Mac Hole Has Users, Hackers Abuzz (Mac security prob)

Mac Hole Has Users, Hackers Abuzz
By Leander Kahney

Story location: http://www.wired.com/news/mac/0,2125,63528,00.html

02:00 AM May. 20, 2004 PT

Malicious script kiddies are reportedly rushing to exploit the first serious security hole discovered in Apple Computer's Mac OS X.

First discovered in February by a German Web designer, but not reported publicly until Tuesday, a vulnerability in OS X opens systems to potential hijackings when users simply visit a website.

Because of the way OS X handles certain protocols, a machine can be commanded through a Web link to run applications, scripts or Unix commands.

Though no victims have stepped forward yet, nefarious uses of the exploit are potentially unlimited. Experts warn machines could easily be hijacked to erase hard drives, spread viruses and spam, and report bank account numbers and passwords.

<snip>

,...with no division between military and civilian participation." --Marshall McLuhan.

What can I say,...this quote is pervasive.

It just so happens that 90% of computers run Windows so there is a lot more attention paid to it, by both virus writers and the press.

just make help: launch a program like textedit or chess instead of the help viewer. There's a few third party utils to let you do this. I used MoreInternet

about what to do? Has Apple sent out a fix yet?

they're featuring a new utility that does what I just said, except you don't have to figure it out for yourself

...which is one reason why there are fears the vulnerability is deeper than merely the Help API.

Wasting time in Latest Breaking News would be my full time job.

there will be as many security holes found it in as Linux, which, on average, fixes about five holes a week.

Is that why condi refers to shrub as her hubby?

is that OS X, by default, does not allow the installation of other software without entering a password. The usual virus/trojan method of an attachment to an email just doesn't work on a Mac.

This new exploit takes advantage of the structure of a URL, and bypasses the installer password block.

All I am saying is that if/when macs become a bigger target, there will be similar issues as there are with Windows right now. I'm not a mac hater, I like them equally. In fact, I'm waiting for a new TiBook right now. :)

If you want security in a web server you need to do the work,
it doesn't come in a can.

Then you will really have problems......critical updates weekly.

I'm running Red Hat 9, Red Hat EL 2.1 U3, Red Hat EL3 U1, Fedora 1, Windows XP (home & pro), Windows 2000 (multiple versions) and Windows 2003 Server.

Guess which one I see most of the "security updates" for...

I'll give you a hint... Microsoft doesn't appear in the name of the product...

Or someone with a lot of computers and/or hard drive space at home? :)
I find that my time is equally spent updating our linux servers as it is our windows servers. That says a lot seeing as how we have WAY more M$ products.