Ok those of you who for whatever reason think you are completely secure using os x.... Here's a very real cross platform vulnerability, reported at CERT (the government agency) that applies to os x and other operating systems and browsers. note that as i've said, apple was kind enough to release and update that patched this, but just like microsoft, didn't bother to tell people it was for security but rather said it improved performance etc. you can't trust ANY of the vendors to notify users of even huge security holes, and this one is a whopper. it can allow execution of arbitrary code on your machine (meaning the attacker could use it to do basically anything they wanted to, from installing spyware to destroying your data). It's also a classic type of bug, the dreaded buffer overrun, and a few other classics that were found at the same time, and it's open source code, not microsoft code, and it's been in use for 9 years, the bug was there for all those 9 years most likely and was just never discovered by white hats or bragged about by black hats, though it's certainly possible real data thieves were using it and just keeping their mouths shut (only bored kids brag about how they break in, corporate spies etc. just use what they know and keep their mouths shut). see links below:
<http://www.kb.cert.org/vuls/id/CRDY-636R79> note, "no statement from vendor", the usual response to serious security problems. < http://www.kb.cert.org/vuls/id/388984> showing the truly huge number of systems affected, on many different processors, this is what happens in the real world because code is ported from one os/machine type to another, not rewritten so the same bugs tend to be in many different systems. < http://www.us-cert.gov/cas/techalerts/TA04-217A.html> announcement of the several vulnerabilities found about the same time, and reported by an individual who could have just used them to get rich spying on corporations etc. < http://www.libpng.org/pub/png/libpng.html> the home page for this open source project, notice that they are upfront about the problem! note also that this isn't the bug i've referred to previously found in all of the bsd systems, that was another similar bug. all of the bsd home pages mentioned it and offered fixes immediately, apple has never said anything publicly though a patch issued about the same time probably fixed it. without some digging on cert your' not likely to know, and it may or may not be on cert. all together now "All software has security holes. All software will always have security holes. All operating systems have security holes. All operating systems will always have security holes.". poorly written code like windows and exploiter just tend to have more. some explorer security bugs depend on windows, some don't and effect security on other operating systems. most vendors are terrible about honestly informing users about new security problems and patching them. often security holes don't get patched until publicly released (or at least released to the public that subscribes to security email list etc.). CERT doesn't publicly release bug info until there is a patch or for 1 year usually. only amateur crackers brag about their exploits, real bad guys just use them carefully and are often never caught. corporate espionage is very profitable, and the internet and computers are a fine tool for those "professionals". -- President George W. Bush, Vice President Richard B. Cheney, Secretary of Defense Donald H. Rumsfeld, and Attorney General John D. Ashcroft have committed violations and subversions of the Constitution of the United States of America. <www.VoteToImpeach.org> They should be charged with high treason and imprisoned frankly. If there is no rule of law there can be no civilization. -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
