This is a public challenge to Adam Shostack, chief technology officer for security firm Reflective who said "OS X running on x86 means that the skills that people have developed and a lot of the tools people have created for finding problems, analysing problems, and writing the code to take advantage of them, will work. They no longer need to learn a different assembler or a different memory architecture."

As a security professional, I know that software is hacked for its lack of protections and controls. The risks are in the misuse of data structures and poor coding techniques. How does MacOS X using the Intel architecture change anything regarding MacOS X? Sure it will make MacOS X a bigger target as Apple increases market share, but the Intel architecture does not change anything.

So, Mr. Shostack, please explain exactly how using Intel architecture really changes anything? Does the Intel architecture cause additional buffer overflows? Does the Intel architecture have worse memory protection? Has Apple not considered any of the errata that makes the processor vulnerable? Infosec professionals want to know.

BTW: I am signing my name to this. Mr. Shostack is free to contact me directly!

Scott

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11375/33070#33070