"Terje Bless" <linkat_private> wrote: > On 16.05.01 at 10:01, Ron Trenka <ronat_private> wrote: > > >>BTW, if anyone has contacts at Apple _please_ bug them about starting to > >>take security seriously! It looks like the last update to Mac OS X > >>(10.0.3) was to close the recent glob hole, but it isn't mentioned in the > >>release notes. Just some vague "security related fixes". > > > >That was part of the update. The biggest thing was to add the CD burning > >capability. > > Nope. That was .1 or .2 (I can't be bothered to check right now). .3 added > /more/ CD-RW support and some vaguely hinted at security fixes involving > FTP that just _scream_ at me that they've closed the glob hole but aren't > telling because then they'd have to fess up to having been bitten by it in > the first place. The worst part is that I fully expect the added CD-TW > support was the more compelling reason for the upgrade; the FTP fix was > just piggybacking along. *sigh* > > "This update delivers CD burning support for iTunes, a number of > improvements for overall application stability and includes the > latest version of the Internet file transfer service (ftpd) > which features important security improvements." > Well, they now have more of a clue... Apple's finally got a security site up! http://www.apple.com/support/security/security.html describes their processes http://www.apple.com/supprt/security/security_updates.html lists their updates and what vulnerabilities they patch And, yes, it was the glob hole and it is now fixed. They even link to the CERT Advisory. -- Erik Neuenschwander Managing Director, i-Appliance Association eriknat_private Graduate Student, Stanford Philosophy erikn@i-appliance.org http://www.stanford.edu/~erikn/
This archive was generated by hypermail 2b30 : Sat May 19 2001 - 11:40:29 PDT