Month of Bugs.... Apple stylee

[Paul K]

Infoworld

Quote:

Apple Computer will soon be a member of the "month of bugs" club.

On Jan. 1, two security researchers will begin publishing details of a flood of security vulnerabilities in Apple's products. Their plan is to disclose one bug per day for the entire month, they said Tuesday.
The project is being launched by an independent security researcher, Kevin Finisterre, and a hacker known as LMH, who declined to reveal his identity.
Some of the bugs "might represent a significant risk," LMH said in an e-mail interview. "Others have a lower impact on security. We are trying to develop working exploits for every issue we find."
The two hackers plan to disclose bugs in the Mac OS X kernel as well as in software such as Safari, iTunes, iPhoto and QuickTime, LMH said. Some of the bugs will also affect versions of Apple's software designed to run on Microsoft Corp.'s Windows operating system, he added.
LMH was one of the brains behind the recent Month of Kernel Bugs project, which exposed flaws at the core of several different operating systems. It was inspired by an earlier effort, called the Month of Browser Bugs, which was kicked off in July.
This latest Apple project is being launched to raise awareness of security vulnerabilities in Apple's products and to "stomp smugness," Finisterre said via e-mail.

Well it looks like things might get interesting soon, looks as though some people may be getting a bit of a suprise. Like people keep saying..... no operating system is totally secure or perfect.

[Nikesh]

Interesting.....

[Paul K]

Yep but before it all starts can we at least TRY to not get into a MS/M$/Bill Gates Satan Spawn company/whatever v Apple slagging match please peeps.... at least for a little while
Was going to go with the title "An Apple Bug a day...." but decided to go safe

Also intresting that they will not give Apple pre-advance information about any bugs. There last comment shows this is more about them attacking Apple and its user than improving security, which I would be all for.

Again, I would like to repeat that I know OSX is not 100% secure but it is still pretty secure. Of course that statement will be ignored and I would be called smug again soon enough.

[Nikesh]

I wonder how many bugs they will actually find?

Quote:

Originally Posted by Nikesh

I wonder how many bugs they will actually find?

Quicktime, iTunes usually have a lot. It will be the really serious bugs they find which will be more important.

[Paul K]

The Kernel exploits will be the main problems that Apple will have to address as soon as they release them. No doubt the others will be dealt with as soon as they get to them.
Damien....... you're smug again There ya go, just in case you were feeling disapointed from he lack of verbal abuse so far

:O

Anyway, I do not see why they cannot tell apple and give them a week or two to fix the exploits and then release them. That way they do show macs can have weaknesses AND get mac users to update!

Instead they will be advertising bugs and how you can exploit them. They want people to take advantage of these exploits, they dont care about 'security'.

what a shame

Quote:

Originally Posted by zinglebarb

what a shame

Well, Yes, it is a shame. I would not be happy if they did this to Windows and they do many times.

I keep my mac up to date, I use the built in firewall (which is quite good). I dont have a anti-virus simply because there is no need for it yet. Many Macs users may not take these steps.

Many windows users do not keep windows secure either.I have to fix lots of problems relating to windows at work, if you think people keep them secure they dont. In some cases they lose important work.

Security is imporant, A lot of people depend on their computers and this kind of thing is simply wrong. I would show 110% support to this if they agreed to tell Apple and gave them adquate time to fix them and then released the bugs. Showing people they need to update, but also actually having something they could use to update!

Instead there will be a week or two until we get an update and meanwhile everyone who know how to make software to exploit the mac.

[Paul K]

Allow them to fix the bugs via patches that they can put out so that the vulnerabilities cannot be fully proven en masse? Mmmmmmm Since the people doing this are in contact with members of Apples' security team it may be that they give Apple the heads up before releasing the vulnerabilities into the wild so that they can get the patches ready.

Quote:

Originally Posted by Damien

Well, Yes, it is a shame. I would not be happy if they did this to Windows and they do many times.

I keep my mac up to date, I use the built in firewall (which is quite good). I dont have a anti-virus simply because there is no need for it yet. Many Macs users may not take these steps.

Many windows users do not keep windows secure either.I have to fix lots of problems relating to windows at work, if you think people keep them secure they dont. In some cases they lose important work.

Security is imporant, A lot of people depend on their computers and this kind of thing is simply wrong. I would show 110% support to this if they agreed to tell Apple and gave them adquate time to fix them and then released the bugs. Showing people they need to update, but also actually having something they could use to update!

Instead there will be a week or two until we get an update and meanwhile everyone who know how to make software to exploit the mac.

Ill be quite honest. Id be broke if Windows was 100% secure and stable so I for one am glad of those who do not maintain their system cuz there my bread and butter