Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Diginotar and Safari / Mobile Safari patches

R

rwbean

macrumors newbie
Original poster
Apr 13, 2004
27
0
(marc) said:
It's Apple's "security by denial" technique.
Click to expand...

That would be true IF you worked at Apple and the wherewithal to know that there was denial going on. I'm sure every browser is coming out with patches, it just kills me to listen to people harp on Safari. If Apple had not made Safari, nobody would give a **** about it.
 
sk1wbw said:
That would be true IF you worked at Apple and the wherewithal to know that there was denial going on.
Click to expand...

I don't work at Apple, but I remember MR reporting that Apple staff were instructed not to tell people about the MacDefender malware, even when asked about it.
 
sk1wbw said:
And did Apple issue security updates about it? I'm sure they did. Maybe they don't issue them fast enough for you or something.
Click to expand...

Apple hasn't even warned it's users of the Diginotar problem. Microsoft has already reacted and invalidated all Diginotar certificates.
 
(marc) said:
Apple hasn't even warned it's users of the Diginotar problem. Microsoft has already reacted and invalidated all Diginotar certificates.
Click to expand...

Correct ... it's starting to get a bit of mainstream press coverage now.
Unfortunately Apple is proving as bad as Diginotar in terms of not communicating! :confused: Kudos for remembering about MacDefender, most people's (and my) memory isn't that long.

http://www.theregister.co.uk/2011/09/06/iphone_android_users_vulnerable/

A bug in the OS X keychain software makes it hard for Mac users to completely
distrust certificates signed by DigiNotar. Until Apple issues a patch, users can follow instructions here to protect themselves. They can also stop using Safari and instead use Chrome or Firefox. It's unclear what steps users of Apple's iDevices can take to block the bogus certificates.

http://www.foxnews.com/scitech/2011...-business-diginotar-could-spell-disaster-for/

Apple has made no official statements about plans to issue a patch for the Safari browser. Victor warns not to wait.
"For Apple, iPhone and iPad users, download the Opera browser. They'll be faster to issue a fix for this than Safari. And it's free," he told FoxNews.com.
 
TOR Blog on DigiNotar CA Debacle

Check out this blog: https://blog.torproject.org/blog/diginotar-damage-disclosure

I really wonder which of all the root certificates I absolutely need and which ones are leafs from the fraudulent root CA's

----------
rwbean said:
This story just gets worse and worse! There hasn't been any Safari patch for the "man in the middle" attacks -- patches have to be done manually.
Click to expand...

Checkout the following webpage. The author created a downloadable script that automatically marks the suspected root certificates an UNtrusted. There is also a good description of the debacle and more useful links.

http://ps-enable.com/articles/diginotar-revoke-trust

"good" thing is that with this CA attack every Apple user should now recognize that our beloved Apple products are indeed in the same boat as the Windows PC world when it comes to such security man-in-the-middleattacks.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back