Neowin.net

no explination of the attack vector. is it a link in itunes store or what.

The Playstation Portable is hardly competing with the iPod.

you might be right, you might not be, but some of us do prefer and think that the PSP is way better than the ipod. Im talking about the video ipod not the older versions.

What the hell does a PSP have anything to do with this? Hell, what does having an iPod have anything to do with this?

I smell a troll.

holy poop GoogleNinja is right, i whole-heartedly appologize for my comment, i could of swore the title said iPod and not iTunes :s i guess seeing Apple made my eyes blurry

"The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X"
Did you miss that sentence?

I don't fully understand that sentence! What other OS is there? Linux? AmigaOS?

They mean that Apple IIe users who are running AppleDOS asre not affected.

If you guys read the actual source, there is a correction at the bottom:

QUOTE

This story initially quoted an incorrect report on the eEye Digital Security Web site saying an iTunes security flaw affected both Windows and Mac operating systems. To clarify, eEye is still testing the flaw on the Mac OS.

So no, so far this is not a Mac OS X problem. They are still trying to determine that.

Hmm... If I read this comment right, you are trying to conclude that this flaw is a OS problem, which it isn't. It just happens that there is proof that the version of the software that is flawed is for Windows OS' and that there isn't conclusive evidence that the flaw exists for Mac OSX.

Are we then going to argue that its a Microsoft problem? I sure hope not.

parithon, there is no doubt that there is a bug with iTunes but whether or not such a bug can execute arbitrary code has a lot to do with the system architecture the software is running on.

It does not appear to affect OS X because of differing OS design.

So even if Apple developers mess up their job, its Microsoft's fault ? come on a-dude control your MS/Windows hatred

Windows XP's design was created 5 years ago, both before Microsoft's major security incentives and before these hacks became common.

Because of this, it’s the sole responsibility of developers to secure their code; it wasn't viewed by Microsoft that software should be considered dangerous, as an example.

Furthermore, Windows XP has the ability to use limited-user rights (Power Users), its not used by default. This has changed and will be seen in Windows Vista.

dhan, I'm a windows developer. My livelihood is based on windows. People who windows in an IT role tend to not be "fanboys" of the platform because they see the ugly side of it every work day. MSFT software can be a pain in the butt to install and configure (MS CMS is a prime example). Fanboyism is generally frowned on in IT. You have to use the tools you are given by your employer and do your job. Grow up for crying out loud.

parithon, it is indeed the responsibility of the developers of applications to secure their code but it is also the responsibility of OS developers to do the same.

I don't buy the suggestion that XP was designed in an era of less hacks and exploits. Windows NT 3.x-4.x and 2000 where targets of various viruses and worms long before XP was out of beta. I was an official beta tester of XP. Windows 9x was most definately being targeted as well.

When XP was in development, they already had a significant precedent and they should have designed XP with a limited administrator account.

Vista will have a limited administrator account which will have to authenticate temporarily to perform "Root" maintenance tasks. This feature has been present in OS X and linux for years in the form of the "sudo" command.

QUOTE

Vista will have a limited administrator account which will have to authenticate temporarily to perform "Root" maintenance tasks. This feature has been present in OS X and linux for years in the form of the "sudo" command.

THANK YOU! Someone finally said it.

Which is why I don't buy the whole non hacker issue before XP. UNIX itself was built with "Root" access for a reason.

QUOTE

This is NOT as OSX problem. The security alert is only for Microsoft Operating Systems.

Even if that was true it doesn't change the fact that the flaw is in Apple code. Some have made the point that XP is at fault because it defaults everyone to Admin, which is partly true. But, a hacker taking over a limited account can still cause a lot of problems, they could access to delete any data that user has access to (ie, all your files!).

aristotle-dude, I agree with you... however, when Windows XP was released when Microsoft was more worried about the easy user experience rather than the effects it would have on security. Who is to blame them? 2000 wasn't exactly a year where users were worried about security as much as today, and I don't think users were ready to reduce the administrators rights by default.

It's a different world today, users are more ready than ever to deal with extra steps to install or use their OS in the face of security.

It couldn't majorly screw OS X up without root access.

Last edited by 11680 on 19 Nov 2005 - 20:19

Your right, it could not screw up the OS much, just all your emails, files and anything else your account has access to.

This is true and something I didn't really think about when posting. Backups are made for a reason but how many of us faithfully do it?

That's a laugh.

Well it is true; this reported flaw is in Apple's software.

My comment was addressing blaming apple's crappy developers ... as opposed to, what, Microsoft's great ones!?

It wasn't meant to spark any flaming discussion. Just to quietly address why I thought it was funny in a few words for those who would get it. Maybe I was to vague.

*Note: I am by no means an Apple fanboy. I just think Apple allows their developers to write more secure code as a result of the OS design.

Last edited by 11680 on 20 Nov 2005 - 20:07