On 2007-02-02, at 9:46 AM, Dave Schroeder wrote:

> <http://www.msnbc.msn.com/id/16934083/site/newsweek/page/2/>
>
> "Nowadays, security guys break the Mac every single day. Every
> single day, they come out with a total exploit, your machine can be
> taken over totally. I dare anybody to do that once a month on the
> Windows machine."

It's not quite as unreasonable as it seems at first glance -
Microsoft is several years ahead of Apple on the painful publicity
front and all those monopoly dollars have allowed them to pump
resources into securing Windows. They still have a lot of legacy bad
decisions to deal with but there really aren't things as simple as
the equivalent of writable setuid binaries or trivial format string
exploits on recent Windows systems - one of the reasons why people
attacking Windows users have shifted to exploiting third party
software is simply that there's lower-hanging fruit there.

OS X obviously has had it a little easier - largely due to greater
security experience when key decisions were made in the past (e.g.
never having the "sure, toss anything you want in the system
directory" mindset) and fewer exposed services in the default install
but I suspect 2007 is going to be both the year that OS X comes under
serious attack and [hopefully] the year the security group gets more
funding and greater influence with other groups at Apple both to
prevent code from shipping without security review and to make sure
security is a first-class design criteria for everything.

Chris0? *?H?÷

 ?0?

10 +0? *?H?÷


 ?)0?â0?K 
 âõ¼é|ÍΦv?a1»0
 *?H?÷


0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
061116220005Z
071116220005Z0F10UThawte Freemail Member1#0! *?H?÷


chris (at) improbable (dot) org0 [email concealed]?
"0
 *?H?÷



?
0?

?

Ò°Nõ¡?Ëõ??àû³Â?ôr®ëörL0O°Øú[hqbÒÍ¥ý%??Ø|WG?7È?2«??hê¼ÛD*\è.í?
?º?%
ä×=?âKÞz?<¢/Ú??<ªáEq?<A÷ðwFªÑ?v
qÂVE[HÓ÷ì
¿R?p\À^Áïø?¢eÆÔ?Í-,ːZ¸Ú?ï??$?Úì@ÛH/i?Nù¬?>9?ÜÉ??z
T¿À?Áª6Õy~¦ô¢0ø¡ÏtÌ1 <RÕè»s?Já?Pß»iã?P¤|[°iø7¼6ÕNù#©íY´1?ÖË

£10/0U0chris@i
mprobable.org0U

ÿ00
 *?H?÷


Lp%ÜPçÇ°o
?&Ù\丝¡ÉÏÝe¸wd^M?/eç©PùÓVntyV[æ?z±ja?¼sÑÊ-)Þ?oüYËÛQý?9}ÿ©??C
Vwì£
ÿÍwá4ª´È{
¼Ä?g¯yg?|>ã
üï îÝ?0??0?¨ 


0
 *?H?÷


0Ñ10 UZA10UWestern Cape10U Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *?H?÷


personal-freemail (at) thawte (dot) com0 [email concealed]
030717000000Z
130716235959Z0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0?0
 *?H?÷



0?Ä¦<UsUûN¹Ê?ZhÀupßéÿ£ì½Íõ[òv½:aò¿QÎ
ÔåP
0×cZ,?p?ÝÉð+?Zª?qV˯<çñ?6$*Ï+Õó?w=¾+þ»>¿@?dק¦»?eÑÅ*T?H§¶Ñ<
a@dr`·û

£?0?0U

ÿ0

ÿ
0CU<0:08 6 4?2http://crl.tha
wte.com/ThawtePersonalFreemailCA.crl0U
0)U"0 ¤010UPrivateLabel2-1380
 *?H?÷


H?ÑP?ê.Ì
£f¬g¯¬¾Â¡C??L!¸ø6ª-?6/ÀôP ?p<ý­áabÃÙ:~?±?Å?t?%P?bÇÛ'qW%Ý©?9?? Oe_?Ú÷÷?ÖÆN®öê4å[5MwãV!x?Ü!5Þ$±ÓFÿ]_eO1?0?

0v0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA âõ¼é|ÍΦv?a1»0 + ?
o0 *?H?÷

1 *?H?÷


0 *?H?÷

1
070202192603Z0# *?H?÷

1?䵤=åu4+Yò¨ºc?)Ï0? +

?71x0v0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA âõ¼é|ÍΦv?a1»0?*?H?÷

1x v0b10 UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA âõ¼é|ÍΦv?a1»0
 *?H?÷



?
3ÁI:hóc²þöS#evs3ÀËzX#i¡ÎPŸ¦ù¼ÒBjúÝ"$°?5ìAò»àõ¾]WX¡ÕI;è÷&q~j  ¨W?.%ùOî²$¹wwÐRÕ×Ö-ÉYôÓ 3?å
bq&á??\"IDF0?ef½¨þ(c±?CÀ?n¨Ø¢}j=SÅ?ºþ
0<ñ8u¶S¸Ý¢ÿûÌL???äàç5ˬsíM<t@Bux~?V>¥¼?~?é ¸l¹êà4ãç9ÆeûÕGY8Ûzås¡?»³ÿÖøbà×-ZýôBCÌ¡£¥ÈD±
N8ÄC³L¬

[ reply ]