No, i have first hand knowlege of cloud clients and am not afraid to take the karma hit by posting the truth using my account, unlike you, basement dweller.
The problem is that Timothy is a link baiting
Apparently you think that the NSA can be blamed for increased competition in cloud services & nationalism pushing companies to use local solutions once alternatives were available.
there is no web server in a normal recent OSX installation.
I think you might be wrong. I'm looking at a Mavericks install in front of me. Only thing installed other than the base OS is ARD.
Delivering the binary on a default OSX installation doesn't make shellshock exploitable on OSX systems, it needs to be running, which it isn't on the vast majority of OSX systems. I've bolded the part of your own post where you admit that this isn't the case. Yeah, I had a brain fart and forgot to type "running" in "there is no web server", it doesn't change my point: No running web server on the vast majority of OSX devices means that shellshock isn't as severe for Macs as some have been saying.
No. In recent versions of IOS, Macs do not run local web servers. People have to add in a web server by themselves & very few do so. In your little corner of the world (assuming you do web development or some such), people may add a web server (through macPorts or the Server Application) but there is no web server in a normal recent OSX installation. Yeah, there is the niche of MacMinis that people use as servers where this is not true, but they are the tiny minority. Most Macs sold today are either Airs or MacBooks & very few people want to have a local web server or "other advanced unix services"* on them.
As for your comment on their being "rarely updated", that's rich given the antiquated, nay archaic RHEL servers often I see in datacenters on things like Cisco VOIP gear.
The people geeky enough to be aware of the attack so far are also probably aware of how to update bash all by themselves. Everyone else will be able to get the update shortly when Apple publishes a fix.
* As labeled by an Apple spokesperson.
No, all you said was "These are the guys who think Bluetooth is just for syncing with your computer.".
Still wrong, still ignorant.
Yeah, but that's not a remote exploit.
However, Ars was a little more informative: CUPS is apparently vulnerable and gives a remote exploit on OSX too...
For web servers that allow cgi scripting, yeah I see that it could be bad. I also noted the dhclient-script problem on Linux clients. However, I don't see this as being a major exploit for Macs (which run Web servers very rarely) & do not use the same dhcp-client mechanism as Linux & don't seem to be vulnerable.
If it's not remotely exploitable on OSX, even if the bug is present in the system bash, it's not as critical as some are trying to make it look.
Please correct me if I'm wrong with a remote exploit that works on Macs.
As far as I can see, the vulnerability is a remote exec for the following cases:
- Use of web server on the platform using CGI scripts
- For Linux devices that are configured to use DHCP, dhclient-script, a rogue DHCP server can pass in exploit code.
This is supposed to be worse than heartbleed which leaked the contents of system memory? OK for web servers I see the danger, but this doesn't seem to be a major exploit for people not running web servers & using fixed IPs.
Macs in particular rarely have web servers running on them & their DHCP client mechanism is different.
I'll "climb off my high horse" (stop pointing out that you are a blathering idiot making false statements) when you stop saying stupid shit.
I have no problem with criticism of Apple, Microsoft, Google, etc, when it is factual. Learn how Bluetooth works or STFU. Snort, uppity... Happens to you a lot doesn't it. You publicly jump to a false conclusion on a subject you know very little about and those around you start beating you with a clue stick. All those "uppity" people who actually take the time to learn about the subjects they talk about, pointing out again and again where & why you are wrong...
If your only incompatible BT devices are iDevices than you've visibly been exposed to very little BT kit.
Who was it that ignorantly & falsely stated "they are the guys who think Bluetooth is just for syncing with your computer.". You did.
Did this statement come from a wealth of experience? No, quite the opposite.
Did any research whatsoever go into it? No, you never even took the time to look up BT on Wikipedia.
Do you have any idea how BT works? No, that's much too much work. You expect things to just blindly work. If you were a doctor, you'd transfer blood to & from patients without typing & then blame those that died for some imaginary reason.
You think bluetooth profiles and chip design and different storage and ram types and battery technology and the plethora of other things that go into everyday devices are all the same, which only true in that they all have one thing in common: You understand none of it.
You are a fool. every post confirms it more & more.
Ahhhh, all becomes clear. You clearly have no idea what Bluetooth profiles are, are unaware that different telephone manufacturers use different profiles & ignorantly blame Apple for not implementing the BT profiles on some other non/PC/Mac device that you use.
The problem isn't with Apple but with the BT forum for allowing the plethora of incompatible BT profiles. As mobile devices are ressource constrained, each manufacturer chooses the BT profiles they support. PCs & Macs not having this problem, support pretty much all of them. Thus it is possible to transfer from BT devices to/from a PC/Mac as I have been doing for years, while being impossible to transfer between two different BT devices. Use of two devices from the same manufacturer will work (because they use the same BT profiles) but use of devices from different manufacturers often will not (different profiles).
The BT profile morass is what, in large part has made the use of BT devices a PITA as it is difficult to determine what profiles are are used in 2 devices spending hours debugging them & often discovering that they are incompatible. Each & every one of the devices is BT compliant, yet they cannot work together. It is no more Apple's fault for choosing profile X Y & Z than it is Motorola's for choosing A B & C & Lenovo's for choosing D E & F. Next time learn a little more about the subject before ignorantly criticizing Apple (or Motorola, or
Contrary to to the ignorant tripe you were spewing, general BT file transfers has been available on iOS since at least the 3GS but don't let that stop you from exposing your ignorance. I suppose we should judge your sanitary habits from back when you regularly dumped into your nappies, because like the iPhone it's not as if anything has changed in the meantime, right?
Oh, puhlease. Abraham Lincoln's must have been presciently thinking of you when he said: "Better to remain silent and be thought a fool than to speak out and remove all doubt."
I share my iPhone's 4G to my rMBP daily over bluetooth. Yet another use of bluetooth on iOS which directly contradicts your ignorant statements...
Given how many bluetooth accessories you can buy directly from Apple, claiming that Apple "are the guys who think Bluetooth is just for syncing with your computer", is wilfully ignorant.