Bugtraq mailing list archives
Re: Personal Web Sharing remote stop
From: "Erik Neuenschwander" <erikn () well com>
Date: Fri, 18 May 2001 18:40:43 -0700
"Terje Bless" <link () tss no> wrote:
On 16.05.01 at 10:01, Ron Trenka <ron () zowiedigital com> wrote:BTW, if anyone has contacts at Apple _please_ bug them about starting
to
take security seriously! It looks like the last update to Mac OS X (10.0.3) was to close the recent glob hole, but it isn't mentioned in
the
release notes. Just some vague "security related fixes".That was part of the update. The biggest thing was to add the CD
burning
capability.Nope. That was .1 or .2 (I can't be bothered to check right now). .3
added
/more/ CD-RW support and some vaguely hinted at security fixes involving FTP that just _scream_ at me that they've closed the glob hole but
aren't
telling because then they'd have to fess up to having been bitten by it
in
the first place. The worst part is that I fully expect the added CD-TW support was the more compelling reason for the upgrade; the FTP fix was just piggybacking along. *sigh* "This update delivers CD burning support for iTunes, a number of improvements for overall application stability and includes the latest version of the Internet file transfer service (ftpd) which features important security improvements."
Well, they now have more of a clue... Apple's finally got a security site up! http://www.apple.com/support/security/security.html describes their processes http://www.apple.com/supprt/security/security_updates.html lists their updates and what vulnerabilities they patch And, yes, it was the glob hole and it is now fixed. They even link to the CERT Advisory. -- Erik Neuenschwander Managing Director, i-Appliance Association erikn () cs stanford edu Graduate Student, Stanford Philosophy erikn () i-appliance org http://www.stanford.edu/~erikn/
Current thread:
- Personal Web Sharing remote stop Jass Seljamaa (May 15)
- Re: Personal Web Sharing remote stop Terje Bless (May 16)
- Re: Personal Web Sharing remote stop Ron Trenka (May 16)
- Re: Personal Web Sharing remote stop Terje Bless (May 16)
- Re: Personal Web Sharing remote stop Erik Neuenschwander (May 19)
- Re: Personal Web Sharing remote stop Ron Trenka (May 16)
- Re: Personal Web Sharing remote stop Peter Bierman (May 16)
- Re: Personal Web Sharing remote stop Terje Bless (May 17)
- Re: Personal Web Sharing remote stop Terje Bless (May 16)