[Dailydave] This guy cracks me up.

[Daniel]

And yet Maynor has gone dead silent since BH.. despite continued  
requests from damn near everyone to give more info.

So did he find something or didnt he?



On 3 Sep 2006, at 10:22, Rhys Kidd wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "to generate publicity at the expense of the Mac's renowned  
> reputation for
> security" - John Gruber
>
>
> Renowned reputation?? Let's take the Apple Security Update for 27  
> June 2006,
> http://docs.info.apple.com/article.html?artnum=303973.
>
> The OpenLDAP ( Apple rebrands this OpenDirectory, their core user  
> management
> framework ) bug they report was fixed in the OpenLDAP source code  
> on 31st
> December __2004__. When a company is getting hit by bugs reported  
> over a
> year and a half ago, and fixed in 2004, it says a lot about their code
> review department. Sure it's not exploitable, but the version of  
> OpenLDAP in
> the www.opensource.apple.com/ tree is that old.
>
> Unfortunately, Apple doesn't commit their security patch fixes into  
> their
> OpenSource offerings, so we'll have to wait for OS X 10.8 to see if  
> they
> update the entire OpenLDAP version, or simply apply a one off fix  
> to that
> file.
>
> Compare:
> [1]
> http://www.opensource.apple.com/darwinsource/10.4.7.ppc/ 
> OpenLDAP-69.0.2/Open
> LDAP/CHANGES
> [2] http://www.openldap.org/software/release/changes.html
>
> Apple has to make some concerted steps towards ensuring the  
> software they
> import from the OpenSource world is secure, and I'd doubt their in- 
> house
> software is any better.
>
> - - Rhys
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
>
> iD8DBQFE+kpX7oK/a/NHBvIRAgFYAJ4uFCS5m/Q5Omog0aU11wFn5w0UwwCeIobv
> iXyzsLtN4IuxzCeuMP8HMmM=
> =c1oC
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave