Forgot your password?
typodupeerror

Comment: Re:Briefing for management - reuse with attributio (Score 1) 318

by phayes (#48007377) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

there is no web server in a normal recent OSX installation.

I think you might be wrong. I'm looking at a Mavericks install in front of me. Only thing installed other than the base OS is ARD. /usr/sbin/httpd is there, and when run it attaches to port 80.

Delivering the binary on a default OSX installation doesn't make shellshock exploitable on OSX systems, it needs to be running, which it isn't on the vast majority of OSX systems. I've bolded the part of your own post where you admit that this isn't the case. Yeah, I had a brain fart and forgot to type "running" in "there is no web server", it doesn't change my point: No running web server on the vast majority of OSX devices means that shellshock isn't as severe for Macs as some have been saying.

Comment: Re:Briefing for management - reuse with attributio (Score 1) 318

by phayes (#48001203) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

No. In recent versions of IOS, Macs do not run local web servers. People have to add in a web server by themselves & very few do so. In your little corner of the world (assuming you do web development or some such), people may add a web server (through macPorts or the Server Application) but there is no web server in a normal recent OSX installation. Yeah, there is the niche of MacMinis that people use as servers where this is not true, but they are the tiny minority. Most Macs sold today are either Airs or MacBooks & very few people want to have a local web server or "other advanced unix services"* on them.

As for your comment on their being "rarely updated", that's rich given the antiquated, nay archaic RHEL servers often I see in datacenters on things like Cisco VOIP gear.

The people geeky enough to be aware of the attack so far are also probably aware of how to update bash all by themselves. Everyone else will be able to get the update shortly when Apple publishes a fix.

* As labeled by an Apple spokesperson.

Comment: Re:Briefing for management - reuse with attributio (Score 1) 318

by phayes (#47996895) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

For web servers that allow cgi scripting, yeah I see that it could be bad. I also noted the dhclient-script problem on Linux clients. However, I don't see this as being a major exploit for Macs (which run Web servers very rarely) & do not use the same dhcp-client mechanism as Linux & don't seem to be vulnerable.

If it's not remotely exploitable on OSX, even if the bug is present in the system bash, it's not as critical as some are trying to make it look.

Please correct me if I'm wrong with a remote exploit that works on Macs.

Comment: Re:USER-AGENT (Score 2) 318

by phayes (#47996783) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

As far as I can see, the vulnerability is a remote exec for the following cases:
- Use of web server on the platform using CGI scripts
- For Linux devices that are configured to use DHCP, dhclient-script, a rogue DHCP server can pass in exploit code.

This is supposed to be worse than heartbleed which leaked the contents of system memory? OK for web servers I see the danger, but this doesn't seem to be a major exploit for people not running web servers & using fixed IPs.

Macs in particular rarely have web servers running on them & their DHCP client mechanism is different.

Comment: Re:NFC isn't used for just payment (Score 1) 336

by phayes (#47978867) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

I'll "climb off my high horse" (stop pointing out that you are a blathering idiot making false statements) when you stop saying stupid shit.

I have no problem with criticism of Apple, Microsoft, Google, etc, when it is factual. Learn how Bluetooth works or STFU. Snort, uppity... Happens to you a lot doesn't it. You publicly jump to a false conclusion on a subject you know very little about and those around you start beating you with a clue stick. All those "uppity" people who actually take the time to learn about the subjects they talk about, pointing out again and again where & why you are wrong...

Comment: Re:NFC isn't used for just payment (Score 1) 336

by phayes (#47970475) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

If your only incompatible BT devices are iDevices than you've visibly been exposed to very little BT kit.
Who was it that ignorantly & falsely stated "they are the guys who think Bluetooth is just for syncing with your computer.". You did.
Did this statement come from a wealth of experience? No, quite the opposite.
Did any research whatsoever go into it? No, you never even took the time to look up BT on Wikipedia.
Do you have any idea how BT works? No, that's much too much work. You expect things to just blindly work. If you were a doctor, you'd transfer blood to & from patients without typing & then blame those that died for some imaginary reason.

You think bluetooth profiles and chip design and different storage and ram types and battery technology and the plethora of other things that go into everyday devices are all the same, which only true in that they all have one thing in common: You understand none of it.

You are a fool. every post confirms it more & more.

Comment: Re:NFC isn't used for just payment (Score 1) 336

by phayes (#47967283) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Ahhhh, all becomes clear. You clearly have no idea what Bluetooth profiles are, are unaware that different telephone manufacturers use different profiles & ignorantly blame Apple for not implementing the BT profiles on some other non/PC/Mac device that you use.

The problem isn't with Apple but with the BT forum for allowing the plethora of incompatible BT profiles. As mobile devices are ressource constrained, each manufacturer chooses the BT profiles they support. PCs & Macs not having this problem, support pretty much all of them. Thus it is possible to transfer from BT devices to/from a PC/Mac as I have been doing for years, while being impossible to transfer between two different BT devices. Use of two devices from the same manufacturer will work (because they use the same BT profiles) but use of devices from different manufacturers often will not (different profiles).

The BT profile morass is what, in large part has made the use of BT devices a PITA as it is difficult to determine what profiles are are used in 2 devices spending hours debugging them & often discovering that they are incompatible. Each & every one of the devices is BT compliant, yet they cannot work together. It is no more Apple's fault for choosing profile X Y & Z than it is Motorola's for choosing A B & C & Lenovo's for choosing D E & F. Next time learn a little more about the subject before ignorantly criticizing Apple (or Motorola, or ...).

Comment: Re:NFC isn't used for just payment (Score 1) 336

by phayes (#47951477) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Contrary to to the ignorant tripe you were spewing, general BT file transfers has been available on iOS since at least the 3GS but don't let that stop you from exposing your ignorance. I suppose we should judge your sanitary habits from back when you regularly dumped into your nappies, because like the iPhone it's not as if anything has changed in the meantime, right?

Comment: Re:NFC isn't used for just payment (Score 1) 336

by phayes (#47940169) Attached to: Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Oh, puhlease. Abraham Lincoln's must have been presciently thinking of you when he said: "Better to remain silent and be thought a fool than to speak out and remove all doubt."
http://support.apple.com/kb/PH...
http://support.apple.com/kb/HT...

I share my iPhone's 4G to my rMBP daily over bluetooth. Yet another use of bluetooth on iOS which directly contradicts your ignorant statements...

The relative importance of files depends on their cost in terms of the human effort needed to regenerate them. -- T.A. Dolotta

Working...