Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: "Timothy J. Miller" <email@hidden>
- Date: Fri, 24 Feb 2006 13:59:26 -0600
Rex Sanders wrote:
One of the few arguments for keeping Macs "under the radar" and on the
desktop at many locations is a reputation for good security.
With the new Mac OS X scripting vulnerability(*), and Apple's silence on
the issue, that reputation is evaporating rapidly. If Upper IT Management
perceives that Macs are as big a security headache as Windows, they'll push
even harder to throw out the Macs.
A lot of this is bad reporting. While the exploit can seriously mess
with your personal data, it can't touch anyone else *or* system files
without asking for your password (or relying on seriously broken file
permissions).
When are we going to hear that Apple is even working on this problem? How
soon can we expect a fix?
FWIW, part of the correct fix is to fix Finder. The problem is Finder
relies on extensions and magic numbers to display icons, but uses
metadata to find applications to launch for files. When these conflict,
(as in the demonstration) Finder *should* display the file-type icon of
the application that will be launched.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden