| rss2email.ru | На что подписаться? | Управление подпиской |
 The Apple BlogThe Apple Blog, published by and for the day-to-day Apple user, is a prominent source for news, reviews, walkthroughs, and real life application of all Apple products. http://theappleblog.com другие подписчики этой ленты также читают >> |
- iPhone & The Enterprise
By now, you’ve seen the announcement of the March 6th iPhone announcement (which better be more than discussing a future announcement since that’s already two pointer de-references we have to manage). While I am – and many other and far more capable developers are also – eagerly awaiting the SDK release, the promise of “exciting new enterprise features” has me a bit more than intrigued. As it stands, the iPhone has quite a long way to go before it can weave it’s way – officially – into corporate IT standards. Adding support for third-party applications is one checkbox ticked, but what are the remaining “must-have” features for enterprise adoption?
Tags: Commentary, enterprise, Hardware, iphone, security
(more…)
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/02/27/iphone-the-enterprise/#comments - Remote Denial of Service For OS X (Leopard)
Given the large amount of “feedback” I receive from many venues on why I’m crazy for suggesting that OS X users employ some type of client-side security software, I wanted to point out a very recent exploit that I saw over at Joel Esler’s blog. The vulnerability is around the IPv6 networking layer of the underlying BSD operating system. Here’s the code:
ORIGINAL
md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
if (!m) {WHAT IT SHOULD HAVE BEEN
md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
if (!md) {A one character difference in source code in an open source component trickled it’s way up to our shiny new operating system.
Anti-virus software won’t help you on this one (and I’m sure someone will point that out and continue to defend the lack of need for client security), but it provides a clear example of how coding errors in the operating system can – and will – be exploited, which is a strong enough reason to put up defenses in other areas. Again, it’s completely based on your risk appetite and there is a contingent of OS X users that swear by the notion of not investing in security until there is overt reason to. This example should prod some of those folks to start thinking more about how vulnerable their invulnerable systems really are.
The problem exists only in the IPv6 networking layer, and – since most folks do not need IPv6 enabled – you can disable IPv6 in each of the network interfaces in your Network System Preferences to give yourself a bit of protection. Here’s an example of that via the Airport configuration panel:
Apple should be fixing this in the next security update.
More info on the exploit: Secunia, InformationWeek, digit labs
Tags: Commentary, Development, exploit, leopard, networking, os-x, security, Software
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/02/27/remote-denial-of-service-for-os-x-leopard/#comments - Unsanity APE & Leopard
It came to my attention recently - read: I’ve been checking - that Unsanity has, finally bumped at least some of their haxies to Leopard compatible versions. Many people, myself included, have been bemoaning the loss of such tools as WindowShade X, FruitMenu, and most especially ShapeShifter since their upgrades to the latest big cat. All of these hacks require Unsanity’s Application Enhancer, and there, evidently, is where the problems appeared. Without a functioning Application Enhancer, all the other shiny toys vanish.
Probably more famous, though perhaps more erratic, were those affected by Leopard and Application Enhancer’s incompatibility in a much more severe way - all those with broken 10.5 installs as a result of APE. This update - to 2.5b, from 2.0.3 - purports to have fixed the issues that originally caused those problems. The accompanying blog entry, though, takes pains to point out that those same problems had already been fixed as of 2.0.2, released a year before Leopard.
Said blog entry is also quite interesting in its discussion of what APIs Application Enhancer - and other similar tools - access, and what the changes were in Leopard that broke them. While interesting in itself, this also really gives a nod to the amount of work that surely still remains to be done on the heavier apps, like ShapeShifter, and the amount of work that’s already been done to get this far.
And the updates are: Application Enhancer 2.5b, the SDK for the same, SmartCrashReports 1.5b2, FontCard 1.5.1b1, MenuMaster 1.4.3b1, Silk 2.1.4b1, FruitMenu 3.7b1, and WindowShade X 4.2b1.
Tags: application enhancer, beta, leopard, News, Software, unsanity
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/02/27/unsanity-ape-leopard/#comments - Close But No Remote Disc
The Apple TV's new found friends may have brought it up to par with several of its competitors, but does it compare to Apple's own standards?
With a completely redesigned UI and a slew of new features, the Apple TV seems a new breed of set top box. One, oddly enough, in the same packaging we've seen for the past year.
Tags: apple-tv, Commentary, functionality, future, Hardware
(more…)
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/02/19/close-but-no-remote-disc/#comments
| rss2email.ru | отписаться: http://www.rss2email.ru/unsubscribe.asp?c=6893&u=24004&r=311667163 управлять всей подпиской: http://www.rss2email.ru/manage.asp |
