Dailydave mailing list archives
Re: This guy cracks me up.
From: Daniel <daniel () ugc-labs co uk>
Date: Sun, 3 Sep 2006 18:45:19 +0700
And yet Maynor has gone dead silent since BH.. despite continued requests from damn near everyone to give more info. So did he find something or didnt he? On 3 Sep 2006, at 10:22, Rhys Kidd wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "to generate publicity at the expense of the Mac's renowned reputation for security" - John Gruber Renowned reputation?? Let's take the Apple Security Update for 27 June 2006, http://docs.info.apple.com/article.html?artnum=303973. The OpenLDAP ( Apple rebrands this OpenDirectory, their core user management framework ) bug they report was fixed in the OpenLDAP source code on 31st December __2004__. When a company is getting hit by bugs reported over a year and a half ago, and fixed in 2004, it says a lot about their code review department. Sure it's not exploitable, but the version of OpenLDAP in the www.opensource.apple.com/ tree is that old. Unfortunately, Apple doesn't commit their security patch fixes into their OpenSource offerings, so we'll have to wait for OS X 10.8 to see if they update the entire OpenLDAP version, or simply apply a one off fix to that file. Compare: [1] http://www.opensource.apple.com/darwinsource/10.4.7.ppc/ OpenLDAP-69.0.2/Open LDAP/CHANGES [2] http://www.openldap.org/software/release/changes.html Apple has to make some concerted steps towards ensuring the software they import from the OpenSource world is secure, and I'd doubt their in- house software is any better. - - Rhys -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) iD8DBQFE+kpX7oK/a/NHBvIRAgFYAJ4uFCS5m/Q5Omog0aU11wFn5w0UwwCeIobv iXyzsLtN4IuxzCeuMP8HMmM= =c1oC -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- This guy cracks me up. Dave Aitel (Sep 02)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Daniel (Sep 03)
- Re: This guy cracks me up. MindsX (Sep 03)
- Re: This guy cracks me up. dan (Sep 03)
- Re: This guy cracks me up. Dave Aitel (Sep 04)
- Re: This guy cracks me up. Bob Mahoney (Sep 04)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Jamie Riden (Sep 04)
- <Possible follow-ups>
- Re: This guy cracks me up. johnny cache (Sep 04)
- Re: This guy cracks me up. Bill Weiss (Sep 05)