Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Releases Safari 5.0.5 and Security Update 2011-002

H

Henk Poley

macrumors 6502
Sep 22, 2008
347
117
munkery said:
The feature can be enabled as follows:

Enable Mac OS X to use the CRL and OCSP to provide protection from invalidated digital certificates. The settings to enable system-wide use of the CRL and OCSP are accessible via Keychain Access. On the "Certificates" pane in the Preferences of Keychain Access, set the following:

Online Certificate Status Protocol (OCSP): Best Attempt
Certificate Revocation List (CRL): Best Attempt
Priority: OCSP
Click to expand...

This is in Keychain settings.

(edit: ah, reading comprehension.. anyways, don't tuck the first step in the middle of a long sentence)

For Firefox you can enable security.OCSP.require in about:config.
 
munkery

munkery

macrumors 68020
Dec 18, 2006
2,217
1
Henk Poley said:
This is in Keychain settings.

(edit: ah, reading comprehension.. anyways, don't tuck the first step in the middle of a long sentence)
Click to expand...

Sorry, cut and paste from elsewhere.

For Firefox you can enable security.OCSP.require in about:config.
Click to expand...

I believe Firefox 3 and above includes OCSP checking by default but, obviously, it only works with the browser.

The settings I suggested also work with Firefox as well as any other client-side app that uses digital certificates.
 
T

thomasslaughter

macrumors newbie
Nov 27, 2010
11
1
bully worm said:
I'm just going to go ahead and leave this here...

http://www.google.com/chrome/intl/en/landing_chrome_mac.html?hl=en
Click to expand...

Seriously? am I the only person who hates chrome?

I hate the whole keystone agent stuff that they dot around everywhere, I hate the fact that parts of Google chrome can be found in the right across the system so if you do want to uninstall it it take hours to do it 100% and if you just try deleting the app, application support + preferences files you get a stream of errors in your system log.
 
Last edited:
Morod

Morod

macrumors 68000
Jan 1, 2008
1,756
738
On The Nickel, over there....
munkery said:
Mac OS X has a feature where compromised SSL certificates are revoked as soon as the certificates are known to be compromised. Using the feature is a lot better than waiting for an update to fix the issue.

The feature can be enabled as follows:

Enable Mac OS X to use the CRL and OCSP to provide protection from invalidated digital certificates. The settings to enable system-wide use of the CRL and OCSP are accessible via Keychain Access. On the "Certificates" pane in the Preferences of Keychain Access, set the following:

Online Certificate Status Protocol (OCSP): Best Attempt
Certificate Revocation List (CRL): Best Attempt
Priority: OCSP
Click to expand...

This great, and I never knew it existed. Thanks for the info!
 
D

DWIM

macrumors newbie
Nov 20, 2009
11
0
Does this update fix the 'too many redirects' issue? To me, just saying to get the web site developers to fix their code is like pushing a rock up a hill. Maybe 'adapt / adjust instead of 'fix'?
 
K

ketterj

macrumors newbie
Feb 25, 2011
3
0
USB hub not working now after updates

Updated my MacBook with latest updates and now my macally trihub4 has quit working. It shows powered up but can't print through it, nor sync ipod. Worked fine before.

Coincidence?
 
rhett7660

rhett7660

macrumors G5
Jan 9, 2008
14,224
4,304
Sunny, Southern California
roadbloc said:
I wish these Chrome fanboys would go away. Seriously, you infect every thread about a web browser that isn't Chrome. Stop posting off topic.

Chrome is awful btw. :)
Click to expand...

Can't tell if you are being sarcastic or not.:rolleyes:

Don't really use safari but at least they are updating it.

I also got a Canon printer update in the bunch. Glad to see that!
 
I

iBug2

macrumors 601
Jun 12, 2005
4,531
851
res1233 said:
I created a webpage using a simple Javascript loop to loop through the images in a folder all named with numbers in order from 1 to 200 (wedding photos). I opened it in safari. It was "slightly" sluggish, but i was able to go up and down and it was usable. Then i tried opening it in FireFox. Here's where we see a flaw with firefox. The thing froze, and when i opened Activity Monitor, firefox's memory usage was skyrocketing. Conclusion: Firefox can't handle too much at once. Safari and most likely webkit in general seems to be far better at handling huge webpages and in my opinion translates to better design than Gecko. Keep in mind that these photos were done by professionals and as such were fairly high res. I use firefox when I need some functionality that a plugin provides, but for the most part, i stick with Safari. I've tried chrome too, and I like it, but I'm used to safari at this point and I figure that once Lion is out, Safari may very well blow Chrome out of the ballpark with performance and stability thanks to WebKit2, so I'd rather stick with it (Until chrome adopts WebKit2 that is, although that may not happen for some time due to various major design changes).
Click to expand...

Exactly. Gecko got outdated, webkit is a much better API to handle high load than Gecko atm, and that's what it's needed for a browser scalable for the future. Computers are fast enough that single sites don't put any kind of weight on the silicon anymore, except Flash obviously, and webkit2 is the best way to go at the moment.
 
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
spacemanspifff said:
So if, like me you can't use the MAS after updating to 10.6.7 - SWITCH OFF CRL in the Keychain Prefs and you'll find it works as before! I know its not going to be as secure but you can always switch it on again when you're not using the MAS.

Come on Apple fix this NOW!!
Click to expand...

It's not Apple's problem. Honestly.

Here's the idea behind CRL: Whenever you visit a secure site which gives you a certificate to check, there could be something wrong with the certificate - like in this case, where a certificate authority named Comodo that should be thrown off the internet for good was tricked into issuing genuine certificates for well-known sites to a hacker. An additional check implemented by CRL is to ask the certificate authority itself if this certificate is revoked.

Now what happens if the server of the certificate authority is down? Clearly it can't tell you whether the certificate is revoked or not, because it is down. So what should the operating system do? The old method is: Accept the certificate. Which is dangerous, because a hacker with a forged certificate just needs a DDOS attack against the certificate authority to make your Mac accept the certificate. The new method is: Don't accept the certificate. Which means you won't be able to connect to the server, whether the certificate is genuine or not.

That's what's happening. Your Mac connects to the Mac App Store. The Mac App Store sends a certificate. It looks alright to your Mac, but just to be sure it asks the certificate authority that issued it. That certificate authority doesn't respond. Nothing to do with Apple. Result: The certificate is not accepted, and you can't get to the Mac App Store.
 
aliensporebomb

aliensporebomb

macrumors 68000
Jun 19, 2005
1,907
332
Minneapolis, MN, USA, Urth
This

thomasslaughter said:
Seriously? am I the only person who hates chrome?

I hate the whole keystone agent stuff that they dot around everywhere, I hate the fact that parts of Google chrome can be found in the right across the system so if you do want to uninstall it it take hours to do it 100% and if you just try deleting the app, application support + preferences files you get a stream of errors in your system log.
Click to expand...

I hated it when I couldn't run it on my old G5 system and then when I found it was being installed randomly on computer systems at work and it created a huge headache on windows systems to uninstall it I vowed to not have it on my system at home.
 
Chiisu

Chiisu

macrumors member
Sep 1, 2006
57
2
The Mile High Bovine Metropolis
I don't know...

Install went smooth, but Safari seems it hesitate to load pages. Once it starts, it loads very fast, but it seems to take more time between when I click on a link and the link loads. I don't know...
 
I

iBug2

macrumors 601
Jun 12, 2005
4,531
851
Legion93 said:
Yeah I agree with you, safari is way better than any other browser. Chrome looks like it could be developed more.
Click to expand...

Well Chrome for mac hasn't been in development as long as Safari so we can't expect it to behave as well as Safari in terms of stability, yet.

That being said, I'm pretty certain that Chrome will catch Safari in terms of stability in the future as well, but I just don't see why I should switch to Chrome, since they are both using webkit anyway, 5% javascript performance doesn't really cut for switching browser which I have been using since its birth. Now if Chrome was like FF in terms of extensions, that would be a reason.

So far, FF = customizability and plenty of very useful extensions but not as stable as Safari, and so far 4.0 has a very slow UI as well. I use it when I need an addon, it's quite useful on that front.

Chrome = too new in development for mac, not much to say about it, yet.

Safari = the most stable browser on mac and if stability is the most important thing to you, as it is to me, the best option at the moment.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom