warning incoming fanboy comments
When an online identity (group of identities) known as InfoSec Sellout made grand claims of a proof of concept worm, dubbed Rape.osx, that targets OS X, it led to a lot of heated argument and drama - including anonymous death threats and an accidental deletion of their blog. While there has still been no external proof of their …
warning incoming fanboy comments
... is hardly a feature to be concerned about losing anyway from a security standpoint, so however you look at it the gossip is doing a lot of people a lot of good.
There is absolutely no threat as long as the computer it is running on is kept switched off.
Hands up, what security minded person doesn't automatically turn off uPNP support in their gateways ?
It's bad enough that someone thought it a good idea to allow any arbitrary device on a network to make it's own inbound access rules, but doubly bad when some vendors then turn it on by default ! uPNP has no place in a secure network - end of story. So as someone else has already said, the fact that t's been turned of is good news.
Apple have never really seemed to like uPnP anyway. They have their own technologies which they prefer. So I guess it shouldn't be hugely surprising... Though you wouldn't usually see a company just abandon a feature, even one as little used as this.
They seem to be nothing more than extortionists. Although it appears that they have, for the moment, disappeared from the face of the Earth. Windows apologists just shrug their shoulders and wait for the next Patch Tuesday (and Zero-Day Wednesday). Apple apologists go out and buy guns and knives. They take their OS seriously. And imagine their reaction if God, erh Jobs were to be slammed.
Seriously, how many times has Apple had to issue patches for OSX? How many times has MS had to issue patches for 2K/XP/Vista?
Linux phanboi. Linus is God.
So, of the first 3 posts here, 2 anti-fanboy posts appear. Kinda predictable and sad. So far no fanboy responses, just people pointing out that uPnP is bloody stupid - which it is.
Turning off functionality rather than fixing it an odd way of dealing with a problem? Ever heard of NETBIOS?
"Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat ... This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat."
"Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Mac OS X implementation of mDNSResponder ... This update addresses the issue by removing UPnP IGD support."
UPnP IGD support is removed only for mDNSResponder ... which provides packet destination resolution for iChat and other similar peer-to-peer services (on NAT'd networks).
Welcome to the real world, Apple! Now that you're finally getting a little press, you can expect a lot more attention from everyone, including snarks. Congratulations! You'll get plenty of opportunity to demonstrate the superior security of OSX in the coming months/years. Looking forward ...
IF Microsoft disabled a feature, even if it was dangerous, they would be slammed for "controlling".
IF apple does it, it's a FEATURE...
If Microsoft disabled every feature that was a security risk everyone would be running DOS...