Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: Michael Pike <email@hidden>
- Date: Fri, 24 Feb 2006 13:08:40 -0700
Well, there are 149,999 MORE reasons to not use windows... one stupid
little program that does nothing is far from a threat.
There is no problem for Apple to work on. If the file tries to move,
it will ASK the recipient if they want to accept it. What more can
Apple do? If the person on the other end is stupid enough to accept
a file without knowing what it is, in a way they probably shouldn't
be using a computer to begin with.
One thing I like about Mac is it doesnt ask me "are you sure?", "are
you sure you're sure?" "Are you sure you are sure about what you are
sure about?"
The software doesn't propagate unknowingly, the user has to know
about it... so the defense isn't Apple, it's making sure the users
have 1/10th of a brain and don't accept files they do not know what
they are.
A .TGZ file to begin with should make most users think.
On Feb 24, 2006, at 10:22 AM, Rex Sanders wrote:
One of the few arguments for keeping Macs "under the radar" and on the
desktop at many locations is a reputation for good security.
With the new Mac OS X scripting vulnerability(*), and Apple's
silence on
the issue, that reputation is evaporating rapidly. If Upper IT
Management
perceives that Macs are as big a security headache as Windows,
they'll push
even harder to throw out the Macs.
When are we going to hear that Apple is even working on this
problem? How
soon can we expect a fix?
What can Apple say to regain their reputation for secure computing?
-- Rex
(*) In case you haven't heard, Mac OS X has a serious design flaw
opening
a huge security vulnerability:
http://isc.sans.org/diary.php?storyid=1138
http://www.macintouch.com/readerreports/security/topic4055.html
Read carefully through the end of the last link. The problem is not
limited to Safari, Mail.app, or Terminal. No workaround proposed
so far
closes all the exploit paths. First reported on February 20, we
have no
acknowledgement or "we're working on it" from Apple.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden