tag:blogger.com,1999:blog-37798047.post8639342018225886460..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: New RTSP Quicktime flaw affects both OSX and WindowsDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-37798047.post-57828670193893006302007-11-27T04:25:00.000-05:002007-11-27T04:25:00.000-05:00I'd be interested to hear your opinion on the subj...<B>I'd be interested to hear your opinion on the subject... (of Mac's ASLR)</B><BR/><BR/>Apple doesn't implement ASLR in Leopard as they claim.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-60980557248357336102007-11-26T19:37:00.000-05:002007-11-26T19:37:00.000-05:00Good point though, ASLR is not exactly cutting edg...Good point though, ASLR is not exactly cutting edge anymore and it's amazing that Apple has been so slow to adopt it, even while their marketing lambasts Microsoft's security track record despite the tremendous strides they've taken recently.<BR/><BR/>I definitely dig what Apple is doing for usability, but it'd be nice if they approached security with that same level of rigor.<BR/><BR/>On a related note, have you done any testing of ASLR usage or lack of usage in Leopard's base apps, and other recent apple apps? (Specifically iLife, iWork, etc.. the stuff most likely to be on Leopard machines.)<BR/><BR/>I'm sure you're already seen Thomas Ptacek's first impressions of Leopard security over on the Matasano blog, but he doesn't discuss ASLR much.. seems he's not sold on it's merits. I'd be interested to hear your opinion on the subject...Jeffhttps://www.blogger.com/profile/12628898666489070125noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-3831712069932245542007-11-26T19:27:00.000-05:002007-11-26T19:27:00.000-05:00Indeed, its been corrected.Indeed, its been corrected.David Maynorhttps://www.blogger.com/profile/09921229607193067441noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-46181796036389546472007-11-26T19:18:00.000-05:002007-11-26T19:18:00.000-05:00Just a minor nit, and doesn't really negate any of...Just a minor nit, and doesn't really negate any of your criticisms, but 10.5 is leopard, not tiger.r).Jeffhttps://www.blogger.com/profile/12628898666489070125noreply@blogger.com