Diginotar and Safari / Mobile Safari patches

Discussion in 'Community Discussion' started by rwbean, Sep 5, 2011.

  1. rwbean macrumors newbie

    Joined:
    Apr 13, 2004
    #1
  2. sk1wbw Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #2
    Saw that Firefox issued a patch a few days ago, but what about IE and the others?
     
  3. (marc) macrumors 6502a

    (marc)

    Joined:
    Sep 15, 2010
    Location:
    the woods
  4. sk1wbw Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #4
    That would be true IF you worked at Apple and the wherewithal to know that there was denial going on. I'm sure every browser is coming out with patches, it just kills me to listen to people harp on Safari. If Apple had not made Safari, nobody would give a **** about it.
     
  5. (marc) macrumors 6502a

    (marc)

    Joined:
    Sep 15, 2010
    Location:
    the woods
    #5
    I don't work at Apple, but I remember MR reporting that Apple staff were instructed not to tell people about the MacDefender malware, even when asked about it.
     
  6. sk1wbw Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #6
    And did Apple issue security updates about it? I'm sure they did. Maybe they don't issue them fast enough for you or something.
     
  7. (marc) macrumors 6502a

    (marc)

    Joined:
    Sep 15, 2010
    Location:
    the woods
    #7
    Apple hasn't even warned it's users of the Diginotar problem. Microsoft has already reacted and invalidated all Diginotar certificates.
     
  8. rwbean thread starter macrumors newbie

    Joined:
    Apr 13, 2004
    #8
    Correct ... it's starting to get a bit of mainstream press coverage now.
    Unfortunately Apple is proving as bad as Diginotar in terms of not communicating! :confused: Kudos for remembering about MacDefender, most people's (and my) memory isn't that long.

    http://www.theregister.co.uk/2011/09/06/iphone_android_users_vulnerable/

    A bug in the OS X keychain software makes it hard for Mac users to completely
    distrust certificates signed by DigiNotar. Until Apple issues a patch, users can follow instructions here to protect themselves. They can also stop using Safari and instead use Chrome or Firefox. It's unclear what steps users of Apple's iDevices can take to block the bogus certificates.

    http://www.foxnews.com/scitech/2011...-business-diginotar-could-spell-disaster-for/

    Apple has made no official statements about plans to issue a patch for the Safari browser. Victor warns not to wait.
    "For Apple, iPhone and iPad users, download the Opera browser. They'll be faster to issue a fix for this than Safari. And it's free," he told FoxNews.com.
     
  9. rwbean thread starter macrumors newbie

    Joined:
    Apr 13, 2004
    #9
  10. Bigmacduck macrumors regular

    Joined:
    Feb 15, 2009
    #10
    TOR Blog on DigiNotar CA Debacle

    Check out this blog: https://blog.torproject.org/blog/diginotar-damage-disclosure

    I really wonder which of all the root certificates I absolutely need and which ones are leafs from the fraudulent root CA's

    ----------

    Checkout the following webpage. The author created a downloadable script that automatically marks the suspected root certificates an UNtrusted. There is also a good description of the debacle and more useful links.

    http://ps-enable.com/articles/diginotar-revoke-trust

    "good" thing is that with this CA attack every Apple user should now recognize that our beloved Apple products are indeed in the same boat as the Windows PC world when it comes to such security man-in-the-middleattacks.
     

Share This Page