[Dailydave] This guy cracks me up.
MindsX
mindsx at gmail.com
Sun Sep 3 06:48:47 EST 2006
They may not take up the challenge - however - it will be much easier to
dismiss if there is no public backing...
Considering this is IMHO the equivalent of Milli Vanilli with laptops...
It really should be discouraged that anyone in the industry should make
people feel insecure via distortion of the media with vaporware
Too many of these idiots will not do any favors to the sector - nor to the
reputations of those in it.
On 9/3/06, Rhys Kidd <rhyskidd at gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "to generate publicity at the expense of the Mac's renowned reputation for
> security" - John Gruber
>
>
> Renowned reputation?? Let's take the Apple Security Update for 27 June
> 2006,
> http://docs.info.apple.com/article.html?artnum=303973.
>
> The OpenLDAP ( Apple rebrands this OpenDirectory, their core user
> management
> framework ) bug they report was fixed in the OpenLDAP source code on 31st
> December __2004__. When a company is getting hit by bugs reported over a
> year and a half ago, and fixed in 2004, it says a lot about their code
> review department. Sure it's not exploitable, but the version of OpenLDAP
> in
> the www.opensource.apple.com/ tree is that old.
>
> Unfortunately, Apple doesn't commit their security patch fixes into their
> OpenSource offerings, so we'll have to wait for OS X 10.8 to see if they
> update the entire OpenLDAP version, or simply apply a one off fix to that
> file.
>
> Compare:
> [1]
>
> http://www.opensource.apple.com/darwinsource/10.4.7.ppc/OpenLDAP-69.0.2/Open
> LDAP/CHANGES
> [2] http://www.openldap.org/software/release/changes.html
>
> Apple has to make some concerted steps towards ensuring the software they
> import from the OpenSource world is secure, and I'd doubt their in-house
> software is any better.
>
> - - Rhys
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
>
> iD8DBQFE+kpX7oK/a/NHBvIRAgFYAJ4uFCS5m/Q5Omog0aU11wFn5w0UwwCeIobv
> iXyzsLtN4IuxzCeuMP8HMmM=
> =c1oC
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20060903/dc6390e8/attachment.htm
More information about the Dailydave
mailing list