|
Full Disclosure
mailing list archives
Re: Re: Question about Mac OS X 10.4 Security
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 01 Mar 2006 17:18:11 -0600
--On Thursday, March 02, 2006 09:42:47 +1100 mz4ph0d () gmail com wrote:
At 4:20 PM -0600 1/3/06, Paul Schmehl wrote:
So, Apple hasn't fully addressed this problem yet. (Trust me, I've
tested it.)
If you are responsible for Macs and you haven't read this yet, you need
to:
Safari and Mail. Sure, agreed, but they do move quickly to fix problems
publicly known, and I'm very confident that they'll shortly also release
a fix for the filetype/app problem (what could be considered the main
problem I guess).
I suspect it will take a while. The underlying problem has to do with how
metadata in files is parsed by the OS. Fixing that will likely take some
serious brainwork, perhaps even a rewrite of some parts of the OS. I don't
think they'll be fixing it any time soon, although they may come up with
some intermediate measures that lessen the exposure.
Apple actually *do* tend to position security over functionality, unlike
Microsoft (do?/has?), when the way something that was introduced as
a feature is shown to be insecure, they change it to make it more
secure, rather than saying "It's what our users want! It's a feature,
not a bug."
I could care less about that. Every vendor has their good points and their
faults. What I want is a vendor who recognizes when they've done something
stupid, admits it and fixes it - permanently.
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
Intro
