faroZ06
May 2, 06:26 PM
Switching off or turning down UAC in Windows also equally impacts the strength of MIC (Windows sandboxing mechanism) because it functions based on inherited permissions. Unix DAC in Mac OS X functions via inherited permissions but MAC (mandatory access controls -> OS X sandbox) does not. Windows does not have a sandbox like OS X.
UAC, by default, does not use a unique identifier (password) so it is more susceptible to attacks the rely on spoofing prompts that appear to be unrelated to UAC to steal authentication. If a password is attached to authentication, these spoofed prompts fail to work.
Having a password associated with permissions has other benefits as well.
If "Open safe files after downloading" is turned on, it will both unarchive the zip file and launch the installer. Installers are marked as safe to launch because require authentication to complete installation.
No harm can be done from just launching the installer. But, you are correct in that code is being executed in user space.
Code run in user space is used to achieve privilege escalation via exploitation or social engineering (trick user to authenticate -> as in this malware). There is very little that can be done beyond prank style attacks with only user level access. System level access is required for usefully dangerous malware install, such as keyloggers that can log protected passwords. This is why there is little malware for Mac OS X. Achieving system level access to Windows via exploitation is much easier.
Webkit2 will further reduce the possibility of even achieving user level access.
The article suggested that the installer completed itself without authentication. I don't see how that is possible unless you are using the root account or something. It would give sudo access, but even still you'd get SOME dialog box :confused:
UAC, by default, does not use a unique identifier (password) so it is more susceptible to attacks the rely on spoofing prompts that appear to be unrelated to UAC to steal authentication. If a password is attached to authentication, these spoofed prompts fail to work.
Having a password associated with permissions has other benefits as well.
If "Open safe files after downloading" is turned on, it will both unarchive the zip file and launch the installer. Installers are marked as safe to launch because require authentication to complete installation.
No harm can be done from just launching the installer. But, you are correct in that code is being executed in user space.
Code run in user space is used to achieve privilege escalation via exploitation or social engineering (trick user to authenticate -> as in this malware). There is very little that can be done beyond prank style attacks with only user level access. System level access is required for usefully dangerous malware install, such as keyloggers that can log protected passwords. This is why there is little malware for Mac OS X. Achieving system level access to Windows via exploitation is much easier.
Webkit2 will further reduce the possibility of even achieving user level access.
The article suggested that the installer completed itself without authentication. I don't see how that is possible unless you are using the root account or something. It would give sudo access, but even still you'd get SOME dialog box :confused:
jeffgarden
Mar 18, 05:04 PM
Sorry, i didn't read every post so this may be repeatative but...
If you're going to PAY for music to break drm, just buy it at a store or use Kazaa
OR get napster to go trial, get virtuosa 5.0 to make them mp3's and you're done
why would you pay for something you don't want
If you're going to PAY for music to break drm, just buy it at a store or use Kazaa
OR get napster to go trial, get virtuosa 5.0 to make them mp3's and you're done
why would you pay for something you don't want
wpotere
Mar 18, 01:31 PM
They will never make me switch!!!!!! I will never give them any money!!!!!
No Service...
WTF???
:p
No Service...
WTF???
:p
izzle22
Sep 21, 01:33 PM
What are you a comedian? Give me a break. I expected this sort of reaction. It's very easy to say that when you're not the one being effected by this.
Hey at least you guys had U2 before we did.:)
Hey at least you guys had U2 before we did.:)
bassfingers
Apr 27, 12:27 AM
So what? So someone had to decide which books belonged in there and which did not. The choice was most certainly partly arbitrary and partly political. I mean, even if you could reasonably claim divine inspiration for the authorship, can you also claim divine guidance for the compilation? Especially considering that various Christian sects cannot agree on even that.
The books were selected nearly unanimously with the exception of a select few books of the bible.
Also, if they were divinely inspired (meaning God went through the trouble of having them written), why would they not be divinely compiled together? It wouldn't make sense for God to have his scripture written, then put in a compilation with a bunch of non-scripture, then mistranslated to boot. Therefore, you either believe that there is a God and that the Bible is exactly what it is supposed to be, or you believe neither
The books were selected nearly unanimously with the exception of a select few books of the bible.
Also, if they were divinely inspired (meaning God went through the trouble of having them written), why would they not be divinely compiled together? It wouldn't make sense for God to have his scripture written, then put in a compilation with a bunch of non-scripture, then mistranslated to boot. Therefore, you either believe that there is a God and that the Bible is exactly what it is supposed to be, or you believe neither
Rodimus Prime
Mar 13, 11:50 PM
Why can't people get away from the concept of a centralized power source, like a coal or nuclear plant or even a wind farm to generate their national needs? I even see arguments that 'we don't have the space' for alternative power. Look at an aerial photo of any city and all you see is miles and miles of dead empty blank rooves. Solar panels or even small wind turbines on every single roof in every city will have people either reducing their reliance on a central power source or even contributing their own electricity to the grid to the point you may not even need a central power source, or maybe just one - which could be a wind farm or a nice clean geothermal plant.
I sure as hell would not want wind turbines on the roof of houses. The noise from them would drive me insane.
I am a fan of putting solar cells on the roof of houses and then the excess power is sold back to the grid. That helps reduce it by a fair amount. Not that it would work in a large part of the country due to not being cost effective. You need to be farther south for it to really be worth it and have fair amount of sun shine.
biggest thing is we need more efficiency out of what we have. HVAC is some of the biggest power draining system and improve those and it greatly improves the over all system.
I sure as hell would not want wind turbines on the roof of houses. The noise from them would drive me insane.
I am a fan of putting solar cells on the roof of houses and then the excess power is sold back to the grid. That helps reduce it by a fair amount. Not that it would work in a large part of the country due to not being cost effective. You need to be farther south for it to really be worth it and have fair amount of sun shine.
biggest thing is we need more efficiency out of what we have. HVAC is some of the biggest power draining system and improve those and it greatly improves the over all system.
torbjoern
Apr 24, 11:56 PM
I don't think many atheists actually feel that a god absolutely does not exist. Atheism is simply the lack of a belief in a god but most atheists, I believe, are agnostic in the actual existence. While lacking in a belief about a god, most would keep an open mind on the issue or would say it's impossible to know either way.
Sense tells me that the truth value of God's existence is unknowable. However, in my opinion, it's not just unknowable but also totally irrelevant for how we should live. In other words, it is not important to know if there is a God or not. Is that closer to agnosticism or to atheism (if we separate these two notions completely)?
Sense tells me that the truth value of God's existence is unknowable. However, in my opinion, it's not just unknowable but also totally irrelevant for how we should live. In other words, it is not important to know if there is a God or not. Is that closer to agnosticism or to atheism (if we separate these two notions completely)?
Thunderhawks
Apr 13, 07:13 AM
Ugh... you guys speak as if you are all full-time film editors...
The new features are amazing! The hall that they presented at, well they were pretty much all "pros" in the industry. They were all pretty much PSYCHED about these features..
For what it's worth, I'm a film production major...
Bet you that guy doesn't even know what he is talking about.
He just likes to rattle the (APPLE) cage:-)
He is addicted to MR and Apple and has a hard time to approve of anything Apple does.
Funny though he uses their products!
The new features are amazing! The hall that they presented at, well they were pretty much all "pros" in the industry. They were all pretty much PSYCHED about these features..
For what it's worth, I'm a film production major...
Bet you that guy doesn't even know what he is talking about.
He just likes to rattle the (APPLE) cage:-)
He is addicted to MR and Apple and has a hard time to approve of anything Apple does.
Funny though he uses their products!
BenRoethig
Oct 26, 09:04 AM
I wonder if the current MacPro will finally be the first Mac where we could swap out the actual processor for the new quad. Didn't Barefeats or somebody do a test on that already?
The intel machines use intel standard parts. No proprietary CPU riser cards or what have you. If you can get to the CPU, that is.
The intel machines use intel standard parts. No proprietary CPU riser cards or what have you. If you can get to the CPU, that is.
Edge100
Apr 15, 12:21 PM
All things being equal, they prevent HIV versus not using them. But the promotion of a sexually promiscuous lifestyle increases the risk overall. That's what that argument is about, not that hard to get, really.
That's NOT what the argument is about. Your church LIED to people about the efficacy of condoms - people for whom the only source of that information was the Catholic church.
And they lied about it to married couples, too.
Oh, and just in case we're not clear on this: abstinence-only education doesn't work.
That's NOT what the argument is about. Your church LIED to people about the efficacy of condoms - people for whom the only source of that information was the Catholic church.
And they lied about it to married couples, too.
Oh, and just in case we're not clear on this: abstinence-only education doesn't work.
iJohnHenry
Apr 26, 08:26 AM
One of my thoughts on why people follow a religion are that they were raised with it, so it becomes a tradition.
That would not be my word of choice.
Brainwashing or indoctrination comes closer to the mark.
That would not be my word of choice.
Brainwashing or indoctrination comes closer to the mark.
redAPPLE
Sep 12, 04:07 PM
where is the pre-order list, where i can register? :D
toddybody
Apr 21, 08:41 AM
So why are you here? :confused:
Yeah, I wonder that too sometimes.
wallpaper graffiti murals.
Microphone Pattern Wallpaper
Graffiti Wall Home Decor
Big Flowers Pattern Wallpaper
Yeah, I wonder that too sometimes.
CaoCao
Apr 22, 08:00 PM
This makeup of this forum's members intrigues mean slightly. Why are most of the posters here Atheists? Is it part of the Mac using demographic, the Internet in general's demographic, or are Atheists just the most interested in Politics, Religon, and Social Issues?
iz cald teh interwebz, der r lotz ov werd peplz hre.
The internet has a lot of anarchists too, they typically think they are one of the few people who have broken free of the slave mindset of their country
iz cald teh interwebz, der r lotz ov werd peplz hre.
The internet has a lot of anarchists too, they typically think they are one of the few people who have broken free of the slave mindset of their country
kas23
Apr 28, 09:00 AM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134 Safari/6533.18.5)
I think this is a very interesting quote from the article:
"iPad owners used a significantly wider range of categories than other pad users. The most popular apps among non-iPad owners tended to be relatively functional ones, such as e-mail, social networking, news and banking. While iPad owners also used these apps, they reported a much higher use of general web browsing and video consumption."
I think this is a very interesting quote from the article:
"iPad owners used a significantly wider range of categories than other pad users. The most popular apps among non-iPad owners tended to be relatively functional ones, such as e-mail, social networking, news and banking. While iPad owners also used these apps, they reported a much higher use of general web browsing and video consumption."
mdntcallr
Sep 25, 11:58 PM
well sounds like i need to chill out and not but the mac pro i was thinking of. perhaps i will wait till they are refreshed with this.
Hopefully the new mac pro's will also have a blu-ray drive option with HDMI HDTV option.
also, with new HDTV TV/Monitor with Speakers integrated Displays.
Hopefully the new mac pro's will also have a blu-ray drive option with HDMI HDTV option.
also, with new HDTV TV/Monitor with Speakers integrated Displays.
Speedy2
Oct 7, 11:38 AM
Erm.. you're being closed minded.
Kid Ocean Wall Mural Design
Graffiti Murals Wallpaper
munkery
May 2, 04:56 PM
Again, look, if you're not interested in the mechanics, that's fine. Stop replying to me.
My post is inquiring about the mechanics. For the past hour, I've been trying to find how this thing ticks by searching around for in-depth articles (none to find, everyone just points to Intego's brief overview that is seriously lacking in details) or for the archive itself.
If you don't want to take this discussion to the technical level I am trying to take it, just don't participate.
The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer. (EDIT: the Javascript code did not exploit a vulnerability in Safari).
The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.
An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.
If you had any technical knowledge you could have figured that out yourself via the Intego article.
I don't know of any other Web browser (this is not a OS problem, it's a Safari problem) that automatically assumes executables are safe and thus should be auto-executed.
Installers being marked as safe really doesn't increase the likelihood of user level access as any client-side exploit provides user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just an exploit that provides user level access.
What does Webkit2 have anything to do with running an installer on the OS after downloading it ? That happens outside the rendering engine's sandbox. You're not quite understanding what this sandbox does if you think this protects you against these types of attacks.
Webkit2 will prevent user level access via an exploit. Preventing these types of attacks is the intended purpose of sandboxing.
My post is inquiring about the mechanics. For the past hour, I've been trying to find how this thing ticks by searching around for in-depth articles (none to find, everyone just points to Intego's brief overview that is seriously lacking in details) or for the archive itself.
If you don't want to take this discussion to the technical level I am trying to take it, just don't participate.
The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer. (EDIT: the Javascript code did not exploit a vulnerability in Safari).
The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.
An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.
If you had any technical knowledge you could have figured that out yourself via the Intego article.
I don't know of any other Web browser (this is not a OS problem, it's a Safari problem) that automatically assumes executables are safe and thus should be auto-executed.
Installers being marked as safe really doesn't increase the likelihood of user level access as any client-side exploit provides user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just an exploit that provides user level access.
What does Webkit2 have anything to do with running an installer on the OS after downloading it ? That happens outside the rendering engine's sandbox. You're not quite understanding what this sandbox does if you think this protects you against these types of attacks.
Webkit2 will prevent user level access via an exploit. Preventing these types of attacks is the intended purpose of sandboxing.
Bill McEnaney
Mar 27, 04:52 PM
It may be his favourite question, but very valid.
From what I have seen you'll come up with a list of (self?)published books� Not quite the same thing as "published anything in a peer-reviewed scientific journal of high (or even average) standing".
I haven't cited any self-published book about any topic.
From what I have seen you'll come up with a list of (self?)published books� Not quite the same thing as "published anything in a peer-reviewed scientific journal of high (or even average) standing".
I haven't cited any self-published book about any topic.
WestonHarvey1
Apr 15, 11:27 AM
Not what he said, but how he said it. But you already knew what I meant.
People tossing out random verses from the Pentateuch/Torah to defend or condemn religion is problematic and is above most people's pay grades. There are plenty of rabbis and other scholarly folks who can help people understand some of these harsh and difficult passages. Of course, it's easier and way more fun to remain ignorant of these books to play "gotcha!" with other people's religious beliefs.
The modern view of homosexual sex in all the orthodox Christian religions is so tame and simple it's almost boring. It's just premarital sex, which is considered sinful. It's not morally worse than heterosexual premarital sex. And yes, marriage is considered to be between a man and a woman in these religions, so yes, that does really suck for the orthodox gay Christian.
People tossing out random verses from the Pentateuch/Torah to defend or condemn religion is problematic and is above most people's pay grades. There are plenty of rabbis and other scholarly folks who can help people understand some of these harsh and difficult passages. Of course, it's easier and way more fun to remain ignorant of these books to play "gotcha!" with other people's religious beliefs.
The modern view of homosexual sex in all the orthodox Christian religions is so tame and simple it's almost boring. It's just premarital sex, which is considered sinful. It's not morally worse than heterosexual premarital sex. And yes, marriage is considered to be between a man and a woman in these religions, so yes, that does really suck for the orthodox gay Christian.
twoodcc
Oct 26, 12:29 AM
well i must say i'd be kinda suprized to see an update this early with apple. especially since i just bought a mac pro. i'd be mad if the prices of the one i just bought goes down
Apple OC
Apr 22, 08:06 PM
Science is where you will find the real answers
thatsallfolks
Apr 5, 09:40 PM
I'm was a complete Mac virgin when I switched a couple of months ago but some of the small things that still annoy me.
1. Pressing delete when you've selected a file in finder doesn't delete the file. You've gotta use the context menu or <gasp> actually drag it to the garbage.
2. It's kinda' weird that the menu bar shows at the top of the screen and not the window. When you have alot of windows open I sometimes go into the menu bar thinking it belongs to another program than what I intended.
3. There's no ".." button in finder(i.e. go one level up a directory structure)
4. Not having an actual uninstall program procedure kind of makes me paranoid.
I do love the magic mouse and obviously Macs look slicker than PCs so overall I guess I'm satisfied and I'm sure any reasonable person would be as well but from what I've seen of Windows 7 I would think most reasonable people would be happy with that too.
1. Pressing delete when you've selected a file in finder doesn't delete the file. You've gotta use the context menu or <gasp> actually drag it to the garbage.
2. It's kinda' weird that the menu bar shows at the top of the screen and not the window. When you have alot of windows open I sometimes go into the menu bar thinking it belongs to another program than what I intended.
3. There's no ".." button in finder(i.e. go one level up a directory structure)
4. Not having an actual uninstall program procedure kind of makes me paranoid.
I do love the magic mouse and obviously Macs look slicker than PCs so overall I guess I'm satisfied and I'm sure any reasonable person would be as well but from what I've seen of Windows 7 I would think most reasonable people would be happy with that too.
Don't panic
Mar 14, 08:37 PM
seem like things are degenerating at the reactor site. very worrying.