac's have always held the distinction of being more secure by, among
> other things, not being a target.  -- Due to the lack of extensive use,
> virus and mal ware writers have ignored taking the time to write virus
> for Macs.
>
> Simple philosophy -  Why climb the wall , when you can walk through the
> door.
>
> Windows is easier and more prolific, until that changes, we are not going
> to see major attacks on the mac platform.
>
I think you're living in a fantasy world.  The recent vulnerability, which 
allows the running of arbitrary code simply by clicking on a linked zip 
file will probably result in at least a handful of new viruses/worms for 
the Mac platform within the next week or two.

Apple has made the same stupid mistake Microsoft has been making for years 
- mixing code and data and trying to make things "easy" for the user (read 
auto-launch this widget so you don't have to save and open.)  The end 
result will be disaster for the Mac, but, thankfully, not on the same scale 
as Windows because not every user is an admin, and it requires the use of 
sudo to perform administrative functions.

Still, the ignorance of Mac users, who believe their platform is somehow 
magically "secure" will contribute to the problem.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ