lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <018901c39dbc$2e7b4970$6401a8c0@corp.ad.timeinc.com>
Date: Tue, 28 Oct 2003 20:30:05 -0500
From: "Joshua Levitsky" <jlevitsk@...hie.com>
To: "Thor Larholm" <thor@...x.com>, <bugtraq@...urityfocus.com>
Subject: Re: Mac OS X vulnerabilities


----- Original Message ----- 
From: "Thor Larholm" <thor@...x.com>
Sent: Tuesday, October 28, 2003 2:23 PM
Subject: Re: Mac OS X vulnerabilities


> When most vendors are notified of security vulnerabilities in their
products,
> they produce a patch for the affected versions of the software and
distribute it
> for free. Does Apple plan to distribute a free patch for these security
> vulnerabilities to Mac OS X 10.2, or will my clients have to spend $129
per
> workstation (the single user upgrade price) to have their Apple computer
stay
> secure?

This is the first line of the APPLE-SA-2003-10-28 Mac OS X 10.3 Panther
email sent to the Apple Security list today....

"Mac OS X 10.3 Panther has been released, and it contains the following
security enhancements:"

That sounds like they expect you to upgrade. Time will tell of course. Apple
has only had a real OS for about a year or so. (Everything before 10.2 was
unusable and certainly Mac OS 9.x was a childrens toy, not an OS.)

If Apple is responsible then we should see 10.2 patches backported. I think
it's reasonable that 10.3 patches come, and then 10.2 patches, and Apple
should have some Life Cycle policy to say if everything before 10.2 is EOL
or not. It's all a new world with Apple. Let us hope that they do not let us
down.

--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ