Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Careful, Your Bias is Showing

Online flamefests, arguments, and other disagreements don't need much to start them off, especially if their root division goes back many years. A poor quote from an source, that was repeated in a Washington Post blog, started a mini flamewar over the relative security of OS X, Linux and Windows systems. It was in response to a comment by an Information Security company that they had observed OS X and Linux systems as part of some botnets that they were tracking. This implied that there was some vulnerability that was being exploited to add these systems to the botnet and it started readers scrambling to uncover what the exploit was. Not only is an OS X or a Linux exploit that can be remotely controlled rare, one that extends across all platforms is even more rare. The lack of corroborating evidence from elsewhere in the column and elsewhere on the Internet only added fuel to the eventual flamefest.

The backlash against the Washington Post blogger was such that he had to produce a new column to address the vitriol that his earlier entry had prompted. More investigation showed that the worm / vulnerability was exploiting known historical vulnerabilities in various PHP applications which could pass control of vulnerable systems to the remote attacker. Based on a flaw which gained publicity in July 2005 after first being found in 2003, and which had public exploit code issued in November 2005, it had been known for some time that a worm was targeting Linux and equivalent systems, looking to control them in a botnet. It had even been previously dubbed a Linux specific worm.

Where these claims and reports had gone wrong was in their bias, intentional or otherwise. Whether it was due to a rush to report, not knowing the technology behind what they were reporting, or some other reason, the readiness to pin a cross platform worm onto one or two platforms failed to recognize that all platforms were equally at risk - that the worm exploited software that behaved the same on all platforms.

Supporters of OS X and some of the other non-Windows platforms pointed out that the Operating System they were defending was not vulnerable to this issue in its default configuration (i.e. no web server running, no PHP support even if it was running, or some combination thereof), and that specific actions had to be taken by the victim to even become vulnerable to this worm.

A Second OS X Issue

This was not the only mini flame-war to erupt about purported vulnerabilities with OS X. An independent security researcher publicly posted an example of an image which causes a crash of any application which was using specific ImageIO functionality to display it. This list includes Safari, Preview, Finder, and other default inclusions in the OS X 10.4 install. Unfortunately for OS X 10.4 users, the technical description of what the issue is is contained on the same page that holds the image (although other sites now hold the news). At this stage the issue only affects Tiger (10.4), leaving users of OS X 10.3.9 safe. A number of other sites picked up on the news and there were the expected arguments about OS X vs Windows and Linux and Safari vs Firefox and Internet Explorer. Users are hoping that it is only a matter of time until Apple can resolve the issue.

3 April 2006

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.