Apple Securty Update 2002-08-02

Discussion in 'MacRumors News Discussion (archive)' started by arn, Aug 3, 2002.

  1. arn
    macrumors god


    Staff Member

    Apr 9, 2001
    In your Software Update for OS X:

    Security Update 2002-08-02 includes the following updated components which provide increased security to prevent unauthorized access to applications, servers, and the operating system.

    Apache v1.3.26
    OpenSSH v3.4p1
    OpenSSL v0.9.6e
    mod_ssl v2.8.10
  2. macrumors 65816


    Jun 30, 2002
    Rancho Cordova, CA
  3. macrumors 6502

    May 8, 2002
    SFO, JFK
  4. macrumors regular

    Apr 18, 2001
  5. macrumors member

    Dec 21, 2001
    If you would have actually read anything about the trojan, you'd know it doesn't affect the binaries built from the sources at all. Its simple a small little program that runs as part of the compilation of openssh. So even if apple had built from the trojaned sources, they'd be screwed, not you.

    (Now, I guess if you wanted to get real picky, someone could have used the backdoor created by the compilation to modify the binaries, if they did it at just the right time.)
  6. Gus
    macrumors 65816


    Jan 1, 2002

    Well, I'll tell you what, between the MULTIPLE security updates recently, and the new .MAC scheme, I almost feel like a Windows user. bbrrrrr. Sorry for the blasphemy. :)

  7. macrumors regular

    Jul 3, 2002
    Re: Hmmmm....

    I see a big difference in the security updates.. Windows updates are of the "we screwed up in our 20-year-old DOS-based proprietary coding, and now that someone discovered this, we're trying to cover our asses" variety, whereas Apple's are of the "look, we're giving you all these cool industry-standard open-source tools, and open-source being what it is, there's always people trying to improve it, so we're giving you these improvements as quickly as we can" variety.

    That is the longest sentence I've ever written. :)

    Now, as for .mac... :(
  8. macrumors newbie

    Jul 23, 2002
    Re: Re: Hmmmm....

    I agree. My copy of Internet Explorer on the PC has been updated more times than I can count. There are sometimes several updates a month.

    MS have always compromised security in favor of ease-of-use. That's why it's possible for a client application, ie. the browser, to gain full control of my machine. Scary.

    (Of course, it's also quite disturbing to find out that Apple didn't build in certification into their Software Update feature until very recently).

Share This Page