[Bug 19998] The non-appearance of Polygon graphics in LC

Thu Jul 12 01:32:13 EDT 2018

Well, aren't I glad I don't run an American business. 8-)

I just run an EFL school that is not dependent on computers connected to 
the interweb

and do funny things with Sanskrit.

Richmond.

On 12/7/2018 3:54 am, Richard Gaskin via use-livecode wrote:
> Bob Sneidar wrote:
>
> > On Jul 11, 2018, at 13:43 , Richard Gaskin wrote:
> >> When a computer's OS no longer receives critical patches for known
> >> exploits, it's no longer safe to use.
> >
> > I think it depends on what you use it for.
>
> True. If you unplug the power and use it as a doorstop, it's 
> completely safe. Anything else involves varying degrees of risk. :)
>
> Running outdated software is one of the leading reasons 80% of 
> American businesses have experienced at least one form of hack or 
> another.
>
>
> > I have yet to see a MacOS "exploit" that didn't require the end user
> > do something they ought not to do, and/or authenticate an action they
> > didn't initiate. And by exploit, I mean access the OS via network
> > protocol and bypass protections in place to prevent it without user
> > action or intervention.
>
> That's true of most OSes.  But look deeper.  They're rarer, but they 
> exist.
>
> And even those that require user action, those actions may seem 
> innocuous to many users who do not understand the implications, or can 
> use exploits in other software to gain elevated privileges which can 
> then be used with exploits requiring admin.
>
> The deeper you look, the murkier things get.
>
> Sometimes even authentication itself becomes vulnerable:
>
>    Passwords are stored in the Mac's Keychain, which typically
>    requires a master login password to access the vault.
>
>    But Wardle has shown that the vulnerability allows an attacker
>    to grab and steal every password in plain-text using an unsigned
>    app downloaded from the internet, without needing that password.
> <https://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack/> 
>
>
> And we can't forget everyone's favorite, the Meltdown flaw in Intel 
> chips like those in systems that run macOS 10.7:
> <https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/> 
>
>
> A partial list of vulnerabilities specific to macOS 10.7.5 is here:
> <https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/version_id-143035/Apple-Mac-Os-X-10.7.5.html> 
>
>
> That list contains only OS vulnerabilities; other searches can turn up 
> additional vulnerabilities against the versions of Safari, Apache, 
> rsync, and other programs included in the system which have their own 
> lengthy lists of known vulnerabilities.  Combining vulnerabilities 
> multiplies threats.
>
> Consider which of the 900+ CVEs against Safari may be used in 
> combination with other exploits:
> <https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-2935/Apple-Safari.html> 
>
>
>
> Ultimately, security is a matter of subjective sense of comfort. The 
> sort of person who goes into the shopping mall with they keys left in 
> their car will probably feel right at home running an OS where the 
> only system patches are being delivered by organized crime rings and 
> hostile nation state actors.
>
> After all, not every car with the keys left in it gets stolen, so why 
> not? ;)
>