Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: Michael Pike <email@hidden>
- Date: Fri, 24 Feb 2006 13:11:34 -0700
What kind of patch will fix this? Apple to cripple iChat so it won't
send files?
The bottom line is educate your users.
And let me also elaborate on another of your comments. "Has not had
the eyes on it other OS's have."
Mac is Unix based... Unix has been around since the 60's.... core
unix doesn't have as many problems as Windows.
There is a difference between ASKING a user to accept a file (in the
mac instance), and having it spread without the user knowing (as in
ALL windows based exploits).
mike
On Feb 24, 2006, at 10:36 AM, Brian Raymond wrote:
I don't know that Mac's reputation for security is well deserved as
it has
not had the eyes on it that other operating systems have. UNIX like
OSes
have some advantages over the traditional target of Windows because
of their
architecture but that does not necessarily mean they are inherently
more
secure. I say that because the implementation of that OS can
provide for
serious lapses in security.
There have been a number of serious security fixes provided by
Apple in the
past that are brushed over in the release notes by stating
something along
the lines of "addressed an issue in X". The current issue on the
table in
this thread is related to that same general sense. Apple does not
arm it's
users and admins with the information they need to be proactive about
managing their systems. Information needs to be provided to the
community so
they can mitigate any issues before a patch is released. When
patches are
released Apple needs to make it clear what is being addressed so
vulnerabilities don't get lumped in with standard bug fixes and
patched when
convenient vs. necessary.
My .02
- Brian
On 2/24/06 12:22 PM, "Rex Sanders" <email@hidden> wrote:
One of the few arguments for keeping Macs "under the radar" and on
the
desktop at many locations is a reputation for good security.
With the new Mac OS X scripting vulnerability(*), and Apple's
silence on
the issue, that reputation is evaporating rapidly. If Upper IT
Management
perceives that Macs are as big a security headache as Windows,
they'll push
even harder to throw out the Macs.
When are we going to hear that Apple is even working on this
problem? How
soon can we expect a fix?
What can Apple say to regain their reputation for secure computing?
-- Rex
(*) In case you haven't heard, Mac OS X has a serious design flaw
opening
a huge security vulnerability:
http://isc.sans.org/diary.php?storyid=1138
http://www.macintouch.com/readerreports/security/topic4055.html
Read carefully through the end of the last link. The problem is not
limited to Safari, Mail.app, or Terminal. No workaround proposed
so far
closes all the exploit paths. First reported on February 20, we
have no
acknowledgement or "we're working on it" from Apple.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40dataline.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden