|
#9
June 4th, 2004, 07:50 AM
| ||||
| ||||
|
Hello, the entire post is about how I agree with Apple's security initiatives and how I don't want others like you telling Apple to change. They have done a wonderful job. Like I said before I think they should keep a tight lip, like they have done all these years and the only thing I need worry about is giving out my passwords. You my sir live in a Windows world I am deeply rooted with Apple's closed system and love it.
 |
|
#10
June 4th, 2004, 06:14 PM
| ||||
| ||||
|
No, I haven't used Windows as my Main Computer for almost 5 years. I live in an OpenSource World, a World which Apple Computer are relying on for most of their Security updates. Apple Patches for Vulnerabilities in Samba, SSH and even Kerberos have been provided to Apple Computer from Open Source Software Maintainers. I support people who use Windows Computers, (they need all the support they can get), but don't actually use one myself. The only reason I would have Windows Box is for Testing. My other two computers (beside my iBook) are a Debian GNU/Linux Box and a BeOS/OpenBeOS box. Much of the software I use is OpenSource, and therefore security is dictated by the OpenSource Security Model. If you don't want an OpenSource Security Model on your computer, so the following:
If you choose to use any of the above mentioned software, you are using OpenSource Software, and must accept an Open Security Model. That is the nature of OpenSource Software. Last edited by Salvo; June 4th, 2004 at 06:15 PM. Reason: bad code :( |
|
#11
June 16th, 2004, 10:06 PM
| ||||
| ||||
|
Another one is finally getting it right... staying mum (you guys don't need to know) Akamai refused to provide greater detail about Tuesday's attacks, citing a need to keep mum on the details of the company's architecture and to avoid giving more publicity to the attackers. "The constitution is not the only word, it was a guide and at 200+ years I think he might be losing his sight" anonymous |
|
#12
June 17th, 2004, 05:07 AM
| ||||
| ||||
| What Apple's Policy is on Security. The information has always been available, when a Security Update is made. They provide one set of information for Users, and one set of Information for Enthusiasts and Professionals. They have always done this. If you really want to know what Akamai is running, you can use NetCraft. The AkamaiGhost is a Proprietary WebServer, which they run on Linux. The information is out there if you want to attack it, but I'm pretty sure that the AkamaiGhost Developers tell their Customers about any Security Vulnerabilities as soon as they're discovered. Their Sole Customers are the Akamai SysOps, who need to know about any Vulnerabilities. Apple's Customers are divided into three Groups; Users, PowerUsers (Enthusiasts) and Corporate (Enterprise). Users don't need to know about the ins and outs of every security Vulnerability. Power Users like to know, so they can avoid being exploited. Corporate SysOps Need to know. They're professionally Liable if their Customers Systems go down. The Recent Kerfuffle was a result of Corporate SysOps and Enthusiasts discussing the Issue, and other Enthusiasts and Users finding out through those channels. Traditionally, Apple have had only Users and Enthusiasts, with a few Corporates. With Apple expanding the Enthusiast and Corporate market, there is a (Justifiable, IMO) demand for more information. |
|
#13
June 18th, 2004, 02:53 PM
| ||||
| ||||
|
About those who find security issues and make them public... Yes, they seem like the ugliest beasts of hackers out there to some, but in fact they are not. They're _helping_ the community by putting some pressure onto the big ones. And Apple is one of the big ones here. What usually happens is this, quite simply put: 1.) Person A finds a security hole in some of Apple's code. 2.) Person A informs Apple (and only Apple) about the issue and possibly also of easy ways on how to fix this (although that's often not necessary). 3.) Apple does not react. (And this is why people are bashing Apple!) 4.) Person A informs Apple that he/she will inform the public on [chosen date in the future]. 5.) Apple does, or rather does NOT react, as has been the case at least twice in the past. (And this is why people are bashing Apple, too!) 6.) Person A publishes the info, often with an easy workaround users can do themselves (like disabling that DHCP for LDAP thingie). 7.) People cry out. 8.) Apple releases a security update that solves _half_ of the problem. 9.) Apple releases a security update that solves the rest of the problem. 10.) Apple says they were very fast releasing the security update. You see, there are several points in that list where Apple _should_ be criticised. Of _course_ Apple should not inform the public of the security issue as soon as they receive the news from Person A. But they should solve the problem immediately and THEN inform the public both about the problem and the solution. This would be the 'good' way. And then, a while later ... 11.) Apple also releases a patch for Mac OS X 10.2.8. No patch is released for system versions older than 10.2.x, which is too bad, because this actually means that 2 year old software is worth nothing at Apple. This just as a side rant. But I'm sure there are still servers out there running 10.1.5. Because they work flawlessly (other than the occasional hacker maybe also using the system for his/her tasks?). And an update to Mac OS X Server Panther is, you guessed it, 999$. (499$ for the 'small' version, I believe, but still much.)
__________________ iMac 24" 2.4 GHz, 4 GB RAM, 320 GB HD. Mac OS X 10.6.2 MacBook Air 13" 1.6 GHz, 2 GB RAM, 80 GB HD. Mac OS X 10.6.2 Mac mini 1.83 GHz, 2 GB RAM, 80 GB HD. Mac OS X 10.6.2 MacBook nano (Lenovo S10e white) 1.6 GHz, 2 GB RAM, 250 GB HD. Mac OS X 10.5.7 iPhone 3GS 32 GB white. Mac user since 1987, Apple Sales Professional 2009, Apple Product Professional 2007-2009, Apple Certified Support Professional 10.5, Apple Certified Pro Aperture 2 (Level 1) Last edited by fryke; June 18th, 2004 at 02:57 PM. Reason: adding 11.) |
|
#14
July 8th, 2004, 05:26 AM
| ||||
| ||||
| Quote:
Akamai have released details about how their network deals with this sort of thing! InfoWorld have an article up ATM. Diversity, Diversity, Diversity. This is why the Opensource Open Development Process is so Secure. While a Microsoft Server is almost definitely running IIS and Exchange, a Linux/FreeBSD System could be running Apache, Roxen, Xitami or any of dozens of different web servers, and Sendmail, Qmail or any of Dozens More Mail Servers. There is no guarantee that a specific system is going to be running a specific Server, so exploiting vulnerabilities is more difficult. Worms and Viruses need to be more complex in order to propagate. OBcomment: Apple have chosen the best of the OpenSource Servers for MacOSX Server, but if one Server proves to be unable to remain secure, the User Transparent Configuration Layer that is System Preferences means that Apple can replace the entire Server without the (typical) User being concerned, transparently adding diversity. |
 |
| Bookmarks |
| Thread Tools | |
|
|
All times are GMT -5. The time now is 03:17 AM.
