lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 30 Oct 2003 07:08:33 -0800
From: Kurt Harvey <k_harvey@....com>
To: Ragnar Sundblad <ragge@...a.kth.se>,
	Adam Shostack <adam@...eport.org>, Steve Clement <steve@....lu>
Cc: Thor Larholm <thor@...x.com>, bugtraq@...urityfocus.com
Subject: Re: Mac OS X vulnerabilities ['Virus checked"]


At 7:52 PM +0100 10/29/03, Ragnar Sundblad wrote:
>--On den 29 oktober 2003 13:03 -0500 Adam Shostack <adam@...eport.org> wrote:
>
>>I think that announcing a set of security issues, and saying "the fix
>>is to upgrade your entire OS" is not a great disclosure strategy.
>
>I certainly agree here, as do we all, I think. Let me just again
>point out that we don't know yet if this is what they say.
>
>All of you who care, please show them that you do.
>Either register for a developer account (free) and send
>a bug report on <http://bugreport.apple.com>, or send an
>email to product-security@...le.com.
>
>/ragge


As an OSX admin I am with you all on this. Here's another place to 
speak up. This is the link from the icon in the OSX Dock.

<http://www.apple.com/macosx/feedback/>

I'm hoping they're in the process of doing the right thing and just 
haven't announced it yet. The wording of Apple's security 
announcement did make me wonder though.


Kurt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ