Vex Star

OS X: no thank you.

you don’t say?
haha whatever, half the ISPs out there havn’t patched yet
OS X Server sucks. Everyone knows this. Its a niche product, and you shouldn’t rely on it unless you have a really good reason.

Fortunately there is Linux. Or Solaris.

The desktop OS has 1% of the problems of Windows. I know that burns, but its true. Which is why you recommend OS X to people.

B b b ut you have a COMPLEX over that fact! OH NOES!

my win-based dns server was patched, negro. good thing i wasn’t using os x!

Yes. Because noone says that Mac OS X Server ‘Just Works.’

In fact, it JUST SUCKS.

But its not the same product as the desktop OS, is it?
yawn. who cares? who uses OSX server anyway, especially for running something like DNS? and don’t you all realize that this kind of shit is a constant for Winders and has been for years? Windows is a server OS that gets used quite often, yet i’m certain that it has tons of gaping holes just waiting to be exploited right now. shit, that’s why every install of Windows, both desktop and server, needs tons of 3rd party software to help plug the security holes. you need personal firewalls and all kinds of virus/adware/spyware/malware scanners to keep Windows alive and well. oh, and now you’ve found one real flaw for a barely used version of OSX for a job that no one in their right mind would use OSX for? good job.
Apparently the patched BIND isn’t stable on OS X Server, so they’re sort of stuck for the moment.
This is just the Apple attitude towards security on all of their products and YOU ALL KNOW IT.
Name another instance of this happening, and you might have an argument.

You got starry eyes, my friend.

According to secunia: still not fixed

I believe I’ve lost the blog post where the hacker (who discovered this flaw iirc) discussed Apple’s attitude to security on the whole, and they are useless to sum-up.
There’s also an unpatched flaw with ARD agent that allows arbitrary code to execute as root without authentication. Apparently, Apple has known about it for over a year without releasing a patch.

that’s the flaw that trojan exploits.

apple has not got security right.

but at least they look purdy
(for rape)

Haha. They’ve known about it for 4 years.

I forgot the old thread we had about this that got derailed & locked. (actually I remembered it, but I can’t search the forums since I have no sub. However, Firefox 3’s amazing history search came to the rescue)

Satisfied with your ‘other instance’ Peyomp?

If not, I would say to you 1. you are a careless dumbass as bad as apple and 2. google apple opener. It shouldn’t come to that.

Stay safe.

mac-hacking: just works.
i’d just like to see examples of Mac’s getting compromised. i’m sure every single person here has anecdotal evidence of Windows PCs being wrecked by adware, spyware, viruses, trojans and the like. Now, Apple computers are getting to the point where most of us should know a few people who are running OSX. Let’s hear the actual evidence of people getting their OSX computers fucked up due to any sort of malware. so far all you have posted is hypothetical, possible, someone could, maybe, might hack a vulnerable mac and thus used that to claim that OSX is insecure.

how about this? how about one of you finds a few examples of compromised systems? you can use the internet to find some anecdotal info. go ahead.

i’ll start. it isn’t completely current, but it is recent enough… your turn.

You’re a system admin. You know that the bridge from possible to actual is just effort and ambition. Proof-of-concept is absolutely enough.

Would you feel better if I used the ARD exploit to run a "Hello World" app on all the Macs on my campus? How about I add a dozen lines of code that send an email to an address. How about I have them all send a thousand emails to an address? Maybe I download some plist files and fuck up all the program settings?
Its not "if." Its when.

it’s been around for a year. when?

proof of concept isn’t enough when you can compare it to the real world of Windows.

People have gone into Apple stores and wrecked havoc on their insecure machines. (some Apple stores have manually fixed one or two of the, er, zero days)

I can tell you: If Apple doesn’t get their act together OS X, sir, will be fucked. The introduction of the iPhone could be OS X’s downfall, or Apple’s. Because they are fooking useless.

If Mozilla had this attitude it would be the same situation for them. It’s not about market share numbers (they come into target appeal obviously), it will ultimately come down to the attitude and the CARE. And it looks like OS X is doomed.

Apple have a lot of work to do, but further, they have to get their priorities right.

Proof of concept is a good indication of what would or could happen if OS X ever had the target appeal of Windows.

hmm… this sounds MUCH worse than that DNS problem. it is a Vista vulnerability that theoretically can’t be fixed because it is inherent to the architecture of Vista.

I heard the day it was patched. What’s your point lol?

As for Windows. I would never have called Microsoft security minded, but the last few years I feel they’re fighting back (often at the user’s expense). Not that I use it or follow it much.

I know one thing: and that is that the number one thing about a product being secure isn’t even market-share, it is effort and care. Firefox has about a quarter the market-share of IE or more. You do not want to see the day that OS X has a quarter of the market share of Windows. If Apple weren’t to change how they treat security issues, they would probably be sued for negligence 157 times.
The point is that you guys were grilling them for not patching it, and they finally did. Which is somewhat relevant to the discussion, isn’t t?

Yeah.

And the point of the article is: they were significantly slower than everything else.

But mostly, what you will have learned, is that apple sucks with regards to keeping users safe.

/thread, just let the thread die, it’ll hurt less and you can go on to pimping OS X up as easy & highly-commend apple in just a little while.

actually, that wasn’t what i got out of this thread. what i got out of it was that a bunch of ignorant people harped about Apple not patching a rarely used feature of their rarely used OS… how many companies do you think are out there using OSX server as their DNS server? i’m sure the 5 people who do it in the entire world had some sort of workaround.

there are fanboys and haters, both sides are equally ignorant. then there are experienced users who are open minded and that’s what peyomp seems like. then there are the devil’s advocates who have no loyalties to any company and who just can’t stand the ignoramuses who find one completely retarded, meaningless thing such as a lack of a DNS server patch for OSX server and think that it means anything.

The problem isn’t that I’m pimping Apple. I would never use OS X Server. The problem is that you can’t tell the difference between two distinct products, and have an axe to grind.

Apples are ROTTEN. Therefore the oranges must suck too. Brilliant. Makes me want to use Ubuntu as my desktop. Oh wait, it doesn’t.
Did we not discuss another OS X exploit and Apple’s attitude to it?
ARD agent ring any bells?

The DNS patch is one instance typical of Apple. That is why the ARD agent flaw was brought up.

Typical. Except that they patched it in the end god love their effort
OS X. OS X Server. Explain the difference for us. You are unable to distinguish.

You point out problems with OS X Server, then trash OS X. Its not a logical argument, and is instead quite lame. Rather than being persuasive, you just come off like you have an axe to grind.

DNS Flaw on Server.
ARD Agent flaw on Desktop.

I don’t give a fuck about OS X and OS X Server: they are both Apple and they won’t keep their users safe.

Let it go.
zOMG an exploit! OH NO what terrible OSes. You sound like you started reading security lists yesterday.

You sound like the head of Apple security

I cannot provide a greater insult wrt security. If you think of one do let me know.

Microsoft security in the 1990s? Maybe.

Privilege escalation is bad shit and should be fixed. Permission warnings to system logger should be understood and tackled if needs be. It’s been over 4 years and Apple have done nothing at all.

This is not good form. If you think it is.

Fuck I don’t read security lists. But if you could find a similar flaw that has been reported repeatedly to Ubuntu, Firefox, and other on-the-up software, and dealt with in such an unprofessional manner (operates ok? that just about sums it up for Apple) for over 4 years, with such dangerous exploits in the wild for how many months?, well then Apple has some friends at the bottom of the pile.

But there there is the fact that this isn’t even the exception for them.

You mac-heads are hard to talk to. This conversation is over. Apple security, you have the facts.

You don’t have much perspective on this. Its really not that big a deal. You KIDS are hard to talk to. You don’t have enough experience to contextualize.
Who the fuck uses apple desktops? I remember those things… there were 4 of them in the corner of my schools computer labs… segregated away from the 100 or so "normal" computers.

They always seemed lonely, so one day I went to use one… that lasted about 5 minutes.

It’s been probably 6 months since I have seen an apple computer… and I work as a software engineer and go to a tech school, well used to I recently graduated.
Who uses Apple desktops? Try… the top engineers at all the most exciting companies? Anyone building anything NEW and exciting? But yeah, not people like you.

hmm… so you spent 5 minutes with it and decided what? 5 minutes with something as involved as a computer OS really tells you nothing other than the fact that it is different.

apple is making more and more inroads to the technical communities every day. 2 years ago i didn’t know any of my peers who were using OSX. now, i know about 5. i also know 3 more people who use OSX, but 2 are design people and the third is someone’s parents. traditionally, i don’t think software engineering was apple’s target market.

LOL.

NO, Peyomp IS DEFO NO FANBOY!

"Anyone building anything NEW and exciting" uses Macs

Apple market share is minute and varies wildly from place to place. It is no surprise that some of you SEE PEOPLE WITH MACS EVERYDAY and some of you HAVEN’T SEEN A MAC IN SIX YEARS. These experiences don’t tell us anything new.

Of course, the 2% of computers users that use Macs are the top of the top, in everything they do.
I’m a fanboy… but you’re the one ranting and raving?

I’m pretty unemotional about my Mac. It is the best *nix notebook available, so its a no brainer that I own one. I would never use OS X Server, as it sucks. I’ve never had security issues with my Mac.

Meanwhile you’re name is piratepenguin… but I’m the fanboy?

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

September 6th, 2008 | Tags: Amazon, Anyone building, Arbor Networks, Cisco, Dan Kaminsky, distinct products, DNS, file sharing, firewall, Haha, head, history search, iChat, Internet Explorer, Internet Systems Consortium, iPhone, iPhone software, Limewire, Linux, Mac, Mac OS X, Mac OS X server, Mac store, Microsoft, Microsoft Vista, Microsoft Windows, niche product, on-the-up software, OSX, party software, poisoning, security researcher, software developers, software engineer, software engineering, software packages, Solaris, system logger, Ubuntu, win-based dns server, X server | Category: general | Subscribe to comments | Leave a comment | Trackback URL