 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
We've all heard about Flashback, an exploit that starts from a security hole in older versions of Java, a hole that Oracle patched months before Apple got around to fixing the version they distribute. I let that slide because Java isn't Apple's product. Today, Apple's "most secure operating system" has been caught with its pants around its ankles. If you've read Slashdot then you know about the Legacy FileVault cleartext password logging debug flag. That's not what I'm on about but it is related. What I'm on about is the fact that this code exists in the released versions of the OS and updates. I understand the need for debugging in the development context. The root of the problem is that this is implemented as a debugging flag rather than a compilation switch. Code like this shouldn't be in release. It should be completely skipped in release builds so that the code path can't be exploited. An attacker can't exploit something that doesn't exist. Unlike the Flashback exploit, this one is entirely Apple's fault. The fact that this got into the released OS speaks volumes. First and most obviously is that Apple's QA department doesn't take security seriously enough. How the heck do you miss something like this, and continue to miss it for three months straight? Carelessness or ignorance or both. Second is that Apple's developers don't take security as seriously as they should. FileVault is one of the critical pieces of security infrastructure in their flagship operating system and they treat password exposure as an on/off switch. This isn't just the login password. It's the Keychain password. It really is the key to a user's kingdom. And they forget to turn it off. Carelessness and ignorance again. Apple recently removed Samba from OS X and replaced it with an SMB server and client developed in-house. I cannot help but wonder if Apple's SMB implementation has the same kinds of security-destroying debug toggles in it. I wonder the same about iOS since it shares everything underneath the UI layers. I used to describe Macintosh as the best Unix desktop in the world. As of today I describe Macintosh as the most dangerous operating system in the world. It's not the recent, highly-publicized flaws in it. Rather, it's the philosophies, the carelessness and ignorance, that permitted them to occur in the first place. Security holes can be fixed, but bad design is forever. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
