munkery
May 2, 04:26 PM
Fine, so I can write an installer that will just wipe your user account while you read my EULA and you'll happily execute it because "hey, it's just an installer" ? :rolleyes:
Is anybody actually bothering to do this in the wild against any OS?
This is not, but I'm interested in the mechanics because next time, it could very well be. That's my point. Some of you guys aren't cut out for computer security...
The types of attacks you are referring to are not occurring in the wild on a massive scale. When was the last time you heard about one in the media?
At the moment, there is no way to prevent the kinds of attacks you are referring to on any OS if a vulnerability exists that allows the attacker to exploit a running application.
Webkit2 will reduce access to user space when Safari (or any app using webkit2) is exploited by restricting the privileges of apps on a per app basis.
Turn off "Open safe files after downloading" if you are worried about that type of attack implemented via "safe" files.
Is anybody actually bothering to do this in the wild against any OS?
This is not, but I'm interested in the mechanics because next time, it could very well be. That's my point. Some of you guys aren't cut out for computer security...
The types of attacks you are referring to are not occurring in the wild on a massive scale. When was the last time you heard about one in the media?
At the moment, there is no way to prevent the kinds of attacks you are referring to on any OS if a vulnerability exists that allows the attacker to exploit a running application.
Webkit2 will reduce access to user space when Safari (or any app using webkit2) is exploited by restricting the privileges of apps on a per app basis.
Turn off "Open safe files after downloading" if you are worried about that type of attack implemented via "safe" files.
ricgnzlzcr
Oct 25, 11:08 PM
Right. According to Apple's current pricing, the 2.33GHz Dual Clovertown would be +$800 IF they offer it. However, Apple may only offer the 2.66GHz Dual Clovertown for + $1100 and keep the rest of the offerings priced as they are now.
That way they keep the top 8-core more expensive than any of the less expensive and way less powerful 4-core models. From a marketing point of view this makes a lot more sense to me - since I plan on buying the Dual 2.66GHz Clovertown for +$1100, total $3599 BASE or more if they insist. This is one time when I don't care how much it costs - I need it NOW.
I would understand how your Quad G5 is getting a tad on the slow side;) . I feel pretty intense with my single 1 ghz G4.
Unlike me though, you actually require that processor power. Can't wait till you post your impressions of your OctoMac within an hour of getting it!!
That way they keep the top 8-core more expensive than any of the less expensive and way less powerful 4-core models. From a marketing point of view this makes a lot more sense to me - since I plan on buying the Dual 2.66GHz Clovertown for +$1100, total $3599 BASE or more if they insist. This is one time when I don't care how much it costs - I need it NOW.
I would understand how your Quad G5 is getting a tad on the slow side;) . I feel pretty intense with my single 1 ghz G4.
Unlike me though, you actually require that processor power. Can't wait till you post your impressions of your OctoMac within an hour of getting it!!
Phil A.
Aug 29, 02:51 PM
The one thing that struck me on the report is the amount of marks given to companies who have committed to a timescale. For example, Apple have committed to removing all BFRs but given no timescale and are marked as "bad". Dell have committed to removing all BFRs by 2009 and are marked "Good". Don't get me wrong, it's good that companies are giving time scales, but they don't really mean jack until they're implemented (the UK committed to the Kyoto protocol and will miss it's commitments by miles), and I think it's a bit misleading to give any company full marks simply because they have given a date that may be missed. I would have preferred to see those marked as Partially Good because clearly a commitment isn't as good as actually delivering on promises.
skunk
Apr 27, 03:18 PM
The fact he is described on tablets in Ugarit doesn't matter for the purposes of ontological arguments that try to answer does "God" (the Judaeo-Christian God) exist?No gods exist. There is not a shred of evidence, ontological or otherwise.
NebulaClash
Apr 28, 09:26 AM
What the heck are you talking about??? :confused:
Yeah, he seems to have forgotton those personal computers known as the Apple ][, the Commodore PET, the Atari 400 and 800, and so on that predated the IBM PC. He's creating a very limited definition that ignores history.
Yeah, he seems to have forgotton those personal computers known as the Apple ][, the Commodore PET, the Atari 400 and 800, and so on that predated the IBM PC. He's creating a very limited definition that ignores history.
Benjamins
Apr 8, 11:17 PM
Velly Intelrsting. Did they start out making games from rocks?
they started off making card games.
they started off making card games.
milo
Sep 12, 05:35 PM
Whoa there! Setting up a media center / 360 extender setup is far from 5x the price of the iTV. As a matter of fact, the 360 is the SAME price as the iTV, 299$.
You of course will need a media center pc to make this work, but you need a pc/mac to make the iTV work as well, so thats an added expense on either side.
Does the PC have to be next to the xbox, or is there a way to transfer (hopefully stream) video wirelessly? And if you're using a PC for this, does it tie up the PC or can you use it for other things?
I have a Sony HD-DVR I use to pause live HDTV as well as record. While having a Elgato tuner hooked up to the mac and recording programs there and then streaming it to the iTV box is doable, you won't be able to pause live TV. That is the kind of integration Apple needs to bring to the table.
What makes you think that wouldn't be possible? Elgato does allow pausing live TV, don't they? I don't see why that couldn't be passed on through the iTV.
Except the quality just won't be there yet with this device. As everyone runs out to buy flat screen TVs this year and next, they're going to get home and want to play iTunes movies only to be completely dismayed by the 640x480 content/quality. 4:3 resolution, yuck :confused:
I know it's 802.11 and certainly features an HDMI out, but streaming 720p HD TV takes about 480 Mbps of bandwith, according to Ars:http://arstechnica.com/news.ars/post/20060906-7681.html Even 802.11n would have trouble with an uncompressed 720p signal, so quality will most likely be compromised as streaming video is increasingly compressed.
There's no reason to use uncompressed HD, all consumer HD formats are compressed and quality can still be very good. Broadcast HDTV only uses about 20Mb, easily handled by .n. And I doubt many people will be "dismayed" by iTunes quality. Right now, isn't HDTV usage way ahead of HD dvd usage? So aren't most people already watching "dvd quality" on their HDTV's?
As an IT consultant, I recommend for anyone who's thinking of using an Airport Express for audio or a Mac Mini for a living room computer (or now this new iTV that will come out next year) to just spend the money on getting a wired connection. Ultimately, wireless will not be at the quality it needs to be to handle this throughput CONSISTENTLY. I still get skips on my Airpot Express when streaming from iTunes.
You're using the .g wireless standard, there's a .n standard on the way which is considerably faster. Looks like the new one is what apple will use.
You of course will need a media center pc to make this work, but you need a pc/mac to make the iTV work as well, so thats an added expense on either side.
Does the PC have to be next to the xbox, or is there a way to transfer (hopefully stream) video wirelessly? And if you're using a PC for this, does it tie up the PC or can you use it for other things?
I have a Sony HD-DVR I use to pause live HDTV as well as record. While having a Elgato tuner hooked up to the mac and recording programs there and then streaming it to the iTV box is doable, you won't be able to pause live TV. That is the kind of integration Apple needs to bring to the table.
What makes you think that wouldn't be possible? Elgato does allow pausing live TV, don't they? I don't see why that couldn't be passed on through the iTV.
Except the quality just won't be there yet with this device. As everyone runs out to buy flat screen TVs this year and next, they're going to get home and want to play iTunes movies only to be completely dismayed by the 640x480 content/quality. 4:3 resolution, yuck :confused:
I know it's 802.11 and certainly features an HDMI out, but streaming 720p HD TV takes about 480 Mbps of bandwith, according to Ars:http://arstechnica.com/news.ars/post/20060906-7681.html Even 802.11n would have trouble with an uncompressed 720p signal, so quality will most likely be compromised as streaming video is increasingly compressed.
There's no reason to use uncompressed HD, all consumer HD formats are compressed and quality can still be very good. Broadcast HDTV only uses about 20Mb, easily handled by .n. And I doubt many people will be "dismayed" by iTunes quality. Right now, isn't HDTV usage way ahead of HD dvd usage? So aren't most people already watching "dvd quality" on their HDTV's?
As an IT consultant, I recommend for anyone who's thinking of using an Airport Express for audio or a Mac Mini for a living room computer (or now this new iTV that will come out next year) to just spend the money on getting a wired connection. Ultimately, wireless will not be at the quality it needs to be to handle this throughput CONSISTENTLY. I still get skips on my Airpot Express when streaming from iTunes.
You're using the .g wireless standard, there's a .n standard on the way which is considerably faster. Looks like the new one is what apple will use.
skunk
Apr 24, 05:59 PM
The freedom of women is an archaic subject. It is established that women generally had less rights as we go back in time.If it was the Word of God™ itself that came from Mohammed's lips, then surely it would sound less like the word of a warlike, bigoted misogynist. Jesus' words are remarkably peaceful and inclusive by comparison. Paul of course, and other "spokesmen" for the organisation, added all kinds of glosses and amendments which were not part of Jesus' original message as transmitted to us.
Anything that goes against Western Values is evil to me... or at least anathema. I don't like the term evil, it's too christian... as is anathema for that matter.Perhaps we can agree on haram? :)
Anything that goes against Western Values is evil to me... or at least anathema. I don't like the term evil, it's too christian... as is anathema for that matter.Perhaps we can agree on haram? :)
sunfast
Sep 20, 03:46 AM
If Iger is correct and iTV has a hard drive.. then I beleive iTV could serve as an external iTunes Library server/device. Authorized computers can access and manage it using iTunes (running as a client). iTS downloads, podcasts, imported physical CDs, etc would all be stored on iTV.
Look at your hard drive usage, Music takes up a significant amount of it. Why does it need to be kept on your local machine if iTV provides a network?
That would be sweet. I hate having to keep plugging and unplugging an external HDD into my MacBook.
Look at your hard drive usage, Music takes up a significant amount of it. Why does it need to be kept on your local machine if iTV provides a network?
That would be sweet. I hate having to keep plugging and unplugging an external HDD into my MacBook.
SolarJ
Apr 6, 09:44 AM
What if I just want my top 10 favorites? In Windows I just drag the icon (of whatever I want) to the Start button, then drop it into the list of my favorites (I'm not sure of the actual term for this). Can this be done on a Mac?
Since I open the same 10 or 12 programs or folders or files many times throughout the day, every day, this is pretty important to me. It would absolutely mess up my work flow to lose this feature.
A way around this is to create shortcuts (make alias) in a new folder of the applications you use most and put the folder in the dock and set the folder to a grid pattern.
Switched almost three years ago! However I still use Parallels to operate windows specific programs.
Since I open the same 10 or 12 programs or folders or files many times throughout the day, every day, this is pretty important to me. It would absolutely mess up my work flow to lose this feature.
A way around this is to create shortcuts (make alias) in a new folder of the applications you use most and put the folder in the dock and set the folder to a grid pattern.
Switched almost three years ago! However I still use Parallels to operate windows specific programs.
eric_n_dfw
Mar 20, 05:34 PM
The trouble with DRM is that it often affects the average Joe consumer more than it hurts those it's intended to stop.Yep. This is true of many laws.
DRM embedded in iTunes annoy Joe Public who burned a track onto his wedding video and now can't distribute it to the wedding guests without working out an authorise/deauthorise schedule.Actually, they get even crazier when you start making derivative works like that. I do video as a hobby and have to be very careful if someone asks me to put a commercial track on the wedding video I'm editting. Technically, I cannot do it without a syncronization license plus royalty payment agreements for each copy sold. Just try to pin down a videographer on the legality of this - it's a HUGE grey area in the fair use clause. Some artists and/or labels (so I've read) won't even let you do it if you are willing to pay for said licenses because they don't want their "art" mixed with someone elses (the video).
The record companies assume everyone is out to be a criminal while the 'criminals' don't bother buying DRMed files or strip out protection and do what they want so just as many files end up on P2P networks and on dodgy CDs on street corners.Welcome to humanity, were the one jerk always screws it up for the rest of us. :mad:
DRM embedded in iTunes annoy Joe Public who burned a track onto his wedding video and now can't distribute it to the wedding guests without working out an authorise/deauthorise schedule.Actually, they get even crazier when you start making derivative works like that. I do video as a hobby and have to be very careful if someone asks me to put a commercial track on the wedding video I'm editting. Technically, I cannot do it without a syncronization license plus royalty payment agreements for each copy sold. Just try to pin down a videographer on the legality of this - it's a HUGE grey area in the fair use clause. Some artists and/or labels (so I've read) won't even let you do it if you are willing to pay for said licenses because they don't want their "art" mixed with someone elses (the video).
The record companies assume everyone is out to be a criminal while the 'criminals' don't bother buying DRMed files or strip out protection and do what they want so just as many files end up on P2P networks and on dodgy CDs on street corners.Welcome to humanity, were the one jerk always screws it up for the rest of us. :mad:
bobsentell
Mar 18, 08:47 AM
Some of the responses on this thread are really amusing.
The people who are defending AT&T's actions are either astroturfing shills, or dolts.
Here's a newsflash: Just because you put something into a contract doesn't make it legal or make it fair. What if AT&T stipulated that they were allowed to come by your house and give you a wedgie every time you checked your voicemail...? Would you still be screaming about how its "justified" because its written on some lop-sided, legalese-ridden piece of paper?
This is a specious argument because they didn't put that in your contract. Your contract says you have no interest in tethering, yet you use it anyway. So it's not AT&T that's doing anything illegal.
If you think AT&T is doing something illegal, then take your dollars to Verizon.
The people who are defending AT&T's actions are either astroturfing shills, or dolts.
Here's a newsflash: Just because you put something into a contract doesn't make it legal or make it fair. What if AT&T stipulated that they were allowed to come by your house and give you a wedgie every time you checked your voicemail...? Would you still be screaming about how its "justified" because its written on some lop-sided, legalese-ridden piece of paper?
This is a specious argument because they didn't put that in your contract. Your contract says you have no interest in tethering, yet you use it anyway. So it's not AT&T that's doing anything illegal.
If you think AT&T is doing something illegal, then take your dollars to Verizon.
XjeffX
May 5, 04:54 PM
I would be thrilled if only 4.5% of my calls were dropped. While I don't use talk on the phone much, nearly 50% of my calls end up dropping at some point.
sawah
Mar 18, 08:40 AM
The point is, whether or not you feel you SHOULD be able to use it any way you want, YOU signed the contract that says you can't!
No one had a problem with it and was all "Take Apple to court!" when they were tethering for free. But now that you're caught you want to complain about the contract?
Argue all you want about whatever, but the facts come down to you signed that contract. It hasn't changed. You don't get to be mad about it now. And somehow I doubt any of you are getting out of an etf if you want to leave because that's always been in the contract you signed.
No one had a problem with it and was all "Take Apple to court!" when they were tethering for free. But now that you're caught you want to complain about the contract?
Argue all you want about whatever, but the facts come down to you signed that contract. It hasn't changed. You don't get to be mad about it now. And somehow I doubt any of you are getting out of an etf if you want to leave because that's always been in the contract you signed.
myamid
Sep 12, 06:39 PM
The HDD space worries me a little. I'm betting they'll offer different versions with $299 being the entry level model with the smallest hard drive. More space will come on higher priced sets. But the harddisk size is something I'm a little concerned about. Does anyone know if it was mentioned wether movies bought can be transfered to another harddrive for safekeeping, or something along those lines?
I don't think the box will have local storage per-se. - it isn't advertised (yet) as a DVR. It's more like the Elgato EyeHome as it streams content stored on your computer. So the HD issue will be on the computer.
I don't think the box will have local storage per-se. - it isn't advertised (yet) as a DVR. It's more like the Elgato EyeHome as it streams content stored on your computer. So the HD issue will be on the computer.
gopher
Oct 9, 01:59 PM
Even more interesting was the advertisement from Apple when the Blue and White G3 came out, and how cool the case was when it opened so simply, they said the "Mac was more open-minded." What amazes me though is there are still just as many Windows users who are biggots in this world as Mac users who are, or even more so. Being though in the minority as we are, Mac users feel all the more need to defend themselves against this biggotted crowd. Apple is trying its hardest to level the playing field by its Switch campaign, and show that it is on the same playing field so that Windows users can't ignore us and demean us with lies, fabrications, and these myths. Only we have some people come on this board who claim that the Mac is much slower. For what purpose? How do we fight ignorance? I work with PCs only because the job I enjoy the most is run by an organization that is biased against Macs, and I'm not in the position to decide how to move Macs into the organization. But it certainly doesn't help to have people who would bad mouth the Mac. It makes us feel more in the minority and feel more the need to defend ourselves. Let's stop this attrocity. Show them what the Mac can do, and it is a viable solution. And Arne, if you are reading these boards, please delete clearly PC biased hate posts ASAP.
balamw
Apr 14, 07:11 PM
It's not a BSD vs. Linux issue, either OS can run either shell or even run different shells in different windows on the same machine
This is generally true, but there are other subtle differences. Some of the provided utilities in Linux are GNU versions of the same utilities provided in Mac OS X. They sometimes can have different command line options than other versions. Fortunately you can install the GNU versions from MacPorts easily.
e.g. the Mac OS version of ls has an option "-@" which is not implemented in the GNU version for Mac OS specific extended attributes, and the GNU version implement verbose options like: --recursive instead of -R.
B
This is generally true, but there are other subtle differences. Some of the provided utilities in Linux are GNU versions of the same utilities provided in Mac OS X. They sometimes can have different command line options than other versions. Fortunately you can install the GNU versions from MacPorts easily.
e.g. the Mac OS version of ls has an option "-@" which is not implemented in the GNU version for Mac OS specific extended attributes, and the GNU version implement verbose options like: --recursive instead of -R.
B
KnightWRX
May 2, 05:51 PM
Until Vista and Win 7, it was effectively impossible to run a Windows NT system as anything but Administrator. To the point that other than locked-down corporate sites where an IT Professional was required to install the Corporate Approved version of any software you need to do your job, I never knew anyone running XP (or 2k, or for that matter NT 3.x) who in a day-to-day fashion used a Standard user account.
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
In contrast, an "Administrator" account on OS X was in reality a limited user account, just with some system-level privileges like being able to install apps that other people could run. A "Standard" user account was far more usable on OS X than the equivalent on Windows, because "Standard" users could install software into their user sandbox, etc. Still, most people I know run OS X as Administrator.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
It's no different than if instead of writing my preferences to $HOME/.myapp/ I'd write a software that required writing everything to /usr/share/myapp/username/. That would require root in any decent Unix installation, or it would require me to set permissions on that folder to 775 and make all users of myapp part of the owning group. Or I could just go the lazy route, make the binary 4755 and set mount opts to suid on the filesystem where this binary resides... (ugh...).
This is no different on Windows NT based architectures. If you were so inclined, with tools like Filemon and Regmon, you could granularly set permissions in a way to install these misbehaving software so that they would work for regular users.
I know I did many times in a past life (back when I was sort of forced to do Windows systems administration... ugh... Windows NT 4.0 Terminal Server edition... what a wreck...).
Let's face it, Windows NT and Unix systems have very similar security models (in fact, Windows NT has superior ACL support out of the box, akin to Novell's close to perfect ACLs, Unix is far more limited with it's read/write/execute permission scheme, even with Posix ACLs in place). It's the hoops that software vendors outside the control of Microsoft made you go through that forced lazy users to run as Administrator all the time and gave Microsoft such headaches.
As far back as I remember (when I did some Windows systems programming), Microsoft was already advising to use the user's home folder/the user's registry hive for preferences and to never write to system locations.
The real differenc, though, is that an NT Administrator was really equivalent to the Unix root account. An OS X Administrator was a Unix non-root user with 'admin' group access. You could not start up the UI as the 'root' user (and the 'root' account was disabled by default).
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
All that having been said, UAC has really evened the bar for Windows Vista and 7 (moreso in 7 after the usability tweaks Microsoft put in to stop people from disabling it). I see no functional security difference between the OS X authorization scheme and the Windows UAC scheme.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
My response, why bother worrying about this when the attacker can do the same thing via shellcode generated in the background by exploiting a running process so the the user is unaware that code is being executed on the system
Because this required no particular exploit or vulnerability. A simple Javascript auto-download and Safari auto-opening an archive and running code.
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
That's the thing, infecting a computer at the system level is fine if you want to build a DoS botnet or something (and even then, you don't really need privilege escalation for that, just set login items for the current user, and run off a non-privilege port, root privileges are not required for ICMP access, only raw sockets).
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
In contrast, an "Administrator" account on OS X was in reality a limited user account, just with some system-level privileges like being able to install apps that other people could run. A "Standard" user account was far more usable on OS X than the equivalent on Windows, because "Standard" users could install software into their user sandbox, etc. Still, most people I know run OS X as Administrator.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
It's no different than if instead of writing my preferences to $HOME/.myapp/ I'd write a software that required writing everything to /usr/share/myapp/username/. That would require root in any decent Unix installation, or it would require me to set permissions on that folder to 775 and make all users of myapp part of the owning group. Or I could just go the lazy route, make the binary 4755 and set mount opts to suid on the filesystem where this binary resides... (ugh...).
This is no different on Windows NT based architectures. If you were so inclined, with tools like Filemon and Regmon, you could granularly set permissions in a way to install these misbehaving software so that they would work for regular users.
I know I did many times in a past life (back when I was sort of forced to do Windows systems administration... ugh... Windows NT 4.0 Terminal Server edition... what a wreck...).
Let's face it, Windows NT and Unix systems have very similar security models (in fact, Windows NT has superior ACL support out of the box, akin to Novell's close to perfect ACLs, Unix is far more limited with it's read/write/execute permission scheme, even with Posix ACLs in place). It's the hoops that software vendors outside the control of Microsoft made you go through that forced lazy users to run as Administrator all the time and gave Microsoft such headaches.
As far back as I remember (when I did some Windows systems programming), Microsoft was already advising to use the user's home folder/the user's registry hive for preferences and to never write to system locations.
The real differenc, though, is that an NT Administrator was really equivalent to the Unix root account. An OS X Administrator was a Unix non-root user with 'admin' group access. You could not start up the UI as the 'root' user (and the 'root' account was disabled by default).
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
All that having been said, UAC has really evened the bar for Windows Vista and 7 (moreso in 7 after the usability tweaks Microsoft put in to stop people from disabling it). I see no functional security difference between the OS X authorization scheme and the Windows UAC scheme.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
My response, why bother worrying about this when the attacker can do the same thing via shellcode generated in the background by exploiting a running process so the the user is unaware that code is being executed on the system
Because this required no particular exploit or vulnerability. A simple Javascript auto-download and Safari auto-opening an archive and running code.
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
That's the thing, infecting a computer at the system level is fine if you want to build a DoS botnet or something (and even then, you don't really need privilege escalation for that, just set login items for the current user, and run off a non-privilege port, root privileges are not required for ICMP access, only raw sockets).
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
ATD
Sep 26, 04:33 PM
This coming year is going to be great. A MacPro with 8 cores along with UB versions of the software packages I use daily. What more could a peep like me ask for... Well, Pixar could offer mult-threading support for Renderman Maya plug-in, that would be nice. :o
Good things come to those who wait. :)
<]=)
I didn't know the Renderman Maya plug-in was not mult-threaded. I was thinking of getting it, are you saying it's only a one cpu renderer?
Good things come to those who wait. :)
<]=)
I didn't know the Renderman Maya plug-in was not mult-threaded. I was thinking of getting it, are you saying it's only a one cpu renderer?
AppliedVisual
Oct 19, 02:32 PM
Congrats! Hope you have better luck than me.. I had to refuse mine on monday because the box was mangled and crushed. Dell is shipping a new one, but I don't have tracking/delivery info yet. :( But like I said before, I have one already and love the the thing.
And now for the update... Dell re-shipped via UPS next-day. Still took until yesterday apparently to actually ship from Dell. But it's here. I just plugged it in and everything looks just fine. No dead/stuck pixels I can see. But then again, that's the way my first one was I bought nearly a year ago. After about 3 months, *POP!* one blue stuck pixel. Hehe, these two screens look maaaavolous together. :D Would it be gloating too much if I posted a pic? Heheheh... Maybe I'll bust out the camera after I clean off my desk. ;)
And now for the update... Dell re-shipped via UPS next-day. Still took until yesterday apparently to actually ship from Dell. But it's here. I just plugged it in and everything looks just fine. No dead/stuck pixels I can see. But then again, that's the way my first one was I bought nearly a year ago. After about 3 months, *POP!* one blue stuck pixel. Hehe, these two screens look maaaavolous together. :D Would it be gloating too much if I posted a pic? Heheheh... Maybe I'll bust out the camera after I clean off my desk. ;)
MadeTheSwitch
Apr 27, 08:37 AM
It wouldn't make sense for God to have his scripture written, then put in a compilation with a bunch of non-scripture, then mistranslated to boot. Therefore, you either believe that there is a God and that the Bible is exactly what it is supposed to be, or you believe neither
It doesn't make sense for a supreme being to require the employ of man to begin with. There's the real fallacy.
It doesn't make sense for a supreme being to require the employ of man to begin with. There's the real fallacy.
Squire
Sep 20, 07:45 AM
To those that say that Apple won't allow this because it would hit their own TV show revenues from the iTunes store... I disagree. They'll have to give in sooner or later, because EyeTV isn't going to go away. Would iTunes/iPod have been such a success if they'd have made us purchase all our music from iTunes, even the stuff we alread had on CD?
I'm not going to pay �3 (or whatever) for an Episode of Lost if I could have recorded on EyeTV last night... especially when C4 repeat each episode about 6 times per week anyway.
I see your point but maybe you're not seeing the big picture-- the future as Apple, perhaps, sees it. (And you are paying for that "Lost" episode whether you watch it or not, aren't you?)
A few minutes ago, I was thinking, Gee...if Apple got enough content on iTunes, a guy could just buy all the stuff he wanted to see and to hell with the rest. I see this as replacing cable TV in the not-too-distant future. Customized, commercial-free TV delivered to your computer and then sent to your iTV box. Why pay for that afternoon soap opera that you never watch?
This model probably would not make financial sense for people who watch a lot of TV but, for those who only watch a select few shows, it might be a good alternative to cable TV.
-Squire
I'm not going to pay �3 (or whatever) for an Episode of Lost if I could have recorded on EyeTV last night... especially when C4 repeat each episode about 6 times per week anyway.
I see your point but maybe you're not seeing the big picture-- the future as Apple, perhaps, sees it. (And you are paying for that "Lost" episode whether you watch it or not, aren't you?)
A few minutes ago, I was thinking, Gee...if Apple got enough content on iTunes, a guy could just buy all the stuff he wanted to see and to hell with the rest. I see this as replacing cable TV in the not-too-distant future. Customized, commercial-free TV delivered to your computer and then sent to your iTV box. Why pay for that afternoon soap opera that you never watch?
This model probably would not make financial sense for people who watch a lot of TV but, for those who only watch a select few shows, it might be a good alternative to cable TV.
-Squire
G5isAlive
Mar 18, 09:51 AM
Sir it is perfect.
You are paying for the same thing.
I have an unlimted plan
and I never have gone over 5gb
if one has a 2gb plan and never goes over and we both surf on the internet
Tethering whats the difference?
I have no idea why you can't understand Data=Data
Water=Water
both are pure
the logic so you understand
I drink water = use Data on the phone
I pour water over my head = Data through tethering
So its valid. Using the same amount of substance, what we pay for, to do things in different ways, what should not matter.
Amount should be the issue not how I used it.
even my 10 year old son LOL when we talked about this, he said he doesn't understand why you would pay twice for the same thing.
Obviously it escapes you.
Sir,
I recommend you go to someone other than your 10 year old son for legal advice as it is clear you have no idea what a contract is. While you may wish the amount is the issue, that is not what you agreed to. Its also clear you don't understand how AT&T comes up with their pricing models and how your selfish actions effect us all.
Again, no one forced you to enter into an agreement with AT&T. There were other phones. And now that Verizon has the iPhone you can even switch carriers.
But you did agree, and now you are operating outside that agreement and crying foul. Sorry, the foul is on you. It doesn't matter if you think they are charging too much etc, any more than you can go in to a store and buy one bottle and steal one bottle of your beloved water because you think their price is too high.
If you feel you are operating under your contract legally, then have the backbone to enter into legal action. I am sure there is a class action hungry lawyer who would love to take on AT&T for some quick bucks, if in fact you do have a case.
But we both know, you don't have a case because you are in fact operating outside the contract.
Just because you can fool a 10 year old into justifying your actions, does not mean you can fool the rest of us.
You are paying for the same thing.
I have an unlimted plan
and I never have gone over 5gb
if one has a 2gb plan and never goes over and we both surf on the internet
Tethering whats the difference?
I have no idea why you can't understand Data=Data
Water=Water
both are pure
the logic so you understand
I drink water = use Data on the phone
I pour water over my head = Data through tethering
So its valid. Using the same amount of substance, what we pay for, to do things in different ways, what should not matter.
Amount should be the issue not how I used it.
even my 10 year old son LOL when we talked about this, he said he doesn't understand why you would pay twice for the same thing.
Obviously it escapes you.
Sir,
I recommend you go to someone other than your 10 year old son for legal advice as it is clear you have no idea what a contract is. While you may wish the amount is the issue, that is not what you agreed to. Its also clear you don't understand how AT&T comes up with their pricing models and how your selfish actions effect us all.
Again, no one forced you to enter into an agreement with AT&T. There were other phones. And now that Verizon has the iPhone you can even switch carriers.
But you did agree, and now you are operating outside that agreement and crying foul. Sorry, the foul is on you. It doesn't matter if you think they are charging too much etc, any more than you can go in to a store and buy one bottle and steal one bottle of your beloved water because you think their price is too high.
If you feel you are operating under your contract legally, then have the backbone to enter into legal action. I am sure there is a class action hungry lawyer who would love to take on AT&T for some quick bucks, if in fact you do have a case.
But we both know, you don't have a case because you are in fact operating outside the contract.
Just because you can fool a 10 year old into justifying your actions, does not mean you can fool the rest of us.
acslater017
Apr 15, 10:50 AM
I have a couple problems with this approach. There's so much attention brought to this issue of specifically gay bullying that it's hard to see this outside of the framework of identity politics.
Where's the videos and support for fat kids being bullied? Aren't they suicidal, too, or are we saying here that gays have a particular emotional defect and weakness? They're not strong enough to tough this out? Is that the image the gay community wants to promote?
Man, being a fat kid in high school. That was rough. There were a number of cool, popular gay guys in my school. I'm sure they took some crap from some people, but oh how I would have rather been one of them! But hey, I'm still here, I'm still alive.
Bullying is a universal problem that affects just about anyone with some kind of difference others choose to pick on. It seems like everyone is just ignoring all that for this hip, trendy cause.
There's nothing wrong with focusing on a particular issue. The Japan tsunami is not the only suffering going on in the world, but people raise money and raise awareness about it cuz it wouldn't make sense to rally around "fix everything".
Where's the videos and support for fat kids being bullied? Aren't they suicidal, too, or are we saying here that gays have a particular emotional defect and weakness? They're not strong enough to tough this out? Is that the image the gay community wants to promote?
Man, being a fat kid in high school. That was rough. There were a number of cool, popular gay guys in my school. I'm sure they took some crap from some people, but oh how I would have rather been one of them! But hey, I'm still here, I'm still alive.
Bullying is a universal problem that affects just about anyone with some kind of difference others choose to pick on. It seems like everyone is just ignoring all that for this hip, trendy cause.
There's nothing wrong with focusing on a particular issue. The Japan tsunami is not the only suffering going on in the world, but people raise money and raise awareness about it cuz it wouldn't make sense to rally around "fix everything".
No comments:
Post a Comment