Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: Brian Raymond <email@hidden>
- Date: Fri, 24 Feb 2006 12:36:54 -0500
- Thread-topic: [Fed-Talk] Apple's security belly-flop
I don't know that Mac's reputation for security is well deserved as it has
not had the eyes on it that other operating systems have. UNIX like OSes
have some advantages over the traditional target of Windows because of their
architecture but that does not necessarily mean they are inherently more
secure. I say that because the implementation of that OS can provide for
serious lapses in security.
There have been a number of serious security fixes provided by Apple in the
past that are brushed over in the release notes by stating something along
the lines of "addressed an issue in X". The current issue on the table in
this thread is related to that same general sense. Apple does not arm it's
users and admins with the information they need to be proactive about
managing their systems. Information needs to be provided to the community so
they can mitigate any issues before a patch is released. When patches are
released Apple needs to make it clear what is being addressed so
vulnerabilities don't get lumped in with standard bug fixes and patched when
convenient vs. necessary.
My .02
- Brian
On 2/24/06 12:22 PM, "Rex Sanders" <email@hidden> wrote:
> One of the few arguments for keeping Macs "under the radar" and on the
> desktop at many locations is a reputation for good security.
>
> With the new Mac OS X scripting vulnerability(*), and Apple's silence on
> the issue, that reputation is evaporating rapidly. If Upper IT Management
> perceives that Macs are as big a security headache as Windows, they'll push
> even harder to throw out the Macs.
>
> When are we going to hear that Apple is even working on this problem? How
> soon can we expect a fix?
>
> What can Apple say to regain their reputation for secure computing?
>
> -- Rex
>
>
> (*) In case you haven't heard, Mac OS X has a serious design flaw opening
> a huge security vulnerability:
>
> http://isc.sans.org/diary.php?storyid=1138
>
> http://www.macintouch.com/readerreports/security/topic4055.html
>
> Read carefully through the end of the last link. The problem is not
> limited to Safari, Mail.app, or Terminal. No workaround proposed so far
> closes all the exploit paths. First reported on February 20, we have no
> acknowledgement or "we're working on it" from Apple.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden