http://news.com.com/2100-1001-942265.html?tag=fd_top


better think twice about it when you run software update.

Wait for the patch to come out.

-bill

oh wow..... i never thought of it that way...... it said it affected OS X, I wonder if it affects OS 9, too.....

interesting how the alleged "hacker" is talking so openly about this??

Originally posted by eyelikeart
interesting how the alleged "hacker" is talking so openly about this??

the same goes for people who find holes in microsofts stuff. if holes are kept quiet, then a company might put it on the back burner, and then something really bad could happen when people start sharing secrets. putting it all in the open gets the company to fix stuff that needs to be taken care of.

I'm really surprised by this because I always assumed that software update used some sort of secure means of transfering files and checking for updates. thats why I haven't been doing it manually. this is really disappointing.

Originally posted by Choppaface


the same goes for people who find holes in microsofts stuff. if holes are kept quiet, then a company might put it on the back burner, and then something really bad could happen when people start sharing secrets. putting it all in the open gets the company to fix stuff that needs to be taken care of.

I'm really surprised by this because I always assumed that software update used some sort of secure means of transfering files and checking for updates. thats why I haven't been doing it manually. this is really disappointing.

Same here, thought that it was a secure link.
But what's the difference between automatic and manual?
Anyhow you send a request that can be intercepted.

if this is truly a problem, then it really could be fixed easily. altho people would scream, apple should require a mac.com account in order to use software update. then it could use an https:// address to download all updates etc. You would have to login using your iTools account, which could still be automated (have it remember and not ask). This would basically eliminate the problem. If you didn't want to send all that info to Apple, just wait for the packaged update.

Originally posted by eyelikeart
interesting how the alleged "hacker" is talking so openly about this??

That's the true nature of any good hacker. The Unix OS is as strong as it is because of white hat hackers, like this one, who strive to make the system better. These guys are much closer to the real definition of "hacker" than the malicious pranking geek.