|
#1
June 3rd, 2004, 08:20 AM
| ||||
| ||||
 Apple is right on security...shut up
I am so confused about how everyone bashes apple about not fessing up about problems that may or may not have been discovered with security issues. Why the heck would any company discloses flaws, weaknesses or any kind of security breaches in their software to the public or even private sector. That is worse than myself going out to the local papers and saying someone has found a security issue with my home or business. Here are the places theifs, bandits, burglars, rapists and muggers can enter. What the F#$*!!! I don't get it. When do you ever hear a bank say well at 8:14 am our alarms reset so we are vulnerable at that time. NO!!!! you keep things like that a secret. If, a neighbor or someone believes he has found something that may lead to a breach in my well being or those or anyone(the sidewalk in front of my house is coming up) He let's me know in private, allowing me to fix it or leave it. A good citizen does not run out to the public and say, Hey everyone, John's sidewalk is looking bad anyone that walks by his house and trips on it could get some good money from a lawsuit. God Dam!!! I have never been so upset. If everyone would shut up about what flaws are out there, the chance that malicious individuals could actually take advantage would be way down. So, apple is told of a security breach they look it over and decide on their own. They then secretly send code out to patch it. They need not tell us what is being patched, it is for our good... they won't send out something that makes matters worse. They should not need to divulge what the flaws where involved...patch them if they think that it will cost someone their lives and shut up. I am so sick of this and I think this has been handled wrong from the start. In 18 years of using the mac the only security I have ever encountered with the mac is someone giving out their password to people to gain access.
 |
|
#2
June 3rd, 2004, 09:11 AM
| ||||
| ||||
| It's not about the Flaws, Its about not fixing the flaws.
If someone noticed that the Front door of my House could be opened with a Toothpick, and told me, I would fix it straight away. If I owned rental properties and one of my Tenants told me that the doors could be opened with toothpicks, I'd have a Locksmith out there fixing the locks as soon as they hung up the phone. The Security Issues I think you are referring to, have been known by Apple since Late February (at the Latest) and Still hadn't been fixed in Early May. The Good Samaritan who discovered one of these flaws (lixlpixel) was discussing them in a Technical Forum, and others in the Forum believed that the flaws should be made public. Shortly afterwards it was discovered that Related Flaws existed (which still haven't been completely Solved). These more serious flaws would not have been discovered without Open Community Discussion, just like what we're doing here. While I don't agree with the White Hat Hackers notifying the Public (and potentially and Black Hat Hackers) about the problems, I agree even less with Apple not doing anything about it Immediately. Technically, these flaws were much more serious than anything in any Version of Windows, and since MacOS X has a reputation for Security, it was absolutely shocking! The reason why everyone is Bashing Apple is because they didn't react to the Announcement of the flaw quickly enough. What if a Black Hat Hacker discovered the flaw independently to lixlpixel? Almost any web page, web forum or even an email could do major damage to a Mac Users data. Embed the Exploit in MacOSX.com and Whammo! Everyone here (except those who haven't switched yet) will loose everything in their Home Folder! If you don't believe, me visit This Site on the Apple Support Pages. (yes this page is actually on the Apple Website, and if clicked and left the link alone for too long (opened it on a New Tab in the Background, for example), you'll have a Compromised Computer System.) Moderators feel free to Edit this Post. Daniel. |
|
#3
June 3rd, 2004, 09:35 AM
| ||||
| ||||
|
Yes, if someone noticed that my front door could be unlocked with a toothpick then they would tell me. But they need not tell the neighbors and the neighbors do not need to get into a discussion about all the other flaws about the house that could be compromised. Heck, if I'm a burglar I'm going to sit in on these "open forums" and listen to my little hearts content. It's natural selection, we do not need to tell the dodo that you are an idiot and unless you learn to fly you'll be extinct soon. Apple did not feel that the issue would be compromised, and they were right... first off I have not proof that the individual even went to the right channels or pursued the issue more then 3 times before bringing it public. Again, if I tell Bush that he needs to put a lock on the second floor window of the white house and he doesn't listen fine. He doesn't believe that anyone is in jeopardy. So, for 6 months they were able to concentrate efforts and money on other issues... and nothing happened. My house is going to blow up if I don't fix my ac, today... I don't want to, I don't have the money. But I fix it 6 months later for less money, when I have the time and no one is the worse for wear. Security issues do not need to be in open forums... Every individual must be accounted for since supposed critical information is being passed. If you can not guarantee me that every bit of information will not be leaked to the public I don't want you talking about any security issues on my house or business. And if I leave my front door open to catch the thiefs in action I won't have to worry about locking my door again. But if i warn the thiefs before hand then I'll never have a chance and must continue to hide my head in the sand. |
|
#4
June 3rd, 2004, 04:06 PM
| ||||
| ||||
|
But your Door being unlocked by a Toothpick doesn't effect your Neighbors house. If Everyone in your Block of Flats had Dodgy front door locks, and one person discovered it, I'd expect that person to tell everyone in the Block, so that everyone can make sure it was fixed. If that one person discovered it, and sent a letter to the Body Corporate, suggesting that locks be Replaced as soon as possible, and the Body Corporate did nothing for 2 months, not even acknowledge the problem, I'd definitely expect the initial discoverer to tell me, so I can install a Dead-Bolt, a Security Chain or replace the lock myself. WRT Catching the Thieves in Action, That would require an Eternal Vigil at every persons front door. One moments Lapse in Concentration and the next thing you know your Flat has been cleaned out/ Your Data has been erased. And if you warn the Thieves beforehand, they probably wont bother with your place, and concentrate on the Housing Commission (read Housing Project or Housing Estate in US or UK) Flats down the road, where there are more Targets and they are less secure (Windows Worms). It's not hard to keep a system more secure than Windows. Apple shouldn't have these delays with Security Fixes. They should be on Software Update within a week of the Exploit being discovered. Reminds me of the Saying "You don't have to run faster than the Hungry Bear, just faster than the other Guy" |
|
#5
June 3rd, 2004, 05:38 PM
| ||||
| ||||
|
So, if the empire state building or sears tower had a security issue that joe the pixie hacker should tell the NY times so, that every burglar in Chicago or NY could go in? No, he wanted attention... supposedly he told apple 3 months ago...Is this 100% fact? No, he didn't get recognition from Apple. Joe, you are the greatest you found a flaw kthank you so, much we are going to give you 100 million and a carbon fiber sea kayak. I would rather have false security and believe my home was 100 percent fireproof, then have 5000 hackers lighting matches under it to see if it was/wasn't.
|
|
#6
June 3rd, 2004, 11:10 PM
| |||
| |||
| You obviously believe in the Microsoft Theory of Security Quote:
|
|
#7
June 3rd, 2004, 11:40 PM
| ||||
| ||||
|
No, microsofts theory is let everyone in the world know that you have flaws so that they can be exploited. Apple's is shut up and don't tell the world until after they are fixed. They have it right and everyone is trying to make them more like Microsoft. I don't want Apple telling the world all the weakness that my computer system has... They shut up, the try to keep the utmost confidentiality between my computer and the outside world... they are a closed system... that's what I want, that's what I need. I want to live in a box without windows as I have since 78 and Apple Basic.
|
|
#8
June 4th, 2004, 07:00 AM
| ||||
| ||||
|
Actually, Security Through Obscurity used to be Microsoft's policy during the Rise of NT. They actually had Marketing Campaigns about how NT was secure because it was "New Technology", and "Hackers" (crackers) didn't know how to get into it. This was about the same time as some kids I knew were Cracking their Teachers NT systems and getting hold of Exam Questions. Microsoft don't advertise flaws in their system. Most of the Flaws which have been exploited by recent Windows Worms had Patches which could have been installed by the User, if they had known about them. There is no public record of what the patches fix, but Black Hat Crackers still manage to find out. I make sure all my Clients who use Windows run Windows Update Weekly, and none of those who have followed my advice have been affected by a Worm yet. (just lots and lots of Spyware). Apple don't advertise flaws in their systems to End-Users either, but Software Update exists so they don't have to. This doesn't mean that they keep quiet about security problems, however. People who are Paranoid about security on their Mac can subscribe to Mailing lists and find detailed information on what an Update will do to their system, if they wish. Apple just don't show this information to everyone, since not everyone wants to know that; Quote:
Finally, if you want to live in a box without windows, and not have to worry about 5000 Hackers lighting matches, disconnect from the Internet. It's the only way you can safely say that you don't have any Internet Vulnerabilities on your computer. If you don't agree with this opinion, sell your mac and Start using the only 100% Closed Consumer Operating System currently available; Windows XP. |
 |
| Bookmarks |
| Thread Tools | |
|
|
All times are GMT -5. The time now is 10:32 PM.
