PDA

View Full Version : Researcher: Apple Patch falls short


MacBytes
May 13, 2006, 11:44 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Researcher: Apple Patch falls short (http://www.macbytes.com/link.php?sid=20060514004410)
Description:: Apple should do more to patch their vulnerabilities.

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

Ja Di ksw
May 14, 2006, 12:04 AM
He talks about publishing the flaws. Honestly, he told Apple, they're working on it. There's no point to publishing them other than to help out hackers.

For the life of me, no matter how common they become, I will never understand people's lax attitude about hacking.

Keynoteuser
May 14, 2006, 09:12 AM
My guess is he assumes that since they're not fixed, that Apple doesn't care. So in some twisted power trip, he thinks releasing them to the public will make Apple suddenly care. Well what if they are messy enough that it's going to take a while to fix them? This guy is way too full of himself.

Maybe a hacker from the Mac community needs to take down his website :)

AlmostThere
May 14, 2006, 11:49 AM
Given a reasonable time, normally a couple of weeks after vendor notification, flaws should be published.

If a benevolent researcher can find them, malevolent parties can too. If the vendor is not willing or able to provide a fix, it is only fair that end-users and system administrators are given the option of using alternative software or services, or restricting computer usage.

Using an example from the article, imagine how you would feel if a suitably crafted JPEG was used to compromise your privacy and personal data using something Apple (or indeed any manufacturer) knew of but failed to warn about.

thegreatluke
May 14, 2006, 01:34 PM
It's not like Apple's not doing anything about flaws.

When they hear about flaws, they usually have a team working on it - the next day.

regre7
May 14, 2006, 01:49 PM
So that brings the score to.... Mac: 3 Windows: a gajillion

Really, if people made as big a deal about ONE Windows security threat as they did about ONE Mac threat. Well.... just saying.

mkrishnan
May 14, 2006, 01:59 PM
Given a reasonable time, normally a couple of weeks after vendor notification, flaws should be published.

I wonder to some extent if this "researcher" is blowing smoke... because he seems to be playing a shell game, always claiming that there are "critical vulnerabilities" that he "might expose." :rolleyes:

But giving him the benefit of the doubt, I agree. It's prudent to wait a couple of weeks, and then publish. If his findings are real, the rest of the security may learn a lot from them, about how to protect other unrelated pieces of software, in general. And concerned users / administrators can make temporary fixes. And it does put an appropriate, in my mind, level of pressure on Apple, or whomever.

That being said, I think this article is clearly biased with the viewpoint that OS X is, under the surface, a bubbling cauldron of vulnerabilities waiting to turn unsuspecting users into newts. :rolleyes:

SC68Cal
May 14, 2006, 02:42 PM
This could be a ploy by the researcher to generate page hits. I'm sure he'll get traffic from the Mac community websites who link to his page when he releases his security holes, wether they have any merit or not.

solvs
May 14, 2006, 07:51 PM
Really, if people made as big a deal about ONE Windows security threat as they did about ONE Mac threat. Well.... just saying.
Dog bites man, not a story. Man bites dog, story. People expect more from Apple. And with every bit of positive news, there will have to be some negative.

People already know Windows sucks.

jpmcburney
May 15, 2006, 11:16 PM
Read this characters other post and you may see that he has a tendency to create interesting stories out of mundane and inconsequntial facts. A simpleton would be my judgement, but I will take my judges robe off and just exclaim how persistent this guy is in being a half-empty, souless, needing-to-make-a-buck-for-being-a- . Good luck to this character!