lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F9FF670.4010209@ion.lu>
Date: Wed, 29 Oct 2003 18:18:40 +0100
From: Steve Clement <steve@....lu>
To: graham.coles@...ail-logic.com
Cc: Thor Larholm <thor@...x.com>, bugtraq@...urityfocus.com
Subject: Re: Mac OS X vulnerabilities ['Virus checked"]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All this issue depends on how suspicious you are really.

One could say that @stake waited till Panther 10.3 came out to release
the Security alert and therefore push the sales of the new system. Or
you could argue that it was an unlucky coincidence that with the new
release there were quite a few security bugs apearing.

So apple might have had to make a decision as to how the path work has
to be done, and in all the hectic some things must have gone "wrong"
e.g. no mentions about fixing 10.2 and so on.

Anyway, I do hope that Apple is going to patch 10.2 and I think they
will, they went the *nix/"OpenSource" way so now they have to walk the
route and adapt the philosophy that comes with it.

Greets,

Steve Clement


graham.coles@...ail-logic.com wrote:
| Thor,
|
| Sorry, I hadn't read the vendor response section of the advisories fully,
| I'd rather assumed they would be issuing a security update for 10.2 as
| per usual.
|
| I'd have to agree it's a pretty poor showing from Apple if the only fix is
| to
| buy the next version of the operating system. I believe Microsoft are
about
| to stop patching Windows Me shortly (which has been around for a few years
| now) and usually support the current and previous service pack of an OS.
|
| If Apple are only going to support the most recent version of OS X - which
| equates to about 12 months lifetime, as I believe they're planning a major
| new release each year - then it's going to be either difficult or
expensive
| to
| keep secure.
|
| Given the current climate with regards to security, I don't think they're
| doing
| themselves any favours if they take this route. I hope they'll reconsider
| if this
| is their policy.
|



- --
ION Network Solutions
Steve Clement
Unix System Administrator
13, rue des Ardennes
L-1133 Luxembourg
Tel: +352 261 276-2
Fax: +352 261 276-9
mailto:steve@....lu
http://www.ion.lu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/n/ZvMH8DIBsiCrgRAufQAJ4x1RK9dj+Dcf878VsMkov6dRONnQCfY1y2
oRrsmJ23reT2w4SjmPqh1Z4=
=X8y+
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ