.. looks like there are enough mac users out there to justify someone taking the time to annoy them, this is a critical exploit not the IM attack in the news recently ..

http://blogs.zdnet.com/Ou/index.php?p=163&tag=nl.e550

It's just about time Mac users came down a level and cease thinking they are untouchable just because they are using a Mac. It makes me laugh how many times I've heard Mac users try to say that go around without any security or malware risks.

"woo, look at me, I won't get any adware/spyware/malware etc, I'm using OS X" :D

Okay, the amount of security risks and malware around for OS X is lower than the likes of Windows, but still the point stands - Mac users are not immune to these kind of threats. Never have been, and never will be.

+ this is a killer of a hole ... proof of why looging in as root is bad juju ;) `rm -r /`

(ps I actually have no idea if you even can login as root on a mac, but if you can... don't)

I don't think Mac OS X allows logging in as root, only at worst admin, but I wonder if you can't get a root login through the underlying Darwin.

I don't think Mac OS X allows logging in as root, only at worst admin, but I wonder if you can't get a root login through the underlying Darwin.

You can log into an Aqua session as root. Just enable the root user via NetInfo manager, and switch the login screen to prompt for username/password. At least, I used to log in as root when I had to administer several users for an internal fileserver running Jaguar (have not tried in Panther or Tiger).

Is being logged in as root different from just being sudo root in terminal then? Like, does all the /etc/ business and .files show up in the finder?

Is being logged in as root different from just being sudo root in terminal then? Like, does all the /etc/ business and .files show up in the finder?
That's hard coded into the Finder, and not dependent on the user.

As for root, it's disabled by default.

As for this security hole, it's the same one as that was exploited by Oompa-A, just running a different shell script.

For the "smugness", surely it is ironic that it's taken over 15 years for their to be a exploited security hole in NeXTSTEP (and derivatives), and then when it is exploited, within days there is 1 Trojan, and 1 Virus (of which many Mac users aren't vulnerable to, as plenty of us have the option is Safari disabled, therefore demoting it to a Trojan…) that exploit the same vulnerability.

.. looks like there are enough mac users out there to justify someone taking the time to annoy them, this is a critical exploit not the IM attack in the news recently ..
Is that really true, though? Macintosh had a smaller marketshare and had viruses.

True, OS X has a smaller market share than the likes of Windows etc, so it isn't going to the main target for malware. However, what does get peoples backs up is how smug Mac users can actually be...

True, OS X has a smaller market share than the likes of Windows etc, so it isn't going to the main target for malware. However, what does get peoples backs up is how smug Mac users can actually be...
Uh... That's the complete opposite of my point. Macintosh had a smaller marketshare and had more viruses than NeXTSTEP (and derivatives).

Sunny scotland? I'm from Sussex and its 'king freezing

Sunny scotland? I'm from Sussex and its 'king freezing
Sarcasm my friend, sarcasm :)

As for the whole Oompa-A security hole (which this also exploits), was patched by Apple last night.