Apple’s OSx86 10.4.4 Security Broken: “Happy Valentine’s Day… from Maxxuss. According to The OSx86 Project, the ‘hacking guru’ has broken Apple’s security measures in OS X 10.4.4, which were stronger than all previous releases combined. The article has a great discussion on the implications of this event.”
(Via digg.)
In case you’re not familiar with OneCare, it’s basically a antivirus, antispyware, and backup package you subscribe to for $50 a year. The ironic thing is that this is a paid service to protect you from the many security problems in Windows. Basically, you’re paying twice: once for a security-hole ridden OS, and again for (Mafia-like) “protection”. Why doesn’t MS just scrap the legacy code and write a real OS?
Article available here.
Funny stuff:
For NSA photo opp prop, Feds use security portal as if top-sekrit: “Xeni Jardin:
Mike Outmesguine says,
Boing Boing readers may have missed this on Digg, but I thought they’d get a kick out of it: Link.
In a press pic of Bush touring sooper sekrit NSA headquarters, a way cool, wargames-looking big screen display is in the background with all sorts of cryptic worldwide threat intel: Link.
But that’s actually a volunteer-run computer security portal that anyone can display through a web browser: Link to SANS.org
(Ed. note: SANS, btw, does not stand for ‘Sekrit-Ass-NSA-Stuff.’).Click here to launch your own NSA Global Threat Display. I’m so leet, I have it running on LCD #4 right now!
(Via Boing Boing.)
I wonder if PC Magazine knows it, after their Mac-bashing article ? By the way, this article was from Ziff Davis, a VERY PC-biased media company. Either way, that seems to be the case according to RFC 2131, better known as DHCP.
After reading this weblog, it appears that any machine that connects to a rouge DHCP can be 0wn3d.
Here’s an interesting quote from the article:
The only difference to Apple is that they also use DHCP for LDAP discovery. But even if all you use DHCP for is IPv4 addressing, and DNS, you’re still at risk on a rogue server, because that server now has your IP address, and your MAC address, which can be of great convenience to a cracker.
A nice rebuttal is at The Mac Observer. Ready to eat your words, Mr. Ulanoff?
