[32232] in bugtraq
Re: Mac OS X vulnerabilities ['Virus checked"]
daemon@ATHENA.MIT.EDU (Kurt Harvey)
Thu Oct 30 13:42:42 2003
Mime-Version: 1.0
Message-Id: <a06002002bbc6d8699cd6@[192.168.1.153]>
In-Reply-To: <558686048.1067457155@rp2>
Date: Thu, 30 Oct 2003 07:08:33 -0800
To: Ragnar Sundblad <ragge@nada.kth.se>, Adam Shostack <adam@homeport.org>,
Steve Clement <steve@ion.lu>
From: Kurt Harvey <k_harvey@mac.com>
Cc: Thor Larholm <thor@pivx.com>, bugtraq@securityfocus.com
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 7:52 PM +0100 10/29/03, Ragnar Sundblad wrote:
>--On den 29 oktober 2003 13:03 -0500 Adam Shostack <adam@homeport.org> wrote:
>
>>I think that announcing a set of security issues, and saying "the fix
>>is to upgrade your entire OS" is not a great disclosure strategy.
>
>I certainly agree here, as do we all, I think. Let me just again
>point out that we don't know yet if this is what they say.
>
>All of you who care, please show them that you do.
>Either register for a developer account (free) and send
>a bug report on <http://bugreport.apple.com>, or send an
>email to product-security@apple.com.
>
>/ragge
As an OSX admin I am with you all on this. Here's another place to
speak up. This is the link from the icon in the OSX Dock.
<http://www.apple.com/macosx/feedback/>
I'm hoping they're in the process of doing the right thing and just
haven't announced it yet. The wording of Apple's security
announcement did make me wonder though.
Kurt
