Linked by Thom Holwerda on Fri 20th Mar 2009 13:51 UTC, submitted by google_ninja
Fresh from winning the PWN2OWN contest yesterday, Charlie Miller has been interviewed by ZDNet. He talks about how Mac OS X is a very simple operating system to exploit due to the lack of any form of anti-exploit features. He also explains that the underlying operating system is much more important in creating a successful exploit than the bowser, why Chrome is so hard to hack, and many other things.
Thread beginning with comment 354137
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by sadyc
by darknexus on Fri 20th Mar 2009 16:04
in reply to "RE[2]: Comment by sadyc"
Member since:2008-07-15
RE[3]: Comment by sadyc
by wannabe geek on Fri 20th Mar 2009 17:23
in reply to "RE[2]: Comment by sadyc"
Member since:2006-09-27
Why not blame FORD executives for refusing to buy the information about defective cars, thereby exposing their customers to the risk?
I'm with Miller on this one, to some extent. Selling the information to criminals would be wrong, but I don't think anyone should work for free for closed-source, IP-paranoid company who boasts making a highly secure and usable operating system. In fact, I'd say it would be extremely shortsighted to help these companies for free instead of contributing to improve FOSS alternatives. Remember the exploit is not just about Webkit, not even about Safari. The whole OS matters for the exploit, and OSX is not open source.
RE[4]: Comment by sadyc
by Soulbender on Fri 20th Mar 2009 17:50
in reply to "RE[3]: Comment by sadyc"
Member since:2005-08-18
Why not blame FORD executives for refusing to buy the information about defective cars, thereby exposing their customers to the risk?
Except that, for one reason or other, they don't know? And even if they did, who cares who's to blame? Wouldn't it be more important to save lives than play petty blame games? I presume you would gladly let people suffer and die just to point the finger at the execs?
The blame can be assessed at a later time, it won't go away just because you expose the problem. If you keep the problem secret and sell it to them silently there sure as hell won't be any blame dished out.
but I don't think anyone should work for free for closed-source, IP-paranoid company who boasts making a highly secure and usable operating system
Good job missing the point again. It's not about who is closed source and evil or has brown pants or whatever. It's about behaving responsibly and not leaving the general public exposed to danger.
He sat on the bug for a year. FOR A YEAR. Two wrongs does not make a right.
In fact, I'd say it would be extremely shortsighted to help these companies for free instead of contributing to improve FOSS alternatives.
Yes, because all software must be FOSS. It magically makes everything ok. Blah blah blah.
The whole OS matters for the exploit, and OSX is not open source.
Who cares if it's not open source? That's not the point. The point is to not expose the unknowing consumer to risks.
News
Linked by Thom Holwerda on 06/20/13 6:17 UTC, submitted by MOS6510
"In the first episode of Microsoft's new film series 'On the Whiteboard', Editor Pamela Woon chats with two-time Oscar winner Randy Thom about the (often underestimated) importance of sound in human-technology interactions. Thom, the lead sound designer at Skywalker Ranch who worked on films such as The Incredibles, Castaway and Forrest Gump, says that people rarely consider the significance of those signature sounds that come from their trusty devices, whether it be a cell phone, a computer or a tablet."
Linked by Thom Holwerda on 06/19/13 23:02 UTC, submitted by M.Onty
"Microsoft has sensationally abandoned its controversial plans to restrict the sharing of XBox One games, and has also removed daily online authentication requirements for its forthcoming console", reports The Guardian. They had no choice. Still a good move.
Linked by Thom Holwerda on 06/19/13 22:28 UTC
"A snippet of code in the Steam digital distribution platform has revealed that Valve may be planning to let users easily share their games with friends in the future. The Verge has verified the code's authenticity, which was originally spotted by a member of the NeoGAF gaming forum; the code references a 'shared game library' and a notification that would alert a user when their games are currently in use by a borrower." This would change the, uh, game.
Linked by Thom Holwerda on 06/18/13 22:33 UTC
Official Apple statement on PRISM and privacy: "Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it." This is basically Apple re-publishing their earlier statement in a more official manner. You either believe it, or you don't.
Linked by Anonymous on 06/18/13 22:26 UTC
The open source Contiki operating system and its commercial Thingsquare distribution are making strides towards the connected home. According to a Computerworld article, a new LED light bulb manufacturer is putting small computers into their light bulbs. Each computer runs the Contiki OS, which gives each bulb an IP address and allows them to be controlled with a smartphone application. To connect the bulbs to the application, the bulbs use both Wi-Fi and the much lower power IEEE 802.15.4 mesh technology.
Linked by Thom Holwerda on 06/18/13 22:25 UTC
"Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it's forced to give the government. The legal filing, which cites the First Amendment's guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic." Draining the ditch after the cow has drowned in it.
Linked by Thom Holwerda on 06/18/13 17:45 UTC
"I can't find one person who has been using the Nexus 7 for an extended period of time, and hasn't seen a massive downgrade in performance. Just what kind of downgrade are we talking here? I cannot pick up my Nexus 7 without experiencing problems like a lag of ten seconds, or more, just to rotate the display; touches refusing to acknowledged; stuttering notification panel actions; and unresponsive apps." Fully and utterly agreed. My Nexus 7 was blazing-fast and awesome for a few months, and at some point, it just started sucking. Just like that. I've tried loads of ROMs, and nothing helps.
Linked by Thom Holwerda on 06/18/13 17:32 UTC, submitted by poundsmack
A new release of the hobby operating system MenuetOS! The release notes are a bit non-descript, but you'll have to take what you can get: "updates and improvements (picview, httpc, ehci, ...)".
Linked by Thom Holwerda on 06/17/13 17:58 UTC
"The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable Internet connection is still out of reach. And this is far from being a solved problem. There are many terrestrial challenges to Internet connectivity - jungles, archipelagos, mountains. There are also major cost challenges. Right now, for example, in most of the countries in the southern hemisphere, the cost of an Internet connection is more than a month's income. Solving these problems isn't simply a question of time: it requires looking at the problem of access from new angles. So today we're unveiling our latest moonshot from Google[x]: balloon-powered Internet access." Insane.
Linked by Thom Holwerda on 06/17/13 17:52 UTC
"MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a 'Hello World' bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring." Just cool.More News »
Sponsored Links
Member since:
2005-08-18
Allright, so by this logic if you find a fatal flaw in, say, a car from Ford the right and responsible thing to do (since Ford's designs arent "open source") would be to sit on it for an undetermined abount of time until you've find a way to trigger it. once you've done that you do NOT tell the public what the problem is but instead you try to "extort" money from Ford in exchange for not letting anyone know.
Yes, that's surely a society I'd love to live in.
Get this straight, it has NOTHING to do with if Apple's product is open or not, it's about the risk the consumers and the general public is exposed to.