Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: David Poteet <email@hidden>
- Date: Fri, 24 Feb 2006 17:14:28 -0500
... how many people use iChat at work or even at home? I've tried,
but bc I'm 52 I can't seem to find other folks who want to IM for
hours at a time. My 17 year old daughter says it just isn't done to
IM with your mom or dad. The iChat vulnerability is not a risk in
most govt environments. If your kid picks it up and is also on your
family LAN, you still won't get it unless you IM with your teens. I
can barely get more than a few verbal sentences out of mine, much
less an IM. Email is cool to do with old folks, she tells me, and I
have a virus checker for my email.
... whoever said Apple is below the radar may not be aware of the
virulence of the antagonism on both sides of the Windows vs. OS X
debate. A hacker would launch something in the wild out of spite or
maybe for profit, but it hasn't happened for a variety of good
reasons. I check the major Apple blogs and websites each day and
there is no widespread concern expressed except by companies that
make a living selling solutions. If you want the latest scoop and
mild reaction, go to today's MacFixit at http://www.macfixit.com/.
The proof's in the pudding, and there ain't none... after nearly 30
years of UNIX refinement, Open Source checking and reporting and a
nearly instantaneous response by Apple (vs. years later w/ MS), there
just aren't many problems.
... I agree w/ the remark about bad reporting, but I also agree w/
Rex Sanders that Apple doesn't do enough PR about this kind of thing.
The argument can be made to IS mgmt that Apple is much less
vulnerable to viruses, but it takes an open mind. Apple needs to help
start prying some of the heads open at upper mgmt levels... more
timely information about security risks would offer just that, but
Apple has always held its cards close.
On Feb 24, 2006, at 3:08 PM, Michael Pike wrote:
Well, there are 149,999 MORE reasons to not use windows... one
stupid little program that does nothing is far from a threat.
There is no problem for Apple to work on. If the file tries to
move, it will ASK the recipient if they want to accept it. What
more can Apple do? If the person on the other end is stupid enough
to accept a file without knowing what it is, in a way they probably
shouldn't be using a computer to begin with.
One thing I like about Mac is it doesnt ask me "are you sure?",
"are you sure you're sure?" "Are you sure you are sure about what
you are sure about?"
The software doesn't propagate unknowingly, the user has to know
about it... so the defense isn't Apple, it's making sure the users
have 1/10th of a brain and don't accept files they do not know what
they are.
A .TGZ file to begin with should make most users think.
On Feb 24, 2006, at 10:22 AM, Rex Sanders wrote:
One of the few arguments for keeping Macs "under the radar" and on
the
desktop at many locations is a reputation for good security.
With the new Mac OS X scripting vulnerability(*), and Apple's
silence on
the issue, that reputation is evaporating rapidly. If Upper IT
Management
perceives that Macs are as big a security headache as Windows,
they'll push
even harder to throw out the Macs.
When are we going to hear that Apple is even working on this
problem? How
soon can we expect a fix?
What can Apple say to regain their reputation for secure computing?
-- Rex
(*) In case you haven't heard, Mac OS X has a serious design flaw
opening
a huge security vulnerability:
http://isc.sans.org/diary.php?storyid=1138
http://www.macintouch.com/readerreports/security/topic4055.html
Read carefully through the end of the last link. The problem is not
limited to Safari, Mail.app, or Terminal. No workaround proposed
so far
closes all the exploit paths. First reported on February 20, we
have no
acknowledgement or "we're working on it" from Apple.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden