RetouchPRO

RetouchPRO (http://www.retouchpro.com/forums/)
-   Software (http://www.retouchpro.com/forums/software/)
-   -   Operating system security vulnerabilities (http://www.retouchpro.com/forums/software/39749-operating-system-security-vulnerabilities.html)

plugsnpixels 12-03-2017 03:11 PM

Operating system security vulnerabilities
 
Here's an interesting site I discovered yesterday, listing past and current security vulnerabilities for various operating systems. You can do searches. Here's the list for macOS.

Search for Windows 10 and various flavors of Linux and see who comes out ahead!

andrewrodney 12-06-2017 05:53 PM

Re: Operating system security vulnerabilities
 
That site didn't generate much if any traction, for IMHO good reason, here:
http://forum.luminous-landscape.com/...711#msg1014711
Zero here, again I suspect for good reason.
Is there a reason for this?

plugsnpixels 12-06-2017 09:26 PM

Re: Operating system security vulnerabilities
 
Thanks Andrew, I'm actually primarily a Mac user (I support 400 of them in higher ed IT) but was surprised at the lists of items on those pages for not only macOS but Windows. I also tinker with Linux and was also surprised at the supposed lack of vulnerabilities there.

Other than that, others can do what they will with the info!

andrewrodney 12-07-2017 01:46 PM

Re: Operating system security vulnerabilities
 
As you've seen on LuLa, this site's reporting isn't getting traction for pretty obvious (to me and them) reasons. It isn't a system vulnerabilities when some dumb end user clicks on a link that loads malware.

http://forum.luminous-landscape.com/...493#msg1015493

You say you support 400 Macs. How many have been infected by these vulnerabilities?

plugsnpixels 12-07-2017 01:49 PM

Re: Operating system security vulnerabilities
 
None of course! Our biggest problem is phishing attempts, which of course is unrelated.

The point of the original post was an FYI/fun fact. No other agenda.

andrewrodney 12-07-2017 02:01 PM

Re: Operating system security vulnerabilities
 
Quote:

Originally Posted by plugsnpixels (Post 334001)
None of course! Our biggest problem is phishing attempts, which of course is unrelated.
The point of the original post was an FYI/fun fact. No other agenda.

The part about fun/facts is somewhat questionable. The part about your experience with 400 Mac's much more useful IMHO.

plugsnpixels 12-07-2017 02:52 PM

Re: Operating system security vulnerabilities
 
Actually, I don't often stress over Mac security, but our Information Security officer does. Recent email from him:

"Apple macOS High Sierra Vulnerability
A new macOS High Sierra security vulnerability has been discovered that enables attackers to log into your Mac computer without a password. If you are currently a macOS High Sierra user, please update to the latest software immediately."

andrewrodney 12-07-2017 02:54 PM

Re: Operating system security vulnerabilities
 
Quote:

Originally Posted by plugsnpixels (Post 334003)
"Apple macOS High Sierra Vulnerability
A new macOS High Sierra security vulnerability has been discovered that enables attackers to log into your Mac computer without a password. If you are currently a macOS High Sierra user, please update to the latest software immediately."

And a well thought out comment about this issue on LuLathat was fixed rather quickly:

Apple's recent problem with an open root account is only accessible if you have physical access to the machine, for example. It's extremely serious if exploited (if you get in as root, you can do literally anything), but in many environments, it's impossible to exploit. A Mac in a home-based photo studio isn't vulnerable at all, because nobody would be in there. On the other hand, it's a disastrous vulnerability in a university computer lab where hundreds of people have physical access.
The opposite extreme is represented by the recent spate of web pages that run cryptocurrency mining operations in the background. The consequences aren't all that severe - your computer uses a little extra electricity until you quit your browser, but it's a really easy vulnerability to exploit - any web ad can do it.

plugsnpixels 12-07-2017 03:10 PM

Re: Operating system security vulnerabilities
 
Speaking of our computer labs, thankfully I still have them on Sierra and this issue did not become a problem. I can imagine some students having read about the password bypass then giving it a try.

We have had a number of key-logger USB stick attempts with our lab PCs, FWIW.

Anyway, I'm not sure what we're "arguing" about. I too am a Mac fan so I am not bashing macOS by any means. I saw the vulnerability list web pages for the three main OS's, thought it interesting, and put the word out FWIW.

Whether these potential exploits ever actually come to pass on anyone's system, I don't know, but I assume the potential is there, thus the lists are provided and maintained for anyone interested. In IMO, each OS developer should be striving to get their list down to as close to zero as possible.

andrewrodney 12-08-2017 11:50 AM

Re: Operating system security vulnerabilities
 
Quote:

Originally Posted by plugsnpixels (Post 334005)
Speaking of our computer labs, thankfully I still have them on Sierra and this issue did not become a problem.

And I have to suspect, you're students don't have the root password.


All times are GMT -6. The time now is 05:35 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright 2016 Doug Nelson. All Rights Reserved