Apple Securty Update 2002-08-02

Discussion in 'MacRumors News Discussion (archive)' started by arn, Aug 3, 2002.

  1. arn
    macrumors god

    arn

    Staff Member

    Joined:
    Apr 9, 2001
    #1
    In your Software Update for OS X:

    Security Update 2002-08-02 includes the following updated components which provide increased security to prevent unauthorized access to applications, servers, and the operating system.

    Apache v1.3.26
    OpenSSH v3.4p1
    OpenSSL v0.9.6e
    SunRPC
    mod_ssl v2.8.10
     
  2. macrumors 65816

    voyagerd

    Joined:
    Jun 30, 2002
    Location:
    Rancho Cordova, CA
  3. macrumors 6502

    Joined:
    May 8, 2002
    Location:
    SFO, JFK
  4. macrumors regular

    Joined:
    Apr 18, 2001
    #4
  5. macrumors member

    Joined:
    Dec 21, 2001
    #5
    If you would have actually read anything about the trojan, you'd know it doesn't affect the binaries built from the sources at all. Its simple a small little program that runs as part of the compilation of openssh. So even if apple had built from the trojaned sources, they'd be screwed, not you.

    (Now, I guess if you wanted to get real picky, someone could have used the backdoor created by the compilation to modify the binaries, if they did it at just the right time.)
     
  6. Gus
    macrumors 65816

    Gus

    Joined:
    Jan 1, 2002
    Location:
    Minnesota
    #6
    Hmmmm....

    Well, I'll tell you what, between the MULTIPLE security updates recently, and the new .MAC scheme, I almost feel like a Windows user. bbrrrrr. Sorry for the blasphemy. :)

    Gus
     
  7. macrumors regular

    Joined:
    Jul 3, 2002
    #7
    Re: Hmmmm....

    I see a big difference in the security updates.. Windows updates are of the "we screwed up in our 20-year-old DOS-based proprietary coding, and now that someone discovered this, we're trying to cover our asses" variety, whereas Apple's are of the "look, we're giving you all these cool industry-standard open-source tools, and open-source being what it is, there's always people trying to improve it, so we're giving you these improvements as quickly as we can" variety.

    That is the longest sentence I've ever written. :)

    Now, as for .mac... :(
     
  8. macrumors newbie

    Joined:
    Jul 23, 2002
    Location:
    Chicago
    #8
    Re: Re: Hmmmm....

    I agree. My copy of Internet Explorer on the PC has been updated more times than I can count. There are sometimes several updates a month.

    MS have always compromised security in favor of ease-of-use. That's why it's possible for a client application, ie. the browser, to gain full control of my machine. Scary.

    (Of course, it's also quite disturbing to find out that Apple didn't build in certification into their Software Update feature until very recently).
     

Share This Page