Jason Beck
May 3, 06:35 PM
Someone link us some malware and viruses for OSX so we can have a looksie.
munkery
May 2, 04:56 PM
Again, look, if you're not interested in the mechanics, that's fine. Stop replying to me.
My post is inquiring about the mechanics. For the past hour, I've been trying to find how this thing ticks by searching around for in-depth articles (none to find, everyone just points to Intego's brief overview that is seriously lacking in details) or for the archive itself.
If you don't want to take this discussion to the technical level I am trying to take it, just don't participate.
The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer. (EDIT: the Javascript code did not exploit a vulnerability in Safari).
The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.
An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.
If you had any technical knowledge you could have figured that out yourself via the Intego article.
I don't know of any other Web browser (this is not a OS problem, it's a Safari problem) that automatically assumes executables are safe and thus should be auto-executed.
Installers being marked as safe really doesn't increase the likelihood of user level access as any client-side exploit provides user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just an exploit that provides user level access.
What does Webkit2 have anything to do with running an installer on the OS after downloading it ? That happens outside the rendering engine's sandbox. You're not quite understanding what this sandbox does if you think this protects you against these types of attacks.
Webkit2 will prevent user level access via an exploit. Preventing these types of attacks is the intended purpose of sandboxing.
My post is inquiring about the mechanics. For the past hour, I've been trying to find how this thing ticks by searching around for in-depth articles (none to find, everyone just points to Intego's brief overview that is seriously lacking in details) or for the archive itself.
If you don't want to take this discussion to the technical level I am trying to take it, just don't participate.
The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer. (EDIT: the Javascript code did not exploit a vulnerability in Safari).
The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.
An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.
If you had any technical knowledge you could have figured that out yourself via the Intego article.
I don't know of any other Web browser (this is not a OS problem, it's a Safari problem) that automatically assumes executables are safe and thus should be auto-executed.
Installers being marked as safe really doesn't increase the likelihood of user level access as any client-side exploit provides user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just an exploit that provides user level access.
What does Webkit2 have anything to do with running an installer on the OS after downloading it ? That happens outside the rendering engine's sandbox. You're not quite understanding what this sandbox does if you think this protects you against these types of attacks.
Webkit2 will prevent user level access via an exploit. Preventing these types of attacks is the intended purpose of sandboxing.
beatle888
Mar 20, 08:24 PM
I think it's a great convenience. I'm just saying that the inevitable wrath-of-God response from Apple is somewhat unwarranted.
somewhat unwarranted? so apple should be passive, lay like a female dog and just take it in submissive glory? i think steves more of a man.
somewhat unwarranted? so apple should be passive, lay like a female dog and just take it in submissive glory? i think steves more of a man.
EagerDragon
Jul 12, 12:20 PM
How much hotter would a MacBook Pro be with a single Woodcrest?
Why not Woodcrest for entire PRO line?
Why not Woodcrest for entire PRO line?
Mord
Jul 12, 05:55 AM
At what point servers began to demand less than workstations or regular desktops? Server-grade hardware (SCSI cards for example) are 8x pcie, so I expect nothing less from Apple server hardware. Anything less would be a joke.
i meant for graphics.
oh and stop with the quadruple posting, you can reply and open the thread in another tab and copy quotes across to multi quote, or just learn the quoting syntax and use one window
as for why mac users use photoshop it's because the competitors suck, gimp is ok but nothing more, corel products make me want to pull my hair out and don't talk to me about fireworks is a completely different product.
i meant for graphics.
oh and stop with the quadruple posting, you can reply and open the thread in another tab and copy quotes across to multi quote, or just learn the quoting syntax and use one window
as for why mac users use photoshop it's because the competitors suck, gimp is ok but nothing more, corel products make me want to pull my hair out and don't talk to me about fireworks is a completely different product.
skunk
Mar 14, 06:55 PM
@skunk:
http://en.wikipedia.org/wiki/HVDC_Inter-IslandVery interesting. Thanks. :)
http://en.wikipedia.org/wiki/HVDC_Inter-IslandVery interesting. Thanks. :)
econgeek
Apr 12, 11:09 PM
No, your ignorance of Adobe's stance in the professional broadcast industry comes off as snotty.
It is impossible for me to display any ignorance of a topic of which I have not addressed. I challenge you to find a post from me where I use the phrase "professional broadcast industry".
If you cannot do it, then you are constructing a lie out of whole cloth in order to attack me, because, apparently, you cannot construct a counter argument to any of the points I have made.
I think your need to attack me proves my case beyond any need of myself to defend my point or myself.
It is impossible for me to display any ignorance of a topic of which I have not addressed. I challenge you to find a post from me where I use the phrase "professional broadcast industry".
If you cannot do it, then you are constructing a lie out of whole cloth in order to attack me, because, apparently, you cannot construct a counter argument to any of the points I have made.
I think your need to attack me proves my case beyond any need of myself to defend my point or myself.
manu chao
Mar 19, 12:10 PM
Same logic: if I take someone else's car, and drive away with it, I'm stealing it. But if I create an identical copy of the car (using a replicator I got from Star Trek) for myself, have I stolen anything? From whom have I stolen?
If you go to a concert, theatre play, any kind of performance or into any of fee-charging class or course and smuggle yourself in through some kind of backdoor without paying for the ticket or the course, did you steal anything?
Not according to your logic.
Should this behaviour be allowed?
If you go to a concert, theatre play, any kind of performance or into any of fee-charging class or course and smuggle yourself in through some kind of backdoor without paying for the ticket or the course, did you steal anything?
Not according to your logic.
Should this behaviour be allowed?
ChrisA
Sep 26, 01:40 AM
So say I�m using my 8-core Mac Pro for CPU intensive digital audio recording. Would I be able to assign two cores the main program, two to virtual processing........
That is not the way it's done. One does not asign threads to cores. What yu do is crate threads and let the operating system shedle cores to "ready" threads
That is not the way it's done. One does not asign threads to cores. What yu do is crate threads and let the operating system shedle cores to "ready" threads
puma1552
Mar 12, 06:03 AM
Good. Perhaps we can depend on being kept up to date. The media does it's job, but is a loose cannon.
The problem for the west with a situation like this (or conversely the east when something happens in the west), is that the news in the other hemisphere is bound to be delayed, and at the mercy of translation; it goes with the territory.
I don't want to start a pissing match with anyone, because I think all of us want the same thing, and fear the same thing.
All I'm advocating is waiting on reliable information as things develop, and not to jump to any wild conclusions. If anyone's got vested interest in worrying, it's us here in Japan.
The problem for the west with a situation like this (or conversely the east when something happens in the west), is that the news in the other hemisphere is bound to be delayed, and at the mercy of translation; it goes with the territory.
I don't want to start a pissing match with anyone, because I think all of us want the same thing, and fear the same thing.
All I'm advocating is waiting on reliable information as things develop, and not to jump to any wild conclusions. If anyone's got vested interest in worrying, it's us here in Japan.
shawnce
Oct 29, 10:23 AM
I heard somewhere that the Clovertowns are actually slower than the Xeons, but with 2x as many cores will there be much difference?
We can't answer that question without knowing what you want to do with the system... it fully depends on the work loads you plan to throw at it. In some cases fewer faster cores makes sense in others more, even if slower (lower clocked), cores makes sense.
We can't answer that question without knowing what you want to do with the system... it fully depends on the work loads you plan to throw at it. In some cases fewer faster cores makes sense in others more, even if slower (lower clocked), cores makes sense.
�algiris
May 2, 09:34 AM
Any software for a Mac that says "MAC" in the title or in any documentation would already be suspect to me. Pretty much every person I have run across that thinks it is spelled in all caps as "MAC" has been a moron.
And just simply in general anti-virus software is useless on Mac, so why would anyone download and install any anti-virus, defender or scanner is above me.
And just simply in general anti-virus software is useless on Mac, so why would anyone download and install any anti-virus, defender or scanner is above me.
Blue Velvet
Mar 26, 02:37 PM
Ciaociao
If only.
If only.
Howdr
Mar 18, 12:22 PM
You could also man up and admit that at the heart of your argument - you don't like that you signed a contract that up until now - was just fine and dandy. Now that ATT wants to actually hold you and others responsible for an element of that contract that you think you are entitled to - you want to cry "illegal."
Good luck. ATT would be better off losing you as a customer rather than dealing with the, no doubt, obnoxious posts and calls into CSRs you will no doubt make.
with William Eggleston:
William Eggleston.
William Eggleston
william-eggleston
William Eggleston, Untitled
Good luck. ATT would be better off losing you as a customer rather than dealing with the, no doubt, obnoxious posts and calls into CSRs you will no doubt make.
joepunk
Mar 11, 06:19 PM
0014: Japan declares a state of emergency at the Fukushima-Daini power plant, where three of its reactors failed, the Associated Press reports. It says a state of emergency is already in place at the nearby Fukushima-Daiichi plant, where two reactors failed.
Bill McEnaney
Mar 27, 07:10 AM
Compared to the alternative, it certainly seems to be.
[source: human history]
Compared to what alternative?
[source: human history]
Compared to what alternative?
mac1984user
Apr 15, 10:03 AM
For those saying this is an anti-bullying video, I think you're kind of missing the point. No one believes bullying is magically going to go away. This video was more focused on reaching out to the victims of bullying and encouraging them to access social networks that can help them cope and it attempted to put this time in a young person's life in perspective. It encouraged them to continue on and realise things 'get better'. No one is trying to end bullying, however nice that would be.
faroZ06
May 2, 06:22 PM
About as huge as most windows ones!
No, I'd much rather be hit with this than some virus that comes in through an eMail and takes over my system.
No, I'd much rather be hit with this than some virus that comes in through an eMail and takes over my system.
Silentwave
Jul 13, 08:29 AM
I've been wondering about this too. Surely they have the source code (or most of it) written in a high level language, right? If I'm not totally mistaken, there shouldn't be that much more work involved than a re-compilation for x86. Even if some filters or other stuff are hand coded in assembler, they already have that code in x86-assembler in the Windows version.
Adobe is weird...but I think they have a lot more up their sleeve than just universal. I think they want it to run extremely well on intel macs, and perhaps continue work at the same time on making more of their features take advantage of quads.
Adobe is weird...but I think they have a lot more up their sleeve than just universal. I think they want it to run extremely well on intel macs, and perhaps continue work at the same time on making more of their features take advantage of quads.
Multimedia
Sep 26, 09:34 AM
Anyone know the current price of each 2.66GHz Woodcrest? I just got up and am too lazy to Google yet.
At $851 seems like the 2.33GHz Clovertown is not all thaat expensive.
Thanks Umbongo.
Woodcrest:
* Xeon DP 5150: 2.66 GHz, FSB1333, 4 MB L2 cache, $690
* Xeon DP 5160: 3.00 GHz, FSB1333, 4 MB L2 cache, $851
Clovertown:
X5355 2.66GHz 1333MHz 8MB $1172
E5345 2.33GHz 1333MHz 8MB $851
Wow only $161 more than the 2.66GHz Woodcrests for each 2.33GHz Clovertown or the same price as the current 3GHz Woodcrest. Man that looks like the Dual Clovertown will only cost no more the current $3.3k 3GHz Woodcrest - maybe even a little less if Apple wants to get aggressive with like $2999. That's $700-$1k less than I was expecting. Fantastic!
So for +$642 you would gain 2.66GHz in power or one more processor's worth of crunchability. :p
Now I'm getting seriously excited. Bring 'em on!
BTW Looks like Apple is way overcharging for the 3GHz Woodcrest upgrade. Only cost them $322 more - probably less off the published price list - yet they are asking for $800. That doesn't seem fair to me. Does it to you? I would think that $500 would be a more reasonable upgrade price for something that cost them about $300.
At $851 seems like the 2.33GHz Clovertown is not all thaat expensive.
Thanks Umbongo.
Woodcrest:
* Xeon DP 5150: 2.66 GHz, FSB1333, 4 MB L2 cache, $690
* Xeon DP 5160: 3.00 GHz, FSB1333, 4 MB L2 cache, $851
Clovertown:
X5355 2.66GHz 1333MHz 8MB $1172
E5345 2.33GHz 1333MHz 8MB $851
Wow only $161 more than the 2.66GHz Woodcrests for each 2.33GHz Clovertown or the same price as the current 3GHz Woodcrest. Man that looks like the Dual Clovertown will only cost no more the current $3.3k 3GHz Woodcrest - maybe even a little less if Apple wants to get aggressive with like $2999. That's $700-$1k less than I was expecting. Fantastic!
So for +$642 you would gain 2.66GHz in power or one more processor's worth of crunchability. :p
Now I'm getting seriously excited. Bring 'em on!
BTW Looks like Apple is way overcharging for the 3GHz Woodcrest upgrade. Only cost them $322 more - probably less off the published price list - yet they are asking for $800. That doesn't seem fair to me. Does it to you? I would think that $500 would be a more reasonable upgrade price for something that cost them about $300.
auero
Mar 18, 07:59 AM
I don't understand the ranting of why AT&T charges more to tether. Sprint and Verizon do it too? Just because your jailbreak method doesn't work anymore shouldn't make you mad. The system caught up to you. Yes it's stupid to pay for extra data but that's just how it is and people are still going to pay for it so complaining won't do anything.
I'm glad those people who are abusing the service and using 6+ gb of data so they can tether are finally getting the boot. It bogs down the network. Unlimited doesn't mean unlimited in the fine print either. It's the same on every network so don't blame AT&T.
I'm glad those people who are abusing the service and using 6+ gb of data so they can tether are finally getting the boot. It bogs down the network. Unlimited doesn't mean unlimited in the fine print either. It's the same on every network so don't blame AT&T.
gnasher729
Apr 21, 05:25 PM
You must live in a alternate univerise if think that Apple users are tech savy. You average user is very happy to have Apple control thier experience, ie they are techtards. And frankly owning an Apple product is the best thing for them, with a PC etc they will just get themselves into trouble.
As a professional software developer, I can assure you that among people of my profession, the majority use a Macintosh for their private use. In some related professions (product design) it's not the majority, it is everyone. And I'm not not talking about artsy-fartsy type, I am talking about designers who I seriously trust to design products that will pay for my salary for the next few years. In other related professions (QA) I have the impression that more of them use Macs, but that is more anecdotal.
As a professional software developer, I can assure you that among people of my profession, the majority use a Macintosh for their private use. In some related professions (product design) it's not the majority, it is everyone. And I'm not not talking about artsy-fartsy type, I am talking about designers who I seriously trust to design products that will pay for my salary for the next few years. In other related professions (QA) I have the impression that more of them use Macs, but that is more anecdotal.
adder7712
May 2, 10:24 AM
Still insignificant compared to Windows rogues.
Windows rogue do more to the system.
Hopefully, Chrome, Firefox and Opera users will be safe.
Windows rogue do more to the system.
Hopefully, Chrome, Firefox and Opera users will be safe.
bugfaceuk
Apr 9, 09:32 AM
So does that means you didn't like Jungle Hunt?
Or that millions don't play WOW.
Or that millions don't play WOW.