Dailydave mailing list archives
Re: This guy cracks me up.
From: MindsX <mindsx () gmail com>
Date: Sun, 3 Sep 2006 12:48:47 +0100
They may not take up the challenge - however - it will be much easier to dismiss if there is no public backing... Considering this is IMHO the equivalent of Milli Vanilli with laptops... It really should be discouraged that anyone in the industry should make people feel insecure via distortion of the media with vaporware Too many of these idiots will not do any favors to the sector - nor to the reputations of those in it. On 9/3/06, Rhys Kidd <rhyskidd () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "to generate publicity at the expense of the Mac's renowned reputation for security" - John Gruber Renowned reputation?? Let's take the Apple Security Update for 27 June 2006, http://docs.info.apple.com/article.html?artnum=303973. The OpenLDAP ( Apple rebrands this OpenDirectory, their core user management framework ) bug they report was fixed in the OpenLDAP source code on 31st December __2004__. When a company is getting hit by bugs reported over a year and a half ago, and fixed in 2004, it says a lot about their code review department. Sure it's not exploitable, but the version of OpenLDAP in the www.opensource.apple.com/ tree is that old. Unfortunately, Apple doesn't commit their security patch fixes into their OpenSource offerings, so we'll have to wait for OS X 10.8 to see if they update the entire OpenLDAP version, or simply apply a one off fix to that file. Compare: [1] http://www.opensource.apple.com/darwinsource/10.4.7.ppc/OpenLDAP-69.0.2/Open LDAP/CHANGES [2] http://www.openldap.org/software/release/changes.html Apple has to make some concerted steps towards ensuring the software they import from the OpenSource world is secure, and I'd doubt their in-house software is any better. - - Rhys -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) iD8DBQFE+kpX7oK/a/NHBvIRAgFYAJ4uFCS5m/Q5Omog0aU11wFn5w0UwwCeIobv iXyzsLtN4IuxzCeuMP8HMmM= =c1oC -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- This guy cracks me up. Dave Aitel (Sep 02)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Daniel (Sep 03)
- Re: This guy cracks me up. MindsX (Sep 03)
- Re: This guy cracks me up. dan (Sep 03)
- Re: This guy cracks me up. Dave Aitel (Sep 04)
- Re: This guy cracks me up. Bob Mahoney (Sep 04)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Jamie Riden (Sep 04)
- <Possible follow-ups>
- Re: This guy cracks me up. johnny cache (Sep 04)
- Re: This guy cracks me up. Bill Weiss (Sep 05)
- This guy cracks me up. johnny cache (Sep 05)