[Bug 19998] The non-appearance of Polygon graphics in LC
richmondmathewson at gmail.com
Thu Jul 12 01:32:13 EDT 2018
Well, aren't I glad I don't run an American business. 8-)
I just run an EFL school that is not dependent on computers connected to
and do funny things with Sanskrit.
On 12/7/2018 3:54 am, Richard Gaskin via use-livecode wrote:
> Bob Sneidar wrote:
> > On Jul 11, 2018, at 13:43 , Richard Gaskin wrote:
> >> When a computer's OS no longer receives critical patches for known
> >> exploits, it's no longer safe to use.
> > I think it depends on what you use it for.
> True. If you unplug the power and use it as a doorstop, it's
> completely safe. Anything else involves varying degrees of risk. :)
> Running outdated software is one of the leading reasons 80% of
> American businesses have experienced at least one form of hack or
> > I have yet to see a MacOS "exploit" that didn't require the end user
> > do something they ought not to do, and/or authenticate an action they
> > didn't initiate. And by exploit, I mean access the OS via network
> > protocol and bypass protections in place to prevent it without user
> > action or intervention.
> That's true of most OSes. But look deeper. They're rarer, but they
> And even those that require user action, those actions may seem
> innocuous to many users who do not understand the implications, or can
> use exploits in other software to gain elevated privileges which can
> then be used with exploits requiring admin.
> The deeper you look, the murkier things get.
> Sometimes even authentication itself becomes vulnerable:
> Passwords are stored in the Mac's Keychain, which typically
> requires a master login password to access the vault.
> But Wardle has shown that the vulnerability allows an attacker
> to grab and steal every password in plain-text using an unsigned
> app downloaded from the internet, without needing that password.
> And we can't forget everyone's favorite, the Meltdown flaw in Intel
> chips like those in systems that run macOS 10.7:
> A partial list of vulnerabilities specific to macOS 10.7.5 is here:
> That list contains only OS vulnerabilities; other searches can turn up
> additional vulnerabilities against the versions of Safari, Apache,
> rsync, and other programs included in the system which have their own
> lengthy lists of known vulnerabilities. Combining vulnerabilities
> multiplies threats.
> Consider which of the 900+ CVEs against Safari may be used in
> combination with other exploits:
> Ultimately, security is a matter of subjective sense of comfort. The
> sort of person who goes into the shopping mall with they keys left in
> their car will probably feel right at home running an OS where the
> only system patches are being delivered by organized crime rings and
> hostile nation state actors.
> After all, not every car with the keys left in it gets stolen, so why
> not? ;)
More information about the use-livecode