Re: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
Re: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
- Subject: Re: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
- From: Boyd Fletcher <email@hidden>
- Date: Thu, 29 May 2008 11:50:19 -0400
- Thread-topic: [Fed-Talk] OS X 10.5.3 Safari crashes with DoD CAC?
I noticed that last night as well. I was crashing KeyChain Access and Safari
on-demand. I guess I will keep using Tiger for another 3-4 months.
boyd
On 5/29/08 8:04 AM, "Michael Kluskens" <email@hidden> wrote:
> Under OS X 10.5.3 I've lost functionality, Keychain Access and OS X
> Mail work with my DoD CAC card; however, Safari does not, I get
> anything from no response <infosec.navy.mil> to a crash of Safari with
> corruption of my login keychain <netgroup.nrl.navy.mil>. All this
> worked fine from 10.3.x through all of 10.4 and up to 10.5.2 (The
> Apple bug number for this issue is #47225052 I believe if anyone has
> the right access to check on the status of this).
>
> Tested and verified on both PowerPC and Intel Macs, tested and
> verified with a format and reinstall of 10.5.1 with all updates to
> 10.5.3 and no customizations, no third-party apps, and no usage of
> Migration assistant.
>
> Given that Keychain Access sees the card and that OS X Mail works and
> Safari does not I doubt it's my card reader but in any case I'm using
> a GEMPLUS DoD CAC and a SCM SCR33x USB Smart Card Reader with Firmware
> 05.18.
>
> The ActivCard reader which we flashed was supplied by our security
> people, if we have to go out and buy other card readers it won't look
> good for Apple at this location, a couple thousand dollars to make OS
> X work with the DoD CAC (estimate 200 users here with $20 per reader).
>
> And of course the Orthebur CAC cards don't work at all under 10.5.3
> with the SCR33x card reader, funny no word on why that can not be
> fixed in OS X--legal issues with drivers from SCM? Unfortunately now
> I have three users who have to find a PC to do their work and the
> number is growing monthly.
>
> The following is any interesting take on the which certificate problem:
>
> CFNetwork
> CVE-ID: CVE-2008-1580
> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
> Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
> Impact: Visiting a maliciously crafted website may lead to the
> disclosure of sensitive information
> Description: An information disclosure issue exists in Safari's SSL
> client certificate handling. When a web server issues a client
> certificate request, the first client certificate found in the
> keychain is automatically sent, which may lead to the disclosure of
> the information contained in the certificate. This update addresses
> the issue by prompting the user before sending the certificate.
>
> Regarding the Orthebur CAC and SCM SCR readers.
>
> On Feb 29, 2008, at 9:22 AM, Shawn A. Geddis wrote:
>
>> There is currently (10.5.0-10.5.2) a very specific issue between
>> some of the newer Smart Cards (T=1 / Block Transfer) with very
>> specific Smart Card Readers (SCM SCR 331, 531, 3310, 3311).
>>
>> Combination with a different reader or a different card work as
>> expected.
>>
>> * There are many *different* CACs issued
>> * There are many *different* Smart Card Readers available.
>>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden