Re: [Fed-Talk] Food for thought
Re: [Fed-Talk] Food for thought
- Subject: Re: [Fed-Talk] Food for thought
- From: Dave Schroeder <email@hidden>
- Date: Tue, 05 Aug 2008 08:52:33 -0500
Yes, but the point is they're communicating with customers, making
announcements at venues like Black Hat (instead of pulling out of
talks, with the danger of the engineers who were planning to speak
there getting *fired* if their names are even revealed), and
interacting with security researchers.
I'm not denigrating the security strides Apple has made. But this non-
communicative, aloof, and almost out-of-touch corporate attitude with
respect to security has got to end, and end quickly. Otherwise, Apple
will not be able to recruit or retain qualified security engineers and
other staff...to say nothing of the problems to come that WILL impact
customers seriously if Apple does not start to take this situation
seriously.
I realize that Apple had its hands more than full with the biggest
product launches in its history. And there are signs Apple has learned
from this, cf. Jobs' comments in an internal email yesterday. But
instead of seeing yet another 30-day MobileMe apology and extension,
what I'd like to see is some direct communication from Apple about
security, an explanation for the unacceptable handling of the OSA and
DNS issues, and what changes are being made to remedy the situation,
other than "no comment".
- Dave
On Aug 5, 2008, at 8:41 AM, Joel Esler wrote:
They've been doing this for awhile now. It's just secret.
J
On Aug 5, 2008, at 9:31 AM, Dave Schroeder wrote:
Ironic the completely different direction Microsoft is now taking:
http://news.cnet.com/8301-1009_3-10006325-83.html
Microsoft to give partners heads-up on security vulnerabilities
Microsoft will be giving companies that sell security software and
services to its customers a sneak peek at the technical details of
the vulnerabilities in Microsoft software before the company
releases its monthly "Patch Tuesday" updates.
The new Microsoft Active Protection Program, set to be announced
at the Black Hat security conference on Tuesday, is designed to
give software vendors a change to prepare updates to their
software before attackers have a chance to reverse engineer
Microsoft's security patch and create an exploit.
- Dave
On Aug 3, 2008, at 10:35 AM, Joel Esler wrote:
Normally I am a staunch Apple defender.
I have conversations on the inside with people in the security
department at Apple, and its great... however...
I have to agree. I'd like to see Apple with a bit more
forwardness and openness in the security department. I think it
would be great to have Apple with an open dialogue (not going to
happen) with the community to discuss issues such as these.
However, I just don't see how Apple can continue growing in the
enterprise without being a bit more up front with its clients.
Joel
On Aug 2, 2008, at 9:29 AM, Dave Schroeder wrote:
On Aug 1, 2008, at 6:22 PM, Michael Pike wrote:
The DNS issue not being addressed with OS X server, and now this:
http://www.macworld.com/article/134812/2008/08/blackhat.html?lsrc=rsswidget_main
Apple / Shawn, help us out - these are the things that sink OS X
Server in the fed govt.
Wow.
Just wow.
I'm starting to get very frustrated with Apple with respect to
security.
A local root exploit unpatched for a month, not having the DNS
issue fixed when every other vendor did, not to mention still not
having the resolver issue fixed on the client side.
I realize that Apple had several major launches it was dealing
with, but come on. I'm seriously considering the future of Apple
servers in our environment.
- Dave _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Joel Esler
http://blog.joelesler.net
http://www.dearcupertino.com
[m]
--
Joel Esler
http://blog.joelesler.net
http://www.dearcupertino.com
[m]
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden