PDA

View Full Version : Apple Securty Update 2002-08-02


arn
Aug 3, 2002, 03:24 PM
In your Software Update for OS X:

Security Update 2002-08-02 includes the following updated components which provide increased security to prevent unauthorized access to applications, servers, and the operating system.

Apache v1.3.26
OpenSSH v3.4p1
OpenSSL v0.9.6e
SunRPC
mod_ssl v2.8.10

voyagerd
Aug 3, 2002, 03:30 PM
umm.. yay, I guess...

christof
Aug 4, 2002, 05:14 AM
OpenSSH documents TROJAN HORSE that was distributed in OpenSSH v3.4p1 (http://www.openssh.com/)

Longey Nowze
Aug 4, 2002, 05:44 AM
Originally posted by christof
OpenSSH documents TROJAN HORSE that was distributed in OpenSSH v3.4p1 (http://www.openssh.com/)

Thanks! but it seems that they have fixed the problem an the first of August I think Apple has the safe version now... wouldn't they?

THANK YOU
MaT

balliet
Aug 5, 2002, 12:58 AM
If you would have actually read anything about the trojan, you'd know it doesn't affect the binaries built from the sources at all. Its simple a small little program that runs as part of the compilation of openssh. So even if apple had built from the trojaned sources, they'd be screwed, not you.

(Now, I guess if you wanted to get real picky, someone could have used the backdoor created by the compilation to modify the binaries, if they did it at just the right time.)

Gus
Aug 5, 2002, 02:14 AM
Well, I'll tell you what, between the MULTIPLE security updates recently, and the new .MAC scheme, I almost feel like a Windows user. bbrrrrr. Sorry for the blasphemy. :-)

Gus

Apple][Forever
Aug 5, 2002, 10:50 AM
Originally posted by Gus
Well, I'll tell you what, between the MULTIPLE security updates recently, and the new .MAC scheme, I almost feel like a Windows user. bbrrrrr. Sorry for the blasphemy. :-)

Gus

I see a big difference in the security updates.. Windows updates are of the "we screwed up in our 20-year-old DOS-based proprietary coding, and now that someone discovered this, we're trying to cover our asses" variety, whereas Apple's are of the "look, we're giving you all these cool industry-standard open-source tools, and open-source being what it is, there's always people trying to improve it, so we're giving you these improvements as quickly as we can" variety.

That is the longest sentence I've ever written. :)

Now, as for .mac... :(

c_waddington
Aug 5, 2002, 11:23 AM
Originally posted by Apple][Forever


I see a big difference in the security updates.. Windows updates are of the "we screwed up in our 20-year-old DOS-based proprietary coding, and now that someone discovered this, we're trying to cover our asses" variety, whereas Apple's are of the "look, we're giving you all these cool industry-standard open-source tools, and open-source being what it is, there's always people trying to improve it, so we're giving you these improvements as quickly as we can" variety.

That is the longest sentence I've ever written. :)

Now, as for .mac... :(

I agree. My copy of Internet Explorer on the PC has been updated more times than I can count. There are sometimes several updates a month.

MS have always compromised security in favor of ease-of-use. That's why it's possible for a client application, ie. the browser, to gain full control of my machine. Scary.

(Of course, it's also quite disturbing to find out that Apple didn't build in certification into their Software Update feature until very recently).