Create SS .vm using Chubby Bunny

About SheepShaver, a PPC Mac emulator for Windows, MacOS X, and Linux that can run System 7.5.3 to MacOS 9.0.4.

Moderators: Cat_7, Ronald P. Regensburg, ClockWise

User avatar
adespoton
Forum All-Star
Posts: 4227
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Create SS .vm using Chubby Bunny

Post by adespoton »

The exploits are in underlying technologies, that have since been patched by everyone else, but as SLS and SL aren't being patched anymore, they didn't get the fixes. This means that HTTPS, for example, is inherently broken on SL(S).
TiddK
Granny Smith
Posts: 106
Joined: Wed Jan 27, 2016 12:25 pm

Re: Create SS .vm using Chubby Bunny

Post by TiddK »

adespoton wrote:The exploits are in underlying technologies, that have since been patched by everyone else, but as SLS and SL aren't being patched anymore, they didn't get the fixes. This means that HTTPS, for example, is inherently broken on SL(S).
BROKEN? How? Does that mean I'm at risk every time I do my online banking? Or that I should switch it all from Safari to Firefox instead, which is up to date?
User avatar
adespoton
Forum All-Star
Posts: 4227
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Create SS .vm using Chubby Bunny

Post by adespoton »

Definitely switch from Safari to Firefox or Chrome; SLS Safari is not safe to use for HTTPS, as it can be trivially broken by anyone who can get in the middle of the transaction, either via WiFi or by access to one of the intermediary routers. Do not use SLS Safari for banking.

But other security technologies are also broken. Don't open up remote access via the Internet; turn off Back to My Mac if it's on, as that uses OpenSSL too.
galgot
Granny Smith
Posts: 119
Joined: Thu Feb 13, 2014 3:59 pm

Re: Create SS .vm using Chubby Bunny

Post by galgot »

Mmhh, it seems no OS X versions are affected by heartbleed out of the box :
http://apple.stackexchange.com/question ... heartbleed
https://www.nathanson.org/davesays/2014 ... ulnerable/

Unless you install the bad openssl version via port or brew, or if installed via another software.
TiddK
Granny Smith
Posts: 106
Joined: Wed Jan 27, 2016 12:25 pm

Re: Create SS .vm using Chubby Bunny

Post by TiddK »

adespoton wrote:Definitely switch from Safari to Firefox or Chrome; SLS Safari is not safe to use for HTTPS, as it can be trivially broken by anyone who can get in the middle of the transaction, either via WiFi or by access to one of the intermediary routers. Do not use SLS Safari for banking.

But other security technologies are also broken. Don't open up remote access via the Internet; turn off Back to My Mac if it's on, as that uses OpenSSL too.
That's more reassuring - I never use remote access or Back to My Mac. And I'll make sure I do all online banking via Firefox.
Post Reply