"We're back with our third look at the past week's news coming out of the Month of Apple Bugs project. As with last week's coverage, there's a healthy mix of security disclosure and internet drama in this week's reports. At this point, about the only absolute fact is this: after three weeks of all kinds of accusations, counter-accusations, insults, veiled threats, and general internet asshattery, there are still no official fixes from Apple for any of the documented security vulnerabilities (as of this afternoon)."
Post a Comment
Member since:
2005-08-06
Not being an Apple user and not following this in detail. surely people have their opinions about prenoticing apple etc etc... but what is happening? If there are security issues, post fixes asap then please.
Is this some Appletude thing? Ignorance is bliss and hey, OSX owns...
At the end of the day, I believe IE has had quite a few bugs reported and security issues for a couple of years without fixes, and I'm sure I've seen a whole bunch of security issues for Linux not taken care of within 3 weeks as well... So maybe it's just the way things are unless a bug is extremely critical, like remote control of Steve Jobs private Webcam =)
Member since:
2006-01-03
Member since:
2005-06-29
Member since:
2005-06-29
Actually Apple is right in not following the paranoia and fear that this "project" aims to create. If they would, they'd very soon be bomarded with "I found this bug [or defect], why didn't Apple fix that? Whaaa... Bad Apple! I'm going back to Windows!" etc etc. The fixes will be when they're due. It's not like anything the site's published is the end of the world for the users of MacOSX.
Member since:
2005-07-06
The media loves to hype this stuff. It amazes me that MS can leave stuff unpatched for months and the media by and large says nothing.
As for the two idiots driving this whole thing it appears to be more of a, "look at me, I am the greatest hacker", thing than anything else. I get the feeling they would stop if they weren't getting massive amounts of attention. And I felt the same way about it when they were doing their month of whatever bugs. Maybe they didn't get enough attention when they were kids, or maybe they just never grew past the mental age of twelve.
Member since:
2005-07-06
I just took a quick look at TFA and they talk about this buffer overflow of Transmit and some other 3rd party software server application.
Shame on Apple for not fixing other companies' software bugs! They should be sued for that and they should be sued for not having accomplished world peace and not having solved the poverty in the 3rd world, and it's all their fault, that I didn't get my Rolex on Christmas, too!
If you call it Apple bugs then please restrict your bug reports on that: Apple bugs.
Member since:2006-03-23
Member since:2006-11-15
Member since:2005-07-06
Member since:
2006-10-11
Without trying to offend anybody here, but all the denial, general badmouthing and personal insults of the projectwill not make the disclosed bugs go away. MacOS X has bugs, third party software on this platform has bugs, deal with it.
What's it going to help the ostrich that it refuses to look at the lion?
EDIT: typos
Edited 2007-01-22 01:54
Member since:2006-03-23
obviously apple doesent give a rats ass about its users security, calling them and kindly informing them of their extreme negligence are not likely to make them reconsider their development and reviewing aproaches.
hell, look at some of the root exploits on MOAB, its horrendous, these bugs are so bad that the people in charge should be put on the streets and be forced to repay all the money the company paid them
Member since:2005-07-23
Member since:2005-08-18
"obviously apple doesent give a rats ass about its users security"
This is, quite frankly, bullshit and I dont even like Apple.
"calling them and kindly informing them of their extreme negligence are not likely to make them reconsider their development and reviewing aproaches."
Funny how that has worked for other, REAL, security researcher. You know, the kind that are confident enough in their findings not to hide behind silly nicknames. Not that it has worked for them either all the time, just like how they dont always get the attention of big companies, but that's not the point. Best practices exists because they're, big surprise, considered the best way of doing things.
Anyone who think this "Month of <whatever> Bugs" is anything but blatant self promotion is just ignorant. Regular users don't benefit from this, they dont read these sites, and obviously Apple dont pay that much attention either. So who do benefit? If your answer was anything but "the researchers" you lose.
And now that I have once again been critical of this farce I expect to be modded down. Feel the wrath of the script kiddies.
Member since:
2006-02-01
You flat out can not take in 3rd party Apps into these tests.
So far, we've seen one from VLC and another from Transmit?
These are not up to Apple to fix. I'm sure the VLC and Transmit devs are happy you found the bug and are probably working on fixes.
All this is, is a media grabbing thing to give the impression to users that OS X isn't bulletproof and suffer bugs also.
The tech savvy users have always known no OS is completely secure, this is nothing new.
In other news, I think I'm still waiting for the Word fix from Microsoft? They did recommend to not open Word documents, so I'm still waiting on that.
I can understand them checking for problems in Apples Apps, such as Quicktime, or Aperture, Final Cut etc. I just guess there's not much else to report on.
Member since:2006-03-23
Member since:2006-02-01
Member since:2005-08-27
So far, all I've seen from this Project, is OS X is possibly more secure than people though, seeing as they are actively searching, and so far are only coming up with 3rd party apps.
Only? RTFA - it explicitly names THREE Apple's own bugs. Missed that part of the article, huh?
Edited 2007-01-22 11:31
Member since:2006-10-11
Finchwizard: All this is, is a media grabbing thing to give the impression to users that OS X isn't bulletproof and suffer bugs also.
Give the impression? Apple's MacOS X is not bulletproof and that's not just an impression. As you said, all software suffers bugs and hiding this fact from not so tech-savvy users is a disservice to all users.
And what have MS software bugs to do in this issue? There are many, we all know that, and we know that thanks to people who just published those bugs instead of only talking behind closed doors. Pointing out that other software has bugs (newsreel: there are bugs in Linux, too) is not mitigating the fact that Apple software has them, too!
Finally, with regards to 3rd party apps bugs. As far as i can see the website lists 21 bugs and only 4 are from 3rd party apps. I would say, roll up your sleeves and start fixing if it upsets you so much, but given the mostly closed nature of Apple software, nah, can't do.
Member since:
2006-11-08
The difference is that you need not to consult 3rd party apps to bring a month of Windows Bugs. Lets be real if I wanted to have a month of windows bugs I don't have to look any firther than Windows.
They are reaching let's talk facts that is like saying I bought a lexus installed some third party radio and shorted the car and it burned up. Is that Lexus fault NO. They are clearly reaching when you talk bugs let's stick to the confines of Apple produced software as we do with IE on windows.
Member since:
2005-07-06
Member since:2005-07-03
Although your question/example is not bad, I think it's not entirely correct either.
What if my radio program disables Lexus cooling system and the car overheats...
Is it a fault that Lexus software allowed me to do that? It would be like creating a program that starts writting/deleteing data from a Hrd Drive. Eventually, the extra stress will make HDD's life shorter.
Is that a HDD manufacturer's problem? Who's responsible?
So, the "generic" analogy here doesn't mean anything. It's too relative. We can all agree that because off OS X's Unix background, the OS is just "much more secure" given the security that Unix has by default. But that doesn't mean anything.
Member since:
2005-07-06
Member since:
2006-01-23
It's obvious that these people are just wanting to shut up some very smug Mac OS X users. It's not really working out that way.
Almost no one was paying attention to them, so they apparently decided to go on the attack, literally. It's one thing to announce bugs to the world without notifying the developer but to attack innocent users?
I'm glad that they're exposing bugs but of course, many of the bugs they've exposed were already known and already displayed for the world to see.
They've helped Mac OS X users in many ways. Apple, on the other hand, has yet to respond to these or most of the bugs revealed in November. Many of the bugs have to be triggered locally but it's a possibility.
Privilege escalation should be met and handled today, not when they have a batch of security fixes finished.
