or Connect
AppleInsider › Forums › General › General Discussion › In short: SEC exonerates Apple, Quicktime hack, iQuiz, more
New Posts  All Forums:Forum Nav:

In short: SEC exonerates Apple, Quicktime hack, iQuiz, more

post #1 of 17
Thread Starter 
US officials have signaled the all-clear for Apple in its long-standing options trouble; meanwhile, a Mac hacking contest has unearthed a potentially volatile QuickTime flaw, and Apple has released its least expensive iPod game to date.

SEC drops options charges as goodwill gesture

While former Apple CFO Fred Anderson earlier today went to great expense to avoid facing US government charges, his previous employer won't be forced into the same dilemma, the Securities and Exchange Commission said Tuesday afternoon.

The SEC has issued an official statement that effectively wipes the slate clean for Apple and its problematic stock option grants, saying that the company's eagerness to make amends left little reason to consider punishment.

"Apple's cooperation consisted of, among other things, prompt self-reporting, an independent internal investigation, the sharing of the results of that investigation with the government, and the implementation of new controls designed to prevent the recurrence of fraudulent conduct," the release said.

The only outstanding issue appears to be Apple's prior legal counsel Nancy Heinen, who still faces charges from the US federal agency.

MacBook hacking contest exposes QuickTime hole

Despite the relief in its finances, however, Apple this week was given grief by a serious breach of its QuickTime media player's security.

A hacking contest late last week at the Vancouver, Canada-based CanSecWest Expo dented the Mac maker's comparatively clean record on zero-day exploits when two experts from Matasano Security successfully breached the OS and gave themselves user-level access to the fully patched Apple operating system.

Achieving the feat earned the first expert, Shane Macaulay, the very MacBook Pro he had defeated while his mentor, Dino Dai Zovi, secured $10,000 as part of a separate prize.

The exploit functions courtesy of a previously unknown flaw in the way QuickTime handles Java code, Matasano says. Malicious code sent through the web plugin for the Apple software can reportedly expose any system to potential attacks -- regardless of whether they run Mac OS X or Windows using any web browser, the security firm notes.

Until Apple develops a more permanent fix, users can close off the hole altogether by disabling Java. No instances of the attack method have yet to be found outside of the contest.

Apple posts iQuiz game in iTunes

Wasting little time in validating an earlier leak, Apple on Tuesday posted a new game for fifth-generation iPods in the iTunes Store.

Though basically a graphically enhanced version of the built-in Music Quiz with trivia sharing features, iQuiz is notable as one of the first games to break Apple's previously unshakable $5 price point for games, available through both the American and Canadian stores for just 99 cents.

The game is also available in France, the source of the leak, as well as the other countries which currently host iTunes online stores.

Study: online music soars, world overtaking US

Online music downloads should at last be reaching the turning point where they benefit music labels, according to new Strategy Analytics research obtained by AppleInsider.

The analyst group expects worldwide direct-download music revenues to blossom by 62 percent in 2007 to $2.7 billion, finally restoring the profit-making that has been lost in the decline of CDs. That number is set to more than double by 2011 and could reach $6.6 billion, according to estimates. A steadily increasing portion of that figure is likely to stem from sources outside the US and should ultimately eclipse Americans in those same four years.

Significantly, Apple's price jump to $1.29 for DRM-free singles isn't seen as a catalyst and could in fact be replaced with a far more consistent business model.

"The recent move by EMI and Apple to drop DRM from premium tracks will produce a temperate increase in single track download revenues in the short to mediums [sic] term," said Strategy Analytics' Martin Olausson. "However, long term revenue growth will come from hybrid subscription based services."
post #2 of 17
Quote:
Originally Posted by AppleInsider View Post

Until Apple develops a more permanent fix, users can close off the hole altogether by disabling Java.

And this is one reason I have always kept Java turned off in all my browsers. I only turn it on when I absolutely, positively need it for a site I trust, which is once in a blue moon.
post #3 of 17
Just watched CNBC and they announced the SEC said the case is closed and no action will be taken.
post #4 of 17
Quote:
Originally Posted by Kolchak View Post

And this is one reason I have always kept Java turned off in all my browsers. I only turn it on when I absolutely, positively need it for a site I trust, which is once in a blue moon.

The flaw is in in the way QuickTime handles Java. Turning Java off to cover an edge case makes for a paranoid mind.

Java 6 hasn't finished its release status with OS X but I haven't run into any hiccups related to QuickTime via Safari ala WebKit.
post #5 of 17
There was a Quicktime, for Windows, exploit that was affecting MySpace users awhile back. It is looking like QT is becoming Apple's achilles heal for security.

Maybe Apple should adopt Windows Media Player 11.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #6 of 17
Quote:
Originally Posted by solipsism View Post

There was a Quicktime, for Windows, exploit that was affecting MySpace users awhile back. It is looking like QT is becoming Apple's achilles heal for security.

Maybe Apple should adopt Windows Media Player 11.


blasphemer!!!!
post #7 of 17
Quote:
Originally Posted by AppleInsider

The SEC has issued an official statement that effectively wipes the slate clean for Apple and its problematic stock option grants, saying that the company's eagerness to make amends left little reason to consider punishment.

"Apple's cooperation consisted of, among other things, prompt self-reporting, an independent internal investigation, the sharing of the results of that investigation with the government, and the implementation of new controls designed to prevent the recurrence of fraudulent conduct," the release said.

Thank **** for that! Finally some resolve for this ongoing, mind-numbing issue.
Citing unnamed sources with limited but direct knowledge of the rumoured device - Comedy Insider (Feb 2014)
Reply
Citing unnamed sources with limited but direct knowledge of the rumoured device - Comedy Insider (Feb 2014)
Reply
post #8 of 17
But if you read the article, they could not gain access to the machine the first day. They had to relax the rules so they could get in. I'm still not tooo worried, yet....
post #9 of 17
It's nice to see that cheap iPod game for 99¢. I hope it will make Apple realize thaat their other games are way overpriced.

-tj
post #10 of 17
Quote:
Originally Posted by tomozj View Post

It's nice to see that cheap iPod game for 99¢. I hope it will make Apple realize thaat their other games are way overpriced.

-tj

If you look at the price of games for a cell phone, iPod games are a bargain. Pac-Man, Ms. Pac-Man, and Zuma for my Verizon phone each cost $3.49 for a montly subscription or $6.99 to actually own them. In comparison, the iTunes Store's $4.99 price seems like a good deal.

I plunked down the 99 cents for iQuiz, and I'd say that's about what it's worth. It's an interesting way to waste a few minutes, but the current question sets are way too small for any lasting enjoyment. I could see it making an interesting learning tool for students though if teachers created question sets for their lessons and posted them online for students to download.

I just don't understand what the hold up is in getting games for the iPod. Is it Apple's need for complete control that is making it take so long? Since games were introduced only 4 have been added. I'd like a nice turn-based RPG on the iPod. The iPod is well suited for it; I'm not a big fan of the series, but even a Final Fantasy port would be nice. Or maybe if Apple just opened it up for 3rd parties to create games without needing to have them go through the iTunes Store. And it seems pretty clear from iQuiz that the iPod could be used for just general purpose apps, not necessarily just games.
post #11 of 17
Quote:
Originally Posted by xsmi View Post

But if you read the article, they could not gain access to the machine the first day. They had to relax the rules so they could get in. I'm still not tooo worried, yet....

Perhaps but the rules are not clearly stated in any internet article I have read. Also, in one article one of the hackers was quoted as implying that they had gained root access. From the Computerworld article,

"the URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Di Zovie used it to open a back door that gave him access to anything on the computer, Comeau said."
post #12 of 17
Quote:
Originally Posted by solipsism View Post

There was a Quicktime, for Windows, exploit that was affecting MySpace users awhile back. It is looking like QT is becoming Apple's achilles heal for security.

Maybe Apple should adopt Windows Media Player 11.

(Grabs the pitchforks and burning torches)
..... the greatest fame comes from adding to human knowledge, not winning battles.
Paraphrased from Napolean Bonaparte, 1798
Reply
..... the greatest fame comes from adding to human knowledge, not winning battles.
Paraphrased from Napolean Bonaparte, 1798
Reply
post #13 of 17
AI goes escapading again in its classic "Drama Queen"-esque manner...

The "Hack a Mac" contest that AI mentioned had been ongoing for two days before the rules were GREATLY relaxed: Instead of just being a unit connected to a wireless network, they added that the computer would open any link sent in an e-mail.

This does not represent a realistic situation because informed users will not open e-mails from people they don't know, and they especially won't follow URLs. The only people this exploit could affect are "average users."

Average users are idiots who will click on links in e-mails titled "hehehe this site is sooooooo cute: Kitties!" without hovering over the link to see that the site actually leads to http://125.231.52.666/fck-ur-mother.virus

You can't hold Apple accountable for idiots.

I don't want you to think I'm pro-hacker or anything, because I'm not. I *do* think that Apple should fix any and all exploits that are discovered. The only part I disagree with is AI's attitude. It sounds like you think the sky was falling because of a single QT exploit; one that *can* be avoided by using caution.

Are there more exploits? Yes, it's likely. Do they need to be fixed? Of course. Should Apple be chastized for their existence? No, not when they are exploits that can be avoided.

The point is that computer experts worked all day for two days working to find an external crack to the OS. One was not to be found (not to say they don't exist, because some likely do). I highly doubt the same could be said about a Windows PC. For a platform that is being run by 95% of the computer-using population, that is scary!

To say that a Mac can be exploited by a user who will click any link that comes through an e-mail is not saying much.

Dial down the drama, AI.

-Clive
My Mod: G4 Cube + Atom 330 CPU + Wiimote = Ultimate HTPC!
(Might I recommend the Libertarian Party as a good compromise between the equally terrible "DnR"?)
Reply
My Mod: G4 Cube + Atom 330 CPU + Wiimote = Ultimate HTPC!
(Might I recommend the Libertarian Party as a good compromise between the equally terrible "DnR"?)
Reply
post #14 of 17
Thanks for the clarification, Clive.
post #15 of 17
It's easier to ask for forgiveness than to ask for permission.

Way to go, Apple...stinkers.
Living life in glorious 4G HD (with a 2GB data cap).
Reply
Living life in glorious 4G HD (with a 2GB data cap).
Reply
post #16 of 17
Quote:
Originally Posted by tomozj View Post

It's nice to see that cheap iPod game for 99¢. I hope it will make Apple realize that their other games are way overpriced.

I think I'll put you in the whiner category. Seriously. There's not much perspective in your post.

For example, Bejeweled for Mac or PC is $12-$20. If it's Bejeweled for phone is about $7, more or less depending on the provider. If it was on GBA, it would probably be $20. Bejeweled on iPod is $5. The only way to get cheaper on any platform is to "borrow" a copy, buy it used or hope you can find it in the bargain bin, and those options really don't count as a worthwhile argument.

This quiz program looks to be an improvement on what is already in the iPod, not a game that's totaly new to iPod.
post #17 of 17
Kudos to physguy for posting this link in response to my question posed to developers in a companion thread today.

http://www.roughlydrafted.com/RD/RDM...BFA442BED.html

Here's the opening line from that article.

The CanSecWest PWN to Own Mac break in contest that IDGs InfoWorld failed to accurately cover was picked up and regurgitated by many sites that reveled in repeating the same myths, but failed to actually point out what really happened.

Among other things, the link clarifies what really happened at the CanSecWest "Hack-a-Mack" contest and explains the ensuing internet journalistic fiasco.

It is very disappointing that AI did not provide such clarity today when it reported on this topic.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › In short: SEC exonerates Apple, Quicktime hack, iQuiz, more