As the Apple Turns    About    Reruns    Contact    Preferences Sat 9:11 AM

Security? What Security? (11/26/03)
SceneLink
 

Feeling left out because those Windows users seem to get all the good security holes? Sure, Apple issues "Security Updates" every once in a while, but really, when was the last time a Mac security flaw led to global disruption and billions of dollars' worth of lost productivity? Exactly. We Mac users sort of get the short end of the stick in this whole deal.

Well, it may not be the Blaster worm or anything, but faithful viewer William Carrel still gives us something we can give thanks for: he's publicized a "new" Mac OS X security hole over at Carrel.org which is slightly more exciting than the ones we typically see: apparently a "malicious DHCP response can grant root access" to clever evildoers, which, as you probably know, means that they could do pretty much anything to your Mac that they want, short of painting it red with a cool flame on the side. (More's the pity-- wouldn't that look bitchin'?)

Most of the lame Mac OS X security flaws we hear about aren't so serious as to allow root access to a Mac, especially without requiring physical access to the keyboard, so this latest advisory is already more exciting than usual. But get this: on top of potentially handing the Bad Guys the proverbial keys to the castle (as new Windows flaws do four or five times a month), this DHCP hole is reportedly present and wide open with default settings under Panther and Jaguar (both regular and Server versions), and probably earlier versions of Mac OS X as well. It's not quite Microsoftian in scale, but it's getting closer. Hooray for progress!

For what it's worth, exploiting the hole requires the Black Hats to run a DHCP server on a network reachable by your Mac, so this is apparently mostly an issue for people with AirPort cards or connected to large local networks. We're sure a fix from Apple is coming (although William waited 48 days after telling Apple about the hole before finally spreading the word himself), but in the meantime read the advisory for several workarounds that can protect you. They take literally about twenty seconds and maybe fifteen mouse clicks to perform. And just be thankful there isn't even any typing involved, lazybones.

 
SceneLink (4360)
And Now For A Word From Our Sponsors
 

As an Amazon Associate, AtAT earns from qualifying purchases

 

The above scene was taken from the 11/26/03 episode:

November 26, 2003: A PowerBook user comes through a theft relatively unscathed, thanks to his clever use of Mac OS X's "password hint" feature. Meanwhile, Robert X. Cringeley resurrects the Apple Tablet rumor with 30,000 volts of Ultra-Wide Band action, and a new security flaw in Mac OS X almost approaches Microsoft's lofty standards for pain, but not quite...

Other scenes from that episode:

  • 4358: Day To Give Thanks Indeed (11/26/03)   Here we go, folks-- it's time for another new AtAT episode! Yeah! Woooo! So buckle up and get ready for your daily dose of sarcasm, melodrama, and overdone references to Reality Distortion Fields! Also, some childish insults and tired jabs at Steve Ballmer. Plus decent spelling and made-up words galore. And as always, some sort of... satire...

  • 4359: Thanksgiving Of The Dead (11/26/03)   Oh, but there's just so much to be thankful for! Take, for example, Mac rumors with the persistence and dogged tenacity of a brain-starved zombie hobbling futilely after an amused and oh-so-wheeled Stephen Hawking as he motors away with a twinkle in his eye...

Or view the entire episode as originally broadcast...
Vote Early, Vote Often!
Why did you tune in to this '90s relic of a soap opera?
Nostalgia is the next best thing to feeling alive
My name is Rip Van Winkle and I just woke up; what did I miss?
I'm trying to pretend the last 20 years never happened
I mean, if it worked for Friends, why not?
I came here looking for a receptacle in which to place the cremated remains of my deceased Java applets (think about it)

(1241 votes)

As an Amazon Associate, AtAT earns from qualifying purchases

DISCLAIMER: AtAT was not a news site any more than Inside Edition was a "real" news show. We made Dawson's Creek look like 60 Minutes. We engaged in rampant guesswork, wild speculation, and pure fabrication for the entertainment of our viewers. Sure, everything here was "inspired by actual events," but so was Amityville II: The Possession. So lighten up.

Site best viewed with a sense of humor. AtAT is not responsible for lost or stolen articles. Keep hands inside car at all times. The drinking of beverages while watching AtAT is strongly discouraged; AtAT is not responsible for damage, discomfort, or staining caused by spit-takes or "nosers."

Everything you see here that isn't attributed to other parties is copyright ©,1997-2024 J. Miller and may not be reproduced or rebroadcast without his explicit consent (or possibly the express written consent of Major League Baseball, but we doubt it).