| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <28749c0e0711011619x3baf9715k586c7cd2deddeb8c@mail.gmail.com> Date: Thu, 1 Nov 2007 16:19:12 -0700 From: nnp <version5@...il.com> To: "Dude VanWinkle" <dudevanwinkle@...il.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, Gadi Evron <ge@...uxbox.org> Subject: Re: mac trojan in-the-wild -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not sure if you accidentally quoted my reply or not there, because if you did you're completely missing my point. My issue is with the format and content (or lack thereof) of the first post, I don't think I mentioned the iPhone, *BSD, MS or at any stage said anything at all that would indicate I was taking any side in the 'which OS sucks more balls than any other' debate. Again, my issue is with the hyperbole, FUD and complete lack of use of the initial post when posted to the type of lists that FD and Bugtraq are supposed to be. It rings of the kind of thing you see in bold letters and quotation marks beside some stupid tech magazines analysis of an issue they know little about. - --nnp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: http://firegpg.tuxfamily.org iD8DBQFHKsBCbP10WPHfgnQRAsrZAKCj4LxCQ6y7qZpKVno14kJGzsk5XQCgxQ3V P9nPWcDpgbKfSdky+3TNhbw= =3K5G -----END PGP SIGNATURE----- On 11/1/07, Dude VanWinkle <dudevanwinkle@...il.com> wrote: > On 11/1/07, nnp <version5@...il.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > There's a difference between ignoring something and making a statement like > > > > 'OS X is the new Windows 98.' > > OK How about "iPhone is the new Win9x"? It is running a type of OSX, > one that is configured to use root for everything. > > I repeatedly hear that OSX is secure because BSD is a well picked > through OS. Developers have had 30 some odd years to work out the > bugs/vulns. What people are not taking into consideration is that if > you install a single insecure app, (I.E: IE for Mac or Safari) and > then use it to update your myspace profile and browse pr0n; you have > to take additional preventative measures or will no longer have a > secure system. > > This will be compounded by the fact that most corporations don't see a > need to shell out the bucks for AV/AS for Macs. AV/AS by itself is not > a great defense, but at least its something. > > Anyhoo, to reiterate: OSX !BSD. Windows had a hell of a time securing > its OS in part due to all the bells and whistles and also in part > because they would release an insecure product with the semi-intention > of patching later. The iPhone's configuration proves that Apple will > release products that do not conform to well known security best > practices as well (the least of which is don't run everything as > root). This makes me think that Apple is 1990's-M$-like in its pursuit > of functionality over security . > > BTW: Did anyone test out whether the Mac AV/AS products detected this trojan? > > -JP > -- http://www.smashthestack.org http://www.unprotectedhex.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists